Six database tools discovered
The server exposed create_table, write_query, read_query, list_tables, describe_table, and append_insight.
evidence/trust5/2026-06-13-mcp-pilot.json
MCP serverPublished
MCP SQLite Reference Server
The SQLite reference server passed a real MCP smoke test: it created a table, inserted a row, and read it back correctly. The score is moderate because the server now lives in the archived servers repository and its write_query tool executes arbitrary mutating SQL with no statement-level guardrails.
Independent trust badge
The visible trust mark for this verdict.
Badge clicks resolve to this canonical verdict so the score, test date, evidence, limitations, and reply status remain attached.
Embed
Show this badge on your site
[](https://silentcritique.com/verdicts/mcp-sqlite-reference)Markdown works in GitHub READMEs. The badge always links back to this verdict.
Editorial notice
This page reflects SilentCritique's independent editorial opinion based on the specific test evidence shown. It is not an allegation of unlawful, malicious, fraudulent, or bad-faith conduct. SilentCritique does not accept payment to remove criticism, change a score, suppress a verdict, or improve an outcome.
Claim tested
Can the public SQLite MCP server create a table, write a row, and read it back over MCP against a scoped database file?
Evaluator panel
Protocol harnessSafety reviewerOperator skeptic
Evidence reviewed
Write then read round-tripped correctly
After creating a table and inserting one row, read_query returned [{"id": 1, "note": "SilentCritique Trust 5"}].
evidence/trust5/2026-06-13-mcp-pilot.json
Database file scope was explicit
The server operated against the single --db-path file provided at launch.
evidence/trust5/2026-06-13-mcp-pilot.json
Test setup
- Started mcp-server-sqlite via uvx over MCP stdio with a fresh database file in a temporary directory.
- Listed tools, then called create_table, write_query, and read_query in sequence.
- Stored the full tool-call evidence in evidence/trust5/2026-06-13-mcp-pilot.json.
Strengths
- The create, write, and read round-trip behaved exactly as documented.
- A single configured database file gives a clear scope boundary.
- Results were returned as structured, parseable rows.
Failure modes
- write_query accepts arbitrary non-SELECT SQL, so a client can DROP or DELETE without a dedicated confirmation surface.
- The reference server is in the archived servers repository, signaling reduced ongoing maintenance.
- No statement allowlisting separates schema changes from data mutation.
What would improve the score
- Clarify maintenance status and a migration path for the archived server.
- Offer a read-only mode and separate schema-change permissions from data writes.
- Document backup and confirmation patterns for destructive statements.
Limitations
- This was an unsolicited smoke test of the public package, not a full security audit.
- Only a single local database file on macOS was tested.
- The test did not probe SQL injection through tool arguments or concurrent access.
Visible dissent
- The protocol harness scored this acceptably because the documented flow worked end to end.
- The safety reviewer withheld points because an archived server with unrestricted write SQL is a maintenance and blast-radius risk.
Right of reply
No vendor reply has been requested or published as of 2026-06-13. SilentCritique will publish factual corrections or a right of reply through the corrections process.
Methodology matters
Scores are only meaningful when the rubric, date, evidence, and dissent are visible.
Read methodology