Package Metadata

Author: Amazon Web Services
Email: AWSLabs MCP <[email protected]>, Ken Zhang <[email protected]>
PyPI: awslabs.postgres-mcp-server
Python: >=3.10
Versions: 30 releases
First release: 09 May 2025, 01:58 UTC
Analysed: 08 Jun 2026, 14:52 UTC
Source files: 26 .py files scanned

Project Links

changelog docs documentation homepage repository

Classifiers

License :: OSI Approved :: Apache Software LicenseOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows a high credential risk due to the usage of SQL commands that can lead to unauthorized file access, while other risks remain low. This raises concerns about potential supply-chain attacks.

High credential risk due to SQL commands involving file read operations
Maintainer has only one package, raising suspicion about their intent

Per-check LLM notes

Network: No network calls detected, which is normal if the package does not require external communications.
Shell: No shell execution patterns detected, indicating the package does not execute system commands.
Obfuscation: The use of pkgutil.extend_path is a common practice for extending module search paths and does not inherently indicate malicious activity.
Credentials: The SQL commands involving pg_read_file and related functions suggest potential unauthorized access to system files, indicating a high risk of credential harvesting or similar malicious activities.
Metadata: The maintainer has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 15 test file(s) found

Test runner config found: conftest.py
Test runner config found: pyproject.toml
15 test file(s) detected (e.g. conftest.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "docs" -> https://awslabs.github.io/mcp/servers/postgres-mcp-server/
Detailed PyPI description (10955 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

68 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

42 unique contributor(s) across 100 commits in awslabs/mcp
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

amespace packages. __path__ = __import__('pkgutil').extend_path(__path__, __name__) # Copyright Amazon.com, In

✓ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 10.0

Found 5 credential access pattern(s)

"SELECT load_file('/etc/passwd')", # MySQL-ism file write "SELECT
("SELECT pg_read_file('/etc/passwd')", 'pg_read_file'), ("SELECT pg_read_binary_fi
("SELECT pg_read_binary_file('/etc/passwd', 0, 100)", 'pg_read_binary_file'), ("SELECT *
p(5)', "SELECT load_file('/etc/passwd')", "SELECT * FROM users INTO OUTFILE '/tmp/users.txt'"
)', "SELECT pg_read_file('/etc/passwd')", 'SELECT pg_advisory_lock(42)', 'SELECT pg_advis

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: amazon.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository awslabs/mcp appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Amazon Web Services" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with awslabs.postgres-mcp-server

Create a mini-application called 'PostgresMCPManager' that leverages the 'awslabs.postgres-mcp-server' package to manage and interact with PostgreSQL databases using the Model Context Protocol (MCP). This application will serve as a bridge between MCP-enabled clients and PostgreSQL databases, allowing for efficient data manipulation and management operations. Here are the steps and features to include:

1. **Setup Environment**: Begin by setting up your development environment with Python and the required libraries, including the 'awslabs.postgres-mcp-server'. Ensure you have PostgreSQL installed and running on your local machine or a remote server.
2. **Database Connection**: Implement a connection module that connects to a PostgreSQL database using the MCP server provided by 'awslabs.postgres-mcp-server'. This module should handle authentication and connection pooling efficiently.
3. **Data Manipulation**: Develop functions within your application that allow users to perform CRUD (Create, Read, Update, Delete) operations on the PostgreSQL database through the MCP server. Each operation should be designed to work seamlessly with the MCP protocol.
4. **Query Execution**: Integrate a query execution feature that enables users to run custom SQL queries against the database via the MCP server. This feature should support both synchronous and asynchronous query execution.
5. **Transaction Management**: Include robust transaction management capabilities that ensure atomicity, consistency, isolation, and durability (ACID) properties of database transactions. Users should be able to start, commit, and rollback transactions as needed.
6. **Error Handling and Logging**: Implement comprehensive error handling and logging mechanisms to capture and report any issues that arise during database interactions. This includes logging connection errors, query failures, and transaction rollbacks.
7. **User Interface**: Design a simple command-line interface (CLI) for interacting with 'PostgresMCPManager', making it easy for users to execute commands and see results. Additionally, consider developing a basic web interface using Flask or Django for more advanced use cases.
8. **Documentation and Testing**: Provide thorough documentation explaining how to set up and use 'PostgresMCPManager'. Also, write unit tests for each major functionality to ensure reliability and maintainability of the application.

In summary, 'PostgresMCPManager' will utilize 'awslabs.postgres-mcp-server' to streamline PostgreSQL database management tasks while adhering to the principles of MCP. Your goal is to create a versatile tool that simplifies database operations and enhances developer productivity.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.6/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue