ClickHouse MCP — security audit

ClickHouse MCP: trust score 62/100 — 1 capability surface.

↗ View server in catalog

Trust score

62

Grade C

Risk flags

  • No public repository linked

    Without a public repo we cannot independently audit the code. Caution warranted.

Capability surface

  • Database mutation

    High risk

    Connects to a database. Read-only flag, when present, mitigates the risk.

    Evidence: clickhouse

Trust signals

Total trust score is the sum of these contributions. Each signal carries a fixed weight.

  • Verified by Loadout

    +20 / 20

    Manually verified.

  • Official author

    +15 / 15

    Maintained by the official ClickHouse team.

  • Community traction

    +17 / 20

    2,400 GitHub stars.

  • Public source

    +0 / 15

    No linked public repository.

  • Stability

    +0 / 15

    Stability not yet assessed.

  • Capability surface

    +10 / 15

    1 high-risk capability detected.

Disclaimer

This is an automated heuristic triage. It does not replace a hand-rolled code audit. Use it to prioritise which servers deserve a deeper look — especially anything carrying high-risk capabilities like shell execution or filesystem write.