Postgres
Query Postgres databases with natural language. Read-only access by default - the agent sees your schema and runs SELECT queries safely.
A+
Safety & Trust
Delv Safety Grade: A+
Score 92/100 · assessed 2026-04-22
Maintainer95
Permissions85
Supply chain95
Transparency95
Incidents100
Official Anthropic MCP server for Postgres database queries, maintained in the primary modelcontextprotocol/servers monorepo. Read-only by default is the key safety feature here: Claude can inspect schema and run SELECT queries but cannot modify data without explicit configuration. Distributed via npm with standard versioning, fully open source with clear documentation. The connection string in the install command necessarily contains credentials, which is standard for database tooling but means secrets live in your MCP config file. Permissions are scoped to database reads plus network access to reach the Postgres instance. No filesystem or shell access. The maintainer pedigree is excellent and supply chain is clean. Main risk is credential exposure in config files and the potential for information disclosure if pointed at sensitive databases.
Lethal Trifecta (prompt-injection exposure)
ONE OF THREEPrivate dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsNo
Can send data outbound
Direct DB access. Attackers need another axis to exfiltrate. Still high-stakes.
Green flags
- Read-only by default prevents accidental data modification or deletion
- Official Anthropic server with active maintenance in primary monorepo
- Standard npm package distribution with semantic versioning
- Open source with clear documentation and issue tracking
- Scoped to database operations only, no filesystem or shell access
Red flags
- Database credentials stored in plaintext MCP configuration file
- Can read entire database schema and all table contents by default
- No built-in query cost limits or row count restrictions mentioned
Permissions requested
DB readOutbound networkAccess secrets
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
npx -y @modelcontextprotocol/server-postgres postgresql://user:pass@host/db
Paste into your host's MCP config:
{
"postgres": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-postgres", "postgresql://localhost/mydb"]
}
}Review
This is the MCP server I reach for when I need to interrogate a Postgres database without writing SQL by hand. Point it at a connection string and Claude can see your schema, run SELECT queries, and explain what it finds. The read-only default is sensible - you get data exploration without the risk of an accidental DELETE.
I've used it most for debugging production queries. You can ask Claude to show you what's in a table, explain why a query might be slow, or pull a quick count of records matching some criteria. It's faster than opening a SQL client, especially when you're context-switching between code and data. The schema awareness means Claude knows your column names and types, so it doesn't hallucinate joins or filters.
The installation is a one-liner. You pass a Postgres connection string and it works. No config files, no environment variables unless you want them. The server handles schema introspection automatically, so Claude sees your tables and relationships without you listing them.
Quirks: it's read-only unless you explicitly enable writes, which is good design but means you can't ask Claude to INSERT test data or run migrations directly. You'll need to copy the SQL it drafts and run it yourself. The connection string goes in your MCP config, so if you're working across multiple databases you'll need separate entries or you'll be editing the config each time. Also, this is an official Anthropic server, so it's stable but not exotic - don't expect advanced Postgres features like full-text search or JSON path queries to be exposed as first-class tools.
Who shouldn't bother: if you're already fluent in SQL and have a preferred client, this won't replace your workflow. It's for people who want to ask questions in English and get answers without writing SELECT statements, or for teams who want to let non-technical colleagues pull data safely. If you need write access by default, you'll be toggling a flag every time.
Verdict
Install this if you work with Postgres and want to ask questions about your data in plain English. It's fast, safe, and requires zero setup beyond a connection string. Skip it if you're already comfortable in psql or need write access regularly.
Good at
- Read-only by default means you can explore production databases without risk of accidental writes.
- Schema introspection is automatic - Claude sees your tables, columns, and types without manual configuration.
- One-line install with no environment variables or dependencies beyond Node.
- Official Anthropic maintenance means it's stable and well-documented.
- Works across Claude Desktop, Cursor, and Windsurf without host-specific quirks.
Watch out
- Connection strings live in your config file in plain text unless you use environment variables.
- Read-only mode requires a flag flip if you want Claude to draft INSERT or UPDATE statements you can run yourself.
- Multiple databases mean multiple config entries - no dynamic switching without editing the config.
- Advanced Postgres features like full-text search or JSON operators aren't exposed as dedicated tools.
Use cases
- Ad-hoc data exploration
- Debugging production queries
- Drafting migrations with schema context
- Pulling metrics for reports
Getting started
1. Run `npx -y @modelcontextprotocol/server-postgres postgresql://user:pass@host/db` to test the connection.
2. Add the server to your Claude Desktop config at `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) with the command and connection string in the args array.
3. Restart Claude Desktop and verify the server appears in the MCP settings panel.
4. Ask Claude to list your tables or describe a schema - it should return results immediately.
5. Watch out: the connection string is stored in plain text in your config, so use environment variables or a local dev database if you're concerned about credentials.
Works with
Claude DesktopClaude CodeCursorWindsurf
Similar MCPs
- NeonNeon's official MCP for serverless Postgres. Manage projects, branches, and run SQL against any of your databases.
- SupabaseSupabase's official MCP — query Postgres, manage auth, inspect storage buckets, all from your agent.
- ClickHouseClickHouse MCP for fast analytical queries. Built by ClickHouse Inc, supports cluster topology discovery.
- SnowflakeSnowflake MCP for warehouse queries. Enterprise data teams use it to let Claude run analytical SQL against the lake.