Snowflake MCP Server
Community TypeScript MCP server for executing Snowflake SQL queries and exploring database schemas
Score Breakdown
Server Info
- Package
- snowflake-mcp
- Registry
- npm
- Repository
- faressoft/snowflake-mcp
- Maintainer
- Community
- Category
- Analytics & Data
- Tags
- data-warehousesqlanalytics
- Last Scanned
- 7 Apr 2026
Findings
8 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. SNOWFLAKE_ACCOUNT and SNOWFLAKE_USERNAME are required. SNOWFLAKE_PASSWORD is required unless authenticator is 'externalbrowser'. Supports externalbrowser (SSO) and password authenticators. Optional env vars for role, warehouse, database, schema. SNOWFLAKE_READONLY flag enables ... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 1 of 11 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: execute_query
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
Permission Granularity
HIGH1 destructive operations not isolated
Admin/delete tools are mixed with regular operations and cannot be independently disabled.
Namespace admin tools separately for independent access control.
Data Exposure
MEDIUM4 list operations lack pagination
execute_query has max_rows parameter (defaults to 100) which provides pagination-like limiting. list_databases, list_schemas, list_tables, and list_views use hardcoded limit of 1000 rows. get_table_sample defaults to 5 rows with configurable limit. No field selection -- all tools return full records. The execute_query tool can return arbitrary amounts of data depending on the SQL query. Results include row count and truncation metadata.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by Mohammad Fares
No official vendor backing.
Seek vendor verification.
MEDIUM13 dependency vulnerabilities (5 high)
npm audit found 5 high severity CVEs.
Update vulnerable dependencies.
Tools
11 total| Name | Description | Risk |
|---|---|---|
| test_connection | Test the connection to Snowflake and return connection info | read |
| execute_query | Execute a SQL query against Snowflake and return the results | admin |
| explain_query | Get the execution plan for a SQL query without running it | read |
| list_databases | List all accessible databases in Snowflake | read |
| list_schemas | List all schemas in a database | read |
| list_tables | List all tables in a schema | read |
| list_views | List all views in a schema | read |
| describe_table | Get detailed information about a table's structure including columns, types, and constraints | read |
| get_table_sample | Get a sample of rows from a table to understand its data | read |
| get_table_row_count | Get the total number of rows in a table | read |
| get_primary_keys | Get primary key columns for a table | read |
Deploy Snowflake MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow