PostgreSQL MCP
Read-only PostgreSQL MCP server that enforces READ ONLY transactions for schema discovery and safe SELECT queries.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for PostgreSQL MCP, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
PostgreSQL MCP exposes a Postgres database to AI agents through explicit READ ONLY transactions, supporting schema discovery, table metadata and bounded SELECT queries with a configurable max-row cap. Security surface: it holds a DATABASE_URL with full DB credentials; the READ ONLY transaction and row cap are the primary guardrails against data exfiltration and runaway queries.
Key features
- READ ONLY transaction enforcement
- Configurable MCP_MAX_ROWS result cap
- Schema and table metadata tools
- Connection via DATABASE_URL
Use cases
- Expose a production replica for safe agent queries
- Analytics over Postgres without write risk