DocuSign MCP Server by CData
CData's read-only MCP server for querying DocuSign data via CData JDBC Driver with SQL interface
Score Breakdown
Server Info
- Package
- CDataMCP
- Registry
- maven
- Maintainer
- CData
- Category
- Document Management
- Tags
- esignaturedocumentscontracts
- Last Scanned
- 7 Apr 2026
Findings
6 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. No env vars used directly. Authentication is configured via a .prp properties file passed as a CLI argument, containing Prefix, DriverClass, DriverPath, JdbcUrl, and Tables. The JDBC URL contains embedded credentials (e.g., OAuth tokens for DocuSign). The CData JDBC driver hand... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 0 of 3 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: run_query accepts arbitrary SQL via a free-text 'sql' parameter with no validation, allowlisting, or parameterization
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
LLM Safety
MEDIUM1 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Tools
3 total| Name | Description | Risk |
|---|---|---|
| {prefix}_get_tables | Retrieves a list of objects, entities, collections, etc. (as tables) available in the data source. Use the `{prefix}_get_columns` tool to list available columns on a table. Both `catalog` and `schema` are optional parameters. The output of the tool will be returned in CSV format, with the first line containing column headers. | read |
| {prefix}_get_columns | Retrieves a list of fields, dimensions, or measures (as columns) for an object, entity or collection (table). Use the `{prefix}_get_tables` tool to get a list of available tables. The output of the tool will be returned in CSV format, with the first line containing column headers. | read |
| {prefix}_run_query | Execute a SQL SELECT statement. | read |
Deploy DocuSign MCP Server by CData securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow