Airtable Brain MCP Server
Advanced Airtable MCP server with governance, PII policies, rate limiting, and comprehensive CRUD operations
Score Breakdown
Server Info
- Package
- @rashidazarang/airtable-mcp
- Registry
- npm
- Repository
- rashidazarang/airtable-mcp
- Maintainer
- Community
- Category
- Project Management
- Tags
- databasespreadsheetno-code
- Last Scanned
- 7 Apr 2026
Findings
5 issuesAuthentication & Identity
MEDIUMHTTP/SSE transport supports per-request credentials
Supports both stdio and StreamableHTTPServerTransport (activated via PORT or MCP_HTTP_PORT env vars). No MCP OAuth. Accepts personal access token via multiple env var names (AIRTABLE_PAT preferred). Has governance system for base/table allowlisting, operation control, and PII policies.
Implement the MCP OAuth spec so users authenticate directly without platform mediation.
Tool Schema Quality
HIGH6 of 42 tools have no input schema
Strong schema quality. Uses Zod with .strict() on many schemas preventing extra properties. delete_record has z.array().min(1).max(10) constraint. search_records has z.number().int().min(1).max(100) on maxRecords. list_records has pagination via offset. Webhook tools (5 tools) lack inputSchema - they accept raw Record<string, unknown>. Query tool validates formulas via validateFormula() for suspicious patterns. PII policies (mask/hash/drop) applied to all data retrieval.
Define JSON Schema with explicit types for all tool parameters.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Maintenance & Trust
LOWCommunity-maintained by Rashid Azarang
No official vendor backing.
Seek vendor verification.
HIGH16 dependency vulnerabilities (1 critical, 12 high)
npm audit found 1 critical and 12 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
42 total| Name | Description | Risk |
|---|---|---|
| list_bases | List all accessible Airtable bases with their names, IDs, and permission levels | read |
| describe | Describe Airtable base or table schema. Use detailLevel to optimize context usage: tableIdentifiersOnly, identifiersOnly, or full. | read |
| query | Query Airtable records with filtering, sorting, and pagination. | read |
| list_governance | List governance policies and allowed operations | read |
| list_exceptions | List recent exceptions and errors | read |
| create | Create Airtable records (requires diff-before-write via dryRun first). | write |
| update | Update Airtable records with diff review and idempotency keys. | write |
| upsert | Upsert Airtable records (create or update based on key field). | write |
| list_webhooks | List Airtable webhooks for the default base. | read |
| create_webhook | Create a new webhook for a base. | admin |
| refresh_webhook | Refresh webhook expiration. | write |
| delete_webhook | Delete an Airtable webhook by ID. | admin |
| get_webhook_payloads | Get payload history for an Airtable webhook. | read |
| get_record | Get a single Airtable record by ID. | read |
| delete_record | Delete one or more Airtable records by ID. | admin |
| search_records | Search Airtable records using text search across a field. | read |
| list_records | List Airtable records with optional field selection and pagination. | read |
| get_base_schema | Get the full schema for an Airtable base. | read |
| list_tables | List all tables in an Airtable base. | read |
| list_field_types | List available Airtable field types. | read |
| get_table_views | Get views for an Airtable table. | read |
| create_table | Create a new table in an Airtable base. | write |
| update_table | Update table metadata (name, description). | write |
| delete_table | Delete an Airtable table. | admin |
| create_field | Create a new field in an Airtable table. | write |
| update_field | Update field metadata in an Airtable table. | write |
| delete_field | Delete a field from an Airtable table. | admin |
| batch_create_records | Create multiple Airtable records in a batch. | write |
| batch_update_records | Update multiple Airtable records in a batch. | write |
| batch_delete_records | Delete multiple Airtable records in a batch. | admin |
| batch_upsert_records | Upsert multiple Airtable records in a batch. | write |
| create_view | Create a new view in an Airtable table. | write |
| get_view_metadata | Get metadata for an Airtable view. | read |
| upload_attachment | Upload an attachment to an Airtable record. | write |
| create_base | Create a new Airtable base. | write |
| list_collaborators | List collaborators for an Airtable base. | read |
| list_shares | List shares for an Airtable base. | read |
| list_comments | List comments on an Airtable record. | read |
| create_comment | Create a comment on an Airtable record. | write |
| update_comment | Update a comment on an Airtable record. | write |
| delete_comment | Delete a comment from an Airtable record. | admin |
| whoami | Get the current user info (ID, email, scopes) for the configured PAT. Requires user.email:read scope for email. | read |
Deploy Airtable Brain MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow