Three Database MCP Servers, Three Different Tradeoffs
Database access is one of the highest-value (and highest-risk) capabilities you can hand to an AI assistant. This comparison looks at three npm-distributed MCP servers that expose SQL databases to clients like Claude: @benborla29/mcp-server-mysql (MySQL with write support), @bytebase/dbhub (multi-engine: PostgreSQL, MySQL, SQL Server, SQLite, MariaDB), and mssql-mcp-server (Microsoft SQL Server via tedious). All three are scored on the same 0–100 scale and share the same overall composition pattern, but diverge sharply on security findings and adoption.
Score Breakdown
| Dimension | @benborla29/mcp-server-mysql | @bytebase/dbhub | mssql-mcp-server |
|---|---|---|---|
| Overall | 62.8 | 62.8 | 61.5 |
| Security | 100.0 | 100.0 | 100.0 |
| Freshness | 30.0 | 30.0 | 30.0 |
| Adoption | 46.3 | 46.5 | 40.1 |
| Quality | 60.0 | 60.0 | 60.0 |
| Trust | 50.0 | 50.0 | 50.0 |
| License present | Yes | Yes | Yes |
| Risk class | unknown | high | unknown |
| Secrets found | 0 | 2 | 0 |
Security & Risk
All three servers post a perfect 100 on the headline security score, but that number alone is misleading. @bytebase/dbhub has 2 secrets detected in its package contents and is classified as risk_class: high. It is also the only server in this set with confirmed sensitive capabilities: it reads and writes the filesystem and makes outbound network calls. For a tool that already has database credentials, leaked secrets in the published artifact are a serious flag — review the package contents and rotate any credentials touched during evaluation before deploying it.
@benborla29/mcp-server-mysql and mssql-mcp-server both report 0 secrets found, but their risk_class is unknown (capability metadata such as filesystem and network behavior was not resolved), so absence of evidence is not evidence of absence. Note also that the MySQL server explicitly advertises write operations support — so least-privilege database accounts are essential regardless of which server you pick.
Adoption & Activity
- @bytebase/dbhub — 6,351 weekly npm downloads, 0 GitHub stars recorded, repo at
github.com/bytebase/dbhub. - @benborla29/mcp-server-mysql — 6,086 weekly npm downloads, 0 GitHub stars recorded, no GitHub URL on file.
- mssql-mcp-server — 2,267 weekly npm downloads, 0 GitHub stars recorded, repo at
github.com/vicagbasi/mssql-mcp.
Freshness scores are identical at 30.0 for all three, and last_commit_days was not available for any of them — meaning none of these projects shows strong recency signals in the data we have. Adoption is led narrowly by dbhub on weekly downloads, with the MySQL server a close second; the MSSQL server trails by roughly 3–4×.
Install Commands
npx @benborla29/mcp-server-mysqlnpx @bytebase/dbhubnpx mssql-mcp-serverRecommendation
Winner for most users: @benborla29/mcp-server-mysql — but only if MySQL is your target. It ties dbhub on overall score (62.8), has comparable adoption (6,086 weekly downloads), and crucially reports 0 secrets found versus dbhub's 2. Given that dbhub is flagged risk_class: high with confirmed filesystem-write and network capabilities, it is hard to recommend it as a default despite its broader engine coverage.
Choose @bytebase/dbhub only if you genuinely need a single server spanning PostgreSQL, MySQL, SQL Server, SQLite, and MariaDB — and you are prepared to audit the package, scrub the leaked secrets from your environment, and sandbox its filesystem access.
Choose mssql-mcp-server when you need Microsoft SQL Server specifically. It scores marginally lower (61.5) and has the lowest adoption of the three, but it is purpose-built for tedious-based MSSQL access with stored-procedure introspection, and it carries no detected secrets.
Across all three, treat the perfect 100 security score as a starting point, not an endorsement: enforce read-only DB roles where possible, scope credentials per project, and re-check the registry artifacts before each upgrade.