Explore, query, and inspect SQLite databases with ease. List tables, preview results, and view det…
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"ai-smithery-wgong-sqlite-mcp-server": {
"args": [
"fastmcp"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
SQLITE_DB_PATH=/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db fastmcp run sqlite_explorer.py
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi
FastMCP has a Command Injection vulnerability - Gemini CLI
Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol
FastMCP OAuth Proxy token reuse across MCP servers
While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
### Summary A command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor ### Details 1. generate_cursor_deeplink(server_name, …) embeds server_name verbatim in a cursor://…?name= query string. 2. open_deeplink() is invoked with shell=True only on Windows. That calls cmd.exe /c start <deeplink>. 3. Any cmd metacharacter inside server_name (&, |, >, ^, …) escapes the start comma
FastMCP vulnerable to reflected XSS in client's callback page
### Summary While setting up an oauth client, it was noticed that the callback page hosted by the client during the flow embeds user-controlled content without escaping or sanitizing it. This leads to a reflected Cross-Site-Scripting vulnerability. ### Details The affected code is located in *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/client/oauth_callback.py*, which embeds all values passed to the `create_callback_html` function via the `message` parameter it into the callback pag
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in data
Manage Supabase projects — databases, auth, storage, and edge functions
Query and manage PostgreSQL databases directly from AI assistants
Zero-dependency, token-efficient database MCP server for Postgres, MySQL, SQL Server, MariaDB, SQLite.
A Model Context Protocol (MCP) server that enables secure interaction with MySQL databases
MCP Security Weekly
Get CVE alerts and security updates for ai.smithery/wgong-sqlite-mcp-server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
# Install dependencies
pip install -r requirements.txt
# Install FastMCP globally (if not already installed)
pip install fastmcp
# Run FastMCP directly for testing
SQLITE_DB_PATH=/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db fastmcp run sqlite_explorer.py
# Test with inspector (if available)
SQLITE_DB_PATH=/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db fastmcp inspect sqlite_explorer.py
# To install SQLite Explorer
SQLITE_DB_PATH=/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db fastmcp install sqlite_explorer.py --name "SQLite Explorer"
# To launch SQLite Explorer via a web-based testing interface. Run with `--transport sse` for HTTP-based communication
SQLITE_DB_PATH=/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db fastmcp dev sqlite_explorer.py
# To set up the MCP server with Claude Desktop
SQLITE_DB_PATH=/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db fastmcp claude-desktop add sqlite_explorer.py --name "SQLite Explorer"
# Need to define the SQLITE_DB_PATH variable before running smithery playground
SQLITE_DB_PATH=/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db smithery playground
After launching Smithery playground, we can now talk to the MCP server using this URL: https://smithery.ai/playground?mcp=https%3A%2F%2Fee09cd8f.ngrok.smithery.ai%2Fmcp
# Add this configuration to Cline MCP settings:
{
"sqlite-explorer": {
"command": "uv",
"args": [
"run",
"--with",
"fastmcp",
"--with",
"uvicorn",
"fastmcp",
"run",
"/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/sqlite_explorer.py"
],
"env": {
"SQLITE_DB_PATH": "/Users/owner/claude-code/agentic-ai-learnings/hw3/sqlite-explorer-fastmcp-mcp-server/financial_data.db"
}
}
}
Server Name: SQLite Explorer Generation: 2
Components Tools: 3 Prompts: 0 Resources: 0 Templates: 0
Environment FastMCP: 2.12.4 MCP: 1.15.0
This will open an interactive inspector where you can test the MCP tools:
Even though we're running the MCP locally, still have a web interface For locally deployed MCP server SQLite Explorer, this is the MCP server URL that we can access as a client: http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=e01acfa4461c1af5227669c2c0051e7cf9c280fb61a43a146a672463441f4c1b#tools In the future, once deployed, we'll have the same thing - HTTP or HTTPS, but instead of a local host, it'll be my server and the port. The rest will be something else. Local host is the server name, so the server is a local host. But if deployed somewhere, then it'll be a different host name. The port serves as a channel to talk to multiple MCP servers. HTTPS is a secure HTTP.
Once the MCP server is connected, you can ask questions like:
NOTE: The tables starting with SQLite are called system tables. We never created those tables.
# Check FastMCP version and available commands
fastm
... [View full README on GitHub](https://github.com/wgong/sqlite-mcp-server#readme)