MCP SQLite Server

v2025.4.24

Anthropic (Archived)

MCPdatabasesqlmcpmodel-context-protocol
79
Strong
About This MCP

ARCHIVED WITH UNPATCHED VULNERABILITY: Former Anthropic reference MCP server for SQLite, archived 2025-05-29 to the servers-archived repository. The archived code contains the same class of unpatched SQL injection flaw disclosed by Trend Micro (June 2025) and will not receive fixes; the archive README provides no security guarantees. Not recommended for new deployments.

Last Evaluated: June 10, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

🚀Performance & Reliability
+
query execution speed

Query performance benchmarking

Evidence
SQLite PerformanceExtremely fast for local queries, no network overhead
highVerified: 2025-11-09
schema introspection

Schema discovery testing

Evidence
SQLite SchemaComprehensive schema metadata through sqlite_master table
highVerified: 2025-11-09
data integrity

Transaction testing

Evidence
SQLite ACID ComplianceFull ACID compliance ensures data integrity
highVerified: 2025-11-09
concurrent access

Concurrency testing

Evidence
SQLite LockingFile-level locking may limit concurrent write operations
mediumVerified: 2025-11-09
error handling

Error scenario testing

Evidence
SQLite Error CodesClear error messages with detailed result codes
highVerified: 2025-11-09
🛡️Security
+
sql injection protection

Vulnerability disclosure review and code analysis

Evidence
Trend Micro ResearchSame class of classic SQL injection vulnerability present in the archived SQLite MCP server code; cannot be patched upstream because the repository was archived 2025-05-29
highVerified: 2026-06-10
file access control

Access control testing

Evidence
SQLite File AccessAccess controlled by filesystem permissions only
mediumVerified: 2025-11-09
data modification risk

Write operation risk assessment

Evidence
Security AnalysisAI can execute any SQL including DROP, DELETE if database file is writable
Trend Micro ResearchUnpatched SQL injection in archived code can be abused via crafted input to perform unintended write operations
highVerified: 2026-06-10
encryption support

Encryption capabilities review

Evidence
SQLite EncryptionEncryption available via SQLite Encryption Extension (commercial)
mediumVerified: 2025-11-09
audit logging

Logging capabilities assessment

Evidence
MCP LoggingQuery logging via MCP protocol, no native SQLite audit
mediumVerified: 2025-11-09
🔒Privacy & Compliance
+
data exposure risk

Data flow and exposure analysis

Evidence
Data Flow AnalysisQuery results including all data sent to LLM provider
highVerified: 2025-11-09
pii protection

Privacy controls assessment

Evidence
MCP Security GuidelinesNo built-in PII detection or data redaction
mediumVerified: 2025-11-09
local processing

Data processing architecture review

Evidence
SQLite ArchitectureFully local, serverless database processing
highVerified: 2025-11-09
data retention

Data retention control review

Evidence
File-based StorageComplete control over data retention via file management
highVerified: 2025-11-09
👁️Trust & Transparency
+
documentation quality

Documentation completeness review

Evidence
MCP SQLite DocsClear documentation with setup and usage examples
highVerified: 2025-11-09
query visibility

Query traceability assessment

Evidence
MCP Protocol LoggingAll SQL queries visible in MCP message logs
highVerified: 2025-11-09
open source code

Source code review

Evidence
GitHub RepositoryFully open source with MIT license
highVerified: 2025-11-09
sqlite transparency

Database engine transparency review

Evidence
SQLite Public DomainSQLite is public domain with extensive documentation
highVerified: 2025-11-09
⚙️Operational Excellence
+
ease of setup

Setup complexity assessment

Evidence
MCP QuickstartExtremely simple setup, just point to database file
highVerified: 2025-11-09
performance

Performance benchmarking

Evidence
SQLite PerformanceExceptionally fast for local operations, often faster than filesystem
highVerified: 2025-11-09
resource efficiency

Resource utilization testing

Evidence
SQLite Resource UsageMinimal memory footprint and CPU usage
highVerified: 2025-11-09
portability

Cross-platform testing

Evidence
SQLite PortabilitySingle file format, highly portable across platforms
highVerified: 2025-11-09
maintenance

Maintenance overhead assessment

Evidence
SQLite MaintenanceMinimal maintenance required, no server to manage
MCP servers-archived repositoryMCP server archived 2025-05-29; repository read-only, no maintainer, no bug fixes or security patches will be released
highVerified: 2026-06-10
Strengths
  • +Extremely fast local database operations with no network latency
  • +Zero configuration required - serverless and self-contained
  • +Minimal resource footprint (memory and CPU)
  • +Complete local data control with no remote server dependencies
  • +Full ACID compliance ensures data integrity
  • +Open source MCP server and public domain database engine
Limitations
  • !Query results with all data sent to external LLM provider
  • !No built-in encryption in standard SQLite (requires commercial extension)
  • !Limited concurrent write performance due to file-level locking
  • !No built-in PII detection or data anonymization
  • !AI can execute destructive SQL if database file is writable
  • !No native audit logging beyond MCP protocol logs
  • !ARCHIVED 2025-05-29 with an unpatched SQL injection flaw in the archived code (Trend Micro, June 2025); no security guarantees, not recommended for new deployments
Metadata
license: MIT (MCP server), Public Domain (SQLite)
supported platforms
0: Windows
1: macOS
2: Linux
3: iOS
4: Android
programming languages
0: TypeScript
1: Python
mcp version: 1.0
github repo: https://github.com/modelcontextprotocol/servers-archived
database version: SQLite 3.x
max database size: 281 TB (theoretical)
first release: 2024-11
maintained by: None (Archived)

Use Case Ratings

code generation

Good for generating SQL queries and database migration scripts

customer support

Useful for analyzing support ticket databases and knowledge bases

content creation

Limited applicability unless content is stored in SQLite

data analysis

Excellent for analyzing local datasets and generating insights

research assistant

Great for managing research data, citations, and notes in local database

legal compliance

Risk of exposing sensitive data; better than cloud databases but still concerning

healthcare

PHI exposure risk when data sent to LLM; local storage is positive but insufficient

financial analysis

Moderate risk; local database is good but data still exposed to LLM

education

Great for managing student data, grades, and learning analytics locally

creative writing

Useful for managing character databases, plot points, and story elements