mcp-database-server.md

🟠 mcp-database-server

MCP Database Server is a new MCP Server which helps connect with Sqlite, SqlServer and Posgresql Databases

Field	Value
Grade	C
Risk Score	40
Version	1.1.0
Vendor	executeautomation
Stars	⭐ 346
npm Package	@executeautomation/database-server
npm Downloads (30d)	3.2k
Language	TypeScript
Source	mcp-database-server
Scan Date	2026-05-04
Scanner	tooltrust-scanner/v0.3.9

---

Findings Summary

Severity	Count
Critical	0
High	2
Medium	4
Low	1
Info	4

Detailed Findings

🟡 🔑 AS-002 — Excessive Permission Surface

Severity: Medium

Description: tool declares db permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

---

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

---

🟡 🔑 AS-002 — Excessive Permission Surface

Severity: Medium

Description: tool declares db permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

---

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

---

🟡 🔑 AS-002 — Excessive Permission Surface

Severity: Medium

Description: tool declares db permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

---

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

---

🟠 🔑 AS-002 — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

---

🟠 🔑 AS-002 — Excessive Permission Surface

Severity: High

Description: tool declares exec permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

---

🟡 🔑 AS-002 — Excessive Permission Surface

Severity: Medium

Description: tool declares db permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

---

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

---

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

---

Scored using ToolTrust methodology · Raw JSON report