PostgreSQL MCP Server — Cybernauten

How to connect Claude to PostgreSQL in 2026. The official MCP server is deprecated with a SQL injection vulnerability — use Postgres MCP Pro (crystaldba) instead.

stable database updated 2026-02

install

npx postgres-mcp --connection-string postgresql://user:pass@localhost/mydb --access-mode unrestricted

npm: postgres-mcp

↗ GitHub

capabilities

✓ Execute SQL queries against PostgreSQL databases ✓ Schema inspection and table listing ✓ Database health analysis (indexes, connections, buffer cache, vacuum) ✓ Index tuning with workload-aware recommendations ✓ Query plan analysis (EXPLAIN output) ✓ Read-only or restricted access modes

compatible with

Claude DesktopClaude CodeVS CodeCursorWindsurf

⚠️ Deprecation notice: The official @modelcontextprotocol/server-postgres package (maintained by the MCP team) was deprecated in July 2025 and has a known SQL injection vulnerability. Do not use it. This article covers Postgres MCP Pro (crystaldba/postgres-mcp), the community-recommended replacement.

The Postgres MCP Pro server gives Claude and other AI agents direct access to your PostgreSQL database — for querying data, inspecting schemas, analyzing performance, and tuning indexes. It goes well beyond the deprecated official package: this isn’t just “run a query and return results.” It includes production-grade tooling for database health monitoring and index optimization.

Installation

Prerequisites: PostgreSQL running and accessible, Node.js 18+

# Claude Desktop configuration (claude_desktop_config.json)
{
  "mcpServers": {
    "postgres": {
      "command": "npx",
      "args": [
        "postgres-mcp",
        "--connection-string", "postgresql://user:pass@localhost:5432/mydb",
        "--access-mode", "unrestricted"
      ]
    }
  }
}

Access modes:

unrestricted — full read/write access (use only with trusted agents)
restricted — read-only queries plus schema inspection
read-only — SELECT only, no schema changes

For production databases, start with restricted or read-only. The server enforces these at the connection level.

Environment variable approach (safer for credentials):

export POSTGRES_CONNECTION_STRING="postgresql://user:pass@host/db"

Then reference $POSTGRES_CONNECTION_STRING in your config rather than hardcoding credentials.

Available Tools

Tool	What It Does
`query`	Execute SQL queries with parameterized inputs
`list_tables`	List all tables in the database
`describe_table`	Get schema details for a specific table
`database_health`	Analyze index health, connections, buffer cache, vacuum stats
`index_tuning`	Recommend indexes based on query workload
`explain_query`	Return EXPLAIN output for a query
`list_schemas`	List available schemas
`list_views`	List views in the database

The database_health and index_tuning tools are what put this above a simple query executor. If you’re running Claude on your production database for ops work — slow query analysis, index gaps, bloat monitoring — these make it genuinely useful rather than just a SQL REPL.

What You Can Do With It

Schema-aware queries: Ask Claude to generate SQL against your actual schema without manually copying table definitions. Claude reads the schema directly via list_tables and describe_table.

Performance analysis: “Which queries are running slowly? What indexes should I add?” Claude uses explain_query and index_tuning to give specific, workload-based recommendations.

Data exploration: Natural language to SQL for analysts and founders who know what they want to know but not exactly how to write the query.

Health monitoring: Regular database_health checks surface issues like table bloat, low buffer cache hit rates, or sequences approaching their limits — before they cause downtime.

Security Considerations

The deprecated official server had a SQL injection vulnerability where queries could bypass read-only protections. Postgres MCP Pro uses parameterized queries throughout and enforces access modes at the connection level. Still:

Never expose this server to untrusted networks. It has direct database access.
Use a dedicated read-only database user for read-only mode deployments.
Avoid hardcoding credentials in config files — use environment variables or a secrets manager.
For production, consider running the MCP server on the same host as your database (no network exposure).

Alternatives

MCP Toolbox for Databases (Google, googleapis/genai-toolbox) supports PostgreSQL plus MySQL, BigQuery, AlloyDB, Spanner, and 10+ others through a YAML configuration system. Better for teams that need multi-database support or are already in the Google Cloud ecosystem.

Supabase MCP — if your PostgreSQL is a Supabase project, use their dedicated MCP server. It’s Row Level Security–aware and handles auth automatically.

Prisma MCP — for TypeScript teams using Prisma ORM. Runs via npx prisma mcp and handles schema migrations as well as queries.

Our Take

Postgres MCP Pro is the right tool if you need AI agents to interact with a PostgreSQL database today. The schema-aware querying is genuinely useful for development work, and the health/index tooling makes it worth running on production databases (with restricted mode and a read-only user).

The main caveat: this is a community project, not an official Anthropic server. It’s actively maintained, but check the GitHub for recent activity before adopting for critical workflows.

Best for: Developers who want Claude to understand their database schema, analysts generating ad-hoc SQL, and engineers doing performance analysis.

Skip if: You’re using MySQL, MongoDB, or another non-Postgres database — look at MCP Toolbox for Databases instead.

Rating: 8.2/10

By Cybernauten · Mar 3, 2026 ← mcp directory