Mcp Server Motherduck

Local MCP server for DuckDB and MotherDuck

CommunityActiveNot tested◆Official RegistryUpdated 4/3/2026

Data

★ 456PyPI

Edit this page

MCPpedia
Score

No CVEsActive5 toolsstdioremoteMIT

How we score →

Should you use this server?

Local MCP server for DuckDB and MotherDuck

✓

Is it safe?

No known CVEs for uv. 3 previously resolved.

No authentication — any process on your machine can connect to this server.

MIT. View license →

Last scanned 0 days ago.

✓

Is it maintained?

Last commit 2 days ago. 456 GitHub stars.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

How much context will it use?

5 tools. Estimated ~400 tokens of your context window (0.2% of 200K).

Quick Install

{
  "mcpServers": {
    "DuckDB (in-memory, r/w)": {
      "args": [
        "mcp-server-motherduck",
        "--db-path",
        ":memory:",
        "--read-write",
        "--allow-switch-databases"
      ],
      "command": "uvx"
    }
  }
}

Setup guide

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx uv 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Tools (5)

execute_query

Execute SQL query (DuckDB dialect)

list_databases

List all databases (useful for MotherDuck or multiple attached DBs)

list_tables

List tables and views

list_columns

List columns of a table/view

switch_database_connection

Switch to different database (requires --allow-switch-databases flag)

Score Breakdown

MCPpedia Score

Click each category to see evidence

90A

Scored 1h ago

How we score →

Security

30/30

Last scanned 1h ago

No open vulnerabilities. 3 fixed CVEs.

✓

CVEs — 3 fixed CVEs — update to 0.9.6+check OSV.dev \u2192

○

Authentication — None required — easy to connect

✓

License — MITview license \u2192

✓

Repository — Activeview repo \u2192

✗

MCPpedia review — Not yet reviewed by MCPpedia

Advisories (0 open, 3 fixed)

mediumCVSS 4CVE-2025-13327Fixed

uv allows ZIP payload obfuscation through parsing differentials

### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur

Fixed in 0.9.6Published Oct 29, 2025source \u2192

infoGHSA-w476-p2h3-79g9Fixed

uv has differential in tar extraction with PAX headers

### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:

Fixed in 0.9.5Published Oct 21, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Embed this score in your READMEPreview badge

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-motherduck)](https://mcppedia.org/s/mcp-server-motherduck)

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target