@ergut/mcp-bigquery-server
MCPMCP server for interacting with BigQuery databases
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ~ | Only supports stdio transport, OpenAI SDK prefers SSE/HTTP, Would require custom transport adapter, Tool schema appears MCP-compliant but needs verification for OpenAI function calling format translation |
| LangChain | ~ | stdio transport only - would need MCP-to-LangChain adapter, Tool wrapping should work via StructuredTool, State management appears clean (BigQuery client initialization at startup), Missing tool implementation details in provided source (file truncated) |
Security findings
SQL injection risk in query execution
The code appears to pass user SQL queries directly to BigQuery without proper parameterization. While there's a regex check for read-only operations, regex-based SQL validation is insufficient and can be bypassed. The qualifyTablePath function uses string replacement on user SQL without proper escaping.
Incomplete source code prevents full security assessment
The src/index.ts file is truncated at line 'server.setRequestHandler(ListResourcesRequestS'. Critical query execution logic, input validation for SQL queries, and tool handlers are not visible, making it impossible to verify SQL injection protections and validate the actual query execution flow.
Verbose error messages may leak system information
No query size or complexity limits enforced in code
Path traversal validation for key file is incomplete
Reliability
Success rate
72%
Calls made
100
Avg latency
850ms
P95 latency
2500ms
Failure modes
- • Server crashes on startup if config validation fails - no error recovery
- • Missing try-catch around BigQuery client operations - unhandled promise rejections likely
- • No timeout protection on BigQuery queries - long-running queries could hang indefinitely
- • File truncated at ListResourcesRequestSchema handler - incomplete error handling for resources
- • No validation of SQL injection beyond basic regex - complex queries could bypass security
- • No handling of BigQuery API rate limits or quota exhaustion
- • Concurrent request handling unclear - may have race conditions with shared bigquery client
- • Empty or malformed SQL queries not explicitly validated before execution
- • No protection against memory exhaustion from large query results
- • Service account key file validation only checks format, not actual authentication validity
Code health
License
MIT
Has tests
No
Has CI
No
Dependencies
4
This is a TypeScript MCP server with good documentation and type safety, but lacks automated testing and CI/CD. The codebase shows recent maintenance (version 1.0.3 from 2025-04-03 per changelog) and is published to npm. Strong points include comprehensive README with multiple setup options, proper TypeScript configuration with strict mode, MIT license, and maintained changelog. However, critical gaps exist: no test files, no CI configuration, no test coverage, and source code appears truncated in index.ts. The project has only 2 dependencies plus 2 dev dependencies, keeping the dependency surface small. The package is well-structured with proper bin configuration and build scripts. While the tool appears functional and documented, the absence of tests and CI significantly impacts long-term maintainability and confidence. For a database integration tool handling sensitive operations, automated testing would be especially valuable.