Neon MCP Server
Official MCP server for managing Neon Postgres databases, branches, migrations, and query tuning
Score Breakdown
Server Info
- Package
- @neondatabase/mcp-server-neon
- Registry
- npm
- Repository
- neondatabase/mcp-server-neon
- Maintainer
- NeonVendor
- Category
- Cloud & Infrastructure
- Tags
- postgresserverlessdatabase
- Last Scanned
- 7 Apr 2026
Findings
12 issuesAuthentication & Identity
LOWImplements MCP OAuth spec for per-user authentication
Full MCP OAuth 2.0 implementation with .well-known/oauth-authorization-server discovery endpoint. Supports authorization_code and refresh_token grant types with PKCE (S256). Three scopes: read, write, *. Supports both SSE (/api/sse) and Streamable HTTP (/api/mcp) transports. Also accepts direct Neon API keys via Bearer token. OAuth tokens stored in Postgres via Keyv, sessions in Redis (Vercel KV). Token verification caches API key lookups for 5 minutes. Read-only mode enforced via OAuth scope or X-Neon-Read-Only header.
Document the required OAuth scopes for each tool.
Tool Schema Quality
HIGHRequired fields missing on 1 write operations
Write tools without required field declarations: create_project.
Add required arrays to all write/delete tool schemas.
MEDIUMOnly 6 of 29 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: run_sql: accepts arbitrary SQL string for execution
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: run_sql_transaction: accepts array of arbitrary SQL strings
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: prepare_database_migration: accepts arbitrary migration SQL
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: complete_database_migration: applies migration SQL to main branch
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: prepare_query_tuning: executes SQL analysis that creates branches
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: complete_query_tuning: applies DDL statements to main branch
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
MEDIUM4 list operations lack pagination
list_projects and list_shared_projects support cursor-based pagination with configurable limit (1-400). list_slow_queries has a limit parameter (default 10). list_organizations, list_branch_computes, list_docs_resources, and get_database_tables have no pagination. Full records returned without field selection.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Tools
29 total| Name | Description | Risk |
|---|---|---|
| list_projects | Lists the first 10 Neon projects in your account. If you can't find the project, increase the limit by passing a higher value to the `limit` parameter. Optionally filter by project name or ID using the `search` parameter. | read |
| list_organizations | Lists all organizations that the current user has access to. Optionally filter by organization name or ID using the `search` parameter. | read |
| list_shared_projects | Lists projects that have been shared with the current user. | read |
| create_project | Create a new Neon project. If someone is trying to create a database, use this tool. | write |
| delete_project | Delete a Neon project | admin |
| describe_project | Describes a Neon project | read |
| run_sql | Execute a single SQL statement against a Neon database. | write |
| run_sql_transaction | Execute a SQL transaction against a Neon database, should be used for multiple SQL statements. | write |
| describe_table_schema | Describe the schema of a table in a Neon database | read |
| get_database_tables | Get all tables in a Neon database | read |
| create_branch | Create a branch in a Neon project | write |
| prepare_database_migration | Performs database schema migrations by automatically generating and executing DDL statements on a temporary branch. | write |
| complete_database_migration | Complete a database migration by applying changes to the main branch and cleaning up the temporary branch. | admin |
| describe_branch | Get a tree view of all objects in a branch, including databases, schemas, tables, views, and functions | read |
| delete_branch | Delete a branch from a Neon project | admin |
| reset_from_parent | Resets a branch to match its parent's current state, effectively discarding all changes made on the branch. | admin |
| get_connection_string | Get a PostgreSQL connection string for a Neon database with all parameters optional. | read |
| provision_neon_auth | Provisions Neon Auth for a Neon branch. Neon Auth is a managed authentication service built on Better Auth. | write |
| provision_neon_data_api | Provisions the Neon Data API for a Neon branch. The Data API enables HTTP-based access to your Postgres database. | write |
| explain_sql_statement | Describe the PostgreSQL query execution plan for a query of SQL statement by running EXPLAIN (ANAYLZE...) in the database | read |
| prepare_query_tuning | Helps developers improve PostgreSQL query performance by analyzing execution plans and suggesting optimizations on a temporary branch. | write |
| complete_query_tuning | Complete a query tuning session by either applying the changes to the main branch or discarding them. | admin |
| list_slow_queries | List slow queries from your Neon database via pg_stat_statements. | read |
| list_branch_computes | Lists compute endpoints for a project or specific branch | read |
| compare_database_schema | Compare the schema of a database between two branches. Returns a unified diff. | read |
| search | Searches across all user organizations, projects, and branches that match the query. | read |
| fetch | Fetches detailed information about a specific organization, project, or branch using the ID returned by the search tool. | read |
| list_docs_resources | Lists all available Neon documentation pages by fetching the index from https://neon.com/docs/llms.txt. | read |
| get_doc_resource | Fetches a specific Neon documentation page as markdown content. | read |
Deploy Neon MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow