Snowflake documents a Snowflake-hosted Model Context Protocol (MCP) endpoint that fronts governed Snowflake data and Cortex workloads without provisioning a separate MCP bridge VM. Administrators declare tools with SQL (`CREATE MCP SERVER`)—for example Cortex Search queries, Cortex Analyst chat-style messages, Cortex Agent executions, parameterized SQL runners, or custom tools backed by Snowflake-native functions—and clients authenticate using Snowflake OAuth against the MCP revision pinned in Snowflake release notes.
Use cases
- Let conversational assistants query approved Cortex Search services with RBAC-aligned tool manifests
- Expose Cortex Analyst as an MCP tool for finance or operations analysts who already trust Snowflake row access policies
- Offer tightly scoped SYSTEM_EXECUTE_SQL tools for parameterized reporting instead of unmanaged raw SQL uploads
- Chain Cortex Agents as callable MCP tools alongside stored procedures surfaced through GENERIC tool slots
- Centralize audit logging for MCP invocations alongside existing Snowflake query history workflows
Key features
- Cursor
- Claude Desktop
- VS Code MCP extensions
- Custom OAuth-capable MCP clients
Frequently Asked Questions
- Which MCP specification revision does Snowflake advertise?
- Release notes cite compatibility with MCP revision dated 2025-11-25; verify Snowflake quarterly release announcements for bumps.
- How are tools enumerated to clients?
- Snowflake expects operators to populate the `tools` array inside the MCP server YAML, including Cortex Search, Cortex Analyst, SQL execution, Cortex Agent, or custom GENERIC wrappers—each declares metadata Snowflake validates at creation time.
- What security guidance accompanies deployment?
- Documentation stresses OAuth-backed sessions, verifying third-party MCP servers separately, hyphenated host naming to avoid TLS mismatches, and least-privilege roles for discovery versus invocation privileges.
Related
Related
3 Indexed items
MotherDuck MCP Server
MotherDuck documents a remote Model Context Protocol server at motherduck.com/docs/sql-reference/mcp hosted at `https://api.motherduck.com/mcp` with OAuth (or Bearer token) and read-write SQL access to MotherDuck cloud databases. Tools include `list_databases`, `list_tables`, `list_columns`, `search_catalog`, `query`, `query_rw`, `ask_docs_question`, Dive tools (`list_dives`, `read_dive`, `view_dive`, `save_dive`, etc.), and Flight scheduling tools (`list_flights`, `create_flight`, `run_flight`, etc.) per MotherDuck MCP docs. For local DuckDB files or custom configs, MotherDuck points to the open-source `mcp-server-motherduck` package (`uvx mcp-server-motherduck --db-path md:`) on github.com/motherduckdb/mcp-server-motherduck.
PlanetScale MCP Server
PlanetScale documents a hosted Model Context Protocol server at planetscale.com/docs/connect/mcp, reachable at `https://mcp.pscale.dev/mcp/planetscale` with OAuth authentication for organizations, databases, branches, schemas, and Insights data. An insights-only endpoint at `https://mcp.pscale.dev/mcp/planetscale-insights-only` omits read/write query tools. Tools documented include organization/database/branch listing, schema inspection, `planetscale_get_insights`, documentation search, and—when scopes allow—`planetscale_execute_read_query` and `planetscale_execute_write_query` with replica routing, ephemeral credentials, and destructive-query safeguards per the January 2026 changelog. PlanetScale notes the older local CLI MCP path is deprecated in favor of the hosted HTTP server for Cursor, Claude Code, and other MCP clients.
BigQuery MCP Server
Google Cloud documents a remote BigQuery Model Context Protocol server at docs.cloud.google.com/bigquery/docs/use-bigquery-mcp, enabled when the BigQuery API is enabled. Connect MCP clients to the managed HTTP endpoint `https://bigquery.googleapis.com/mcp` with OAuth 2.0 and IAM (API keys are not accepted). Documented IAM roles include MCP Tool User (`roles/mcp.toolUser`), BigQuery Job User (`roles/bigquery.jobUser`), and BigQuery Data Viewer (`roles/bigquery.dataViewer`). Tools include `execute_sql` and `execute_sql_readonly` per the use guide; `execute_sql_readonly` allows only read-only operations while `execute_sql` is the sole non-read-only tool. Limitations documented: query processing capped at three minutes by default, results limited to 3,000 rows, and Google Drive external tables unsupported for those SQL tools.