Esta página se muestra en inglés. Una traducción al español está en curso.
MCP ConfigsMay 12, 2026·2 min de lectura

ClickHouse MCP — Read-Only Defaults + Drop Protection

ClickHouse MCP connects MCP clients to ClickHouse or embedded chDB with read-only defaults, optional writes, and double opt-in for DROP/TRUNCATE safety.

MCP Hub
MCP Hub · Community
Listo para agents

Staging seguro para este activo

Este activo primero queda en staging. El prompt copiado pide inspeccionar los archivos staged antes de activar scripts, config MCP o config global.

Stage only · 17/100Política: staging
Superficie agent
Cualquier agent MCP/CLI
Tipo
Mcp Config
Instalación
Stage only
Confianza
Confianza: Established
Entrada
Asset
Comando de staging seguro
npx -y tokrepo@latest install 284265e6-a9c0-5b2f-b769-60966256e908 --target codex

Primero deja archivos en staging; la activación requiere revisar el README y el plan staged.

Introducción

ClickHouse MCP connects MCP clients to ClickHouse or embedded chDB with read-only defaults, optional writes, and double opt-in for DROP/TRUNCATE safety.

  • Best for: teams that want ClickHouse analytics access for agents but need strict safety controls for mutations and drops
  • Works with: ClickHouse or chDB, Python + uv/pip, MCP clients (Claude Desktop, Cursor) via stdio/HTTP
  • Setup time: 10-30 minutes

Practical Notes

  • Quant: keep CLICKHOUSE_ALLOW_WRITE_ACCESS off by default; enable it only for controlled workflows (migrations, backfills).
  • Quant: destructive ops require a second flag (CLICKHOUSE_ALLOW_DROP=true)—use that as a policy gate for production safety.

Rollout pattern

  • Start with the ClickHouse SQL playground credentials or a staging cluster to validate connectivity and result formats.
  • Keep writes disabled; create a second server instance for admin tasks if you truly need mutations.
  • Enable auth before exposing HTTP/SSE to any shared network and rotate tokens regularly.

Watchouts

Even with write flags off, leaking sensitive query results into an LLM is still a risk. Apply query limits, masking, and least-privilege credentials.

FAQ

Q: Can it work without ClickHouse (local only)? A: Yes. The README describes a chDB mode that runs an embedded ClickHouse engine.

Q: How do I enable writes safely? A: Set CLICKHOUSE_ALLOW_WRITE_ACCESS=true, and keep CLICKHOUSE_ALLOW_DROP off unless you explicitly need destructive operations.

Q: What should I test first? A: Run one SELECT against a known table and verify the server refuses mutation queries in default mode.

🙏

Fuente y agradecimientos

Source: https://github.com/ClickHouse/mcp-clickhouse > License: Apache-2.0 > GitHub stars: 777 · forks: 180

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

pgEdge Postgres MCP — Read-Only by Default + Web UI

pgEdge Postgres MCP is a Go MCP server for Postgres with read-only defaults, optional HTTP auth, and a web UI for database exploration and diagnostics.

MCP Configs
MCP Hub

MongoDB MCP Server — npx + Read-Only Safety by Default

MongoDB MCP Server exposes MongoDB queries and optional Atlas admin tools to MCP clients via npx or Docker, with a read-only mode that reduces risk.

MCP Configs
MCP Hub

Universal DB MCP — 17 Databases, Read-Only Default

Universal DB MCP is a multi-DB MCP connector (stdio/http) with read-only default and caching; verified 782★ and documents 25x–100x speedups in README.

MCP Configs
MCP Hub

mcp-mongo-server — MongoDB MCP with Read-Only Mode

mcp-mongo-server is an MCP server you can run via `npx` to let assistants query MongoDB, with a read-only mode for safer database access.

MCP Configs
MCP Hub
Inicio🔍Buscar👤Yo