Cette page est affichée en anglais. Une traduction française est en cours.
MCP ConfigsMay 12, 2026·2 min de lecture

ClickHouse MCP — Read-Only Defaults + Drop Protection

ClickHouse MCP connects MCP clients to ClickHouse or embedded chDB with read-only defaults, optional writes, and double opt-in for DROP/TRUNCATE safety.

MCP Hub
MCP Hub · Community
Prêt pour agents

Cet actif peut être lu et installé directement par les agents

TokRepo expose une commande CLI universelle, un contrat d'installation, le metadata JSON, un plan selon l'adaptateur et le contenu raw pour aider les agents à juger l'adaptation, le risque et les prochaines actions.

Stage only · 17/100Stage only
Surface agent
Tout agent MCP/CLI
Type
Mcp Config
Installation
Stage only
Confiance
Confiance : Established
Point d'entrée
Asset
Commande CLI universelle
npx tokrepo install 284265e6-a9c0-5b2f-b769-60966256e908
contrat d'installationJSON metadataplan adaptateurcontenu raw
Introduction

ClickHouse MCP connects MCP clients to ClickHouse or embedded chDB with read-only defaults, optional writes, and double opt-in for DROP/TRUNCATE safety.

  • Best for: teams that want ClickHouse analytics access for agents but need strict safety controls for mutations and drops
  • Works with: ClickHouse or chDB, Python + uv/pip, MCP clients (Claude Desktop, Cursor) via stdio/HTTP
  • Setup time: 10-30 minutes

Practical Notes

  • Quant: keep CLICKHOUSE_ALLOW_WRITE_ACCESS off by default; enable it only for controlled workflows (migrations, backfills).
  • Quant: destructive ops require a second flag (CLICKHOUSE_ALLOW_DROP=true)—use that as a policy gate for production safety.

Rollout pattern

  • Start with the ClickHouse SQL playground credentials or a staging cluster to validate connectivity and result formats.
  • Keep writes disabled; create a second server instance for admin tasks if you truly need mutations.
  • Enable auth before exposing HTTP/SSE to any shared network and rotate tokens regularly.

Watchouts

Even with write flags off, leaking sensitive query results into an LLM is still a risk. Apply query limits, masking, and least-privilege credentials.

FAQ

Q: Can it work without ClickHouse (local only)? A: Yes. The README describes a chDB mode that runs an embedded ClickHouse engine.

Q: How do I enable writes safely? A: Set CLICKHOUSE_ALLOW_WRITE_ACCESS=true, and keep CLICKHOUSE_ALLOW_DROP off unless you explicitly need destructive operations.

Q: What should I test first? A: Run one SELECT against a known table and verify the server refuses mutation queries in default mode.

🙏

Source et remerciements

Source: https://github.com/ClickHouse/mcp-clickhouse > License: Apache-2.0 > GitHub stars: 777 · forks: 180

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

pgEdge Postgres MCP — Read-Only by Default + Web UI

pgEdge Postgres MCP is a Go MCP server for Postgres with read-only defaults, optional HTTP auth, and a web UI for database exploration and diagnostics.

MCP Configs
MCP Hub

MongoDB MCP Server — npx + Read-Only Safety by Default

MongoDB MCP Server exposes MongoDB queries and optional Atlas admin tools to MCP clients via npx or Docker, with a read-only mode that reduces risk.

MCP Configs
MCP Hub

Universal DB MCP — 17 Databases, Read-Only Default

Universal DB MCP is a multi-DB MCP connector (stdio/http) with read-only default and caching; verified 782★ and documents 25x–100x speedups in README.

MCP Configs
MCP Hub

mcp-mongo-server — MongoDB MCP with Read-Only Mode

mcp-mongo-server is an MCP server you can run via `npx` to let assistants query MongoDB, with a read-only mode for safer database access.

MCP Configs
MCP Hub
Accueil🔍Rechercher👤Moi