# Snowflake > Inspect schemas and run SQL against a Snowflake account from an AI agent. [Canonical HTML page](https://top-mcps.com/mcp/snowflake) · [server.json](https://top-mcps.com/mcp/snowflake.json) · [methodology](https://top-mcps.com/about/methodology) ## Install ### Claude Desktop — `claude_desktop_config.json` Paste under mcpServers. Fully quit and reopen Claude after editing. ```json { "mcpServers": { "snowflake": { "command": "uvx", "args": [ "mcp-snowflake-server" ], "env": { "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}", "SNOWFLAKE_USER": "${SNOWFLAKE_USER}", "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}", "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}", "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}", "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}" } } } } ``` ### Claude Code — `CLI or .mcp.json` Run from your repo. Commit .mcp.json to share with your team. ```shell # export SNOWFLAKE_ACCOUNT=xy12345.us-east-1 # export SNOWFLAKE_USER=reader # export SNOWFLAKE_PASSWORD=changeme # export SNOWFLAKE_ROLE=READER_ROLE # export SNOWFLAKE_WAREHOUSE=XS_AGENT_WH # export SNOWFLAKE_DATABASE=ANALYTICS claude mcp add snowflake -- uvx mcp-snowflake-server ``` ### Cursor — `.cursor/mcp.json` Global path: ~/.cursor/mcp.json. Reload window after editing. ```json { "mcpServers": { "snowflake": { "command": "uvx", "args": [ "mcp-snowflake-server" ], "env": { "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}", "SNOWFLAKE_USER": "${SNOWFLAKE_USER}", "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}", "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}", "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}", "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}" } } } } ``` ### VS Code — `.vscode/mcp.json` VS Code uses the "servers" key (not "mcpServers"). ```jsonc { "servers": { "snowflake": { "command": "uvx", "args": [ "mcp-snowflake-server" ], "env": { "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}", "SNOWFLAKE_USER": "${SNOWFLAKE_USER}", "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}", "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}", "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}", "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}" } } } } ``` ### Windsurf — `~/.codeium/windsurf/mcp_config.json` Open via Cascade → hammer icon → Configure. ```json { "mcpServers": { "snowflake": { "command": "uvx", "args": [ "mcp-snowflake-server" ], "env": { "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}", "SNOWFLAKE_USER": "${SNOWFLAKE_USER}", "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}", "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}", "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}", "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}" } } } } ``` ### Cline — `cline_mcp_settings.json` Open via the Cline sidebar → MCP Servers → Edit. ```json { "mcpServers": { "snowflake": { "command": "uvx", "args": [ "mcp-snowflake-server" ], "env": { "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}", "SNOWFLAKE_USER": "${SNOWFLAKE_USER}", "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}", "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}", "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}", "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}" } } } } ``` ### Continue — `~/.continue/config.json` Continue uses modelContextProtocolServers with a transport block. ```json { "experimental": { "modelContextProtocolServers": [ { "transport": { "type": "stdio", "command": "uvx", "args": [ "mcp-snowflake-server" ], "env": { "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}", "SNOWFLAKE_USER": "${SNOWFLAKE_USER}", "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}", "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}", "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}", "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}" } } } ] } } ``` ### Codex CLI — `~/.codex/config.toml` Codex uses TOML. Each server is a [mcp_servers.] subtable. ```shell # ~/.codex/config.toml [mcp_servers.snowflake] command = "uvx" args = [ "mcp-snowflake-server", ] env = { SNOWFLAKE_ACCOUNT = "${SNOWFLAKE_ACCOUNT}", SNOWFLAKE_USER = "${SNOWFLAKE_USER}", SNOWFLAKE_PASSWORD = "${SNOWFLAKE_PASSWORD}", SNOWFLAKE_ROLE = "${SNOWFLAKE_ROLE}", SNOWFLAKE_WAREHOUSE = "${SNOWFLAKE_WAREHOUSE}", SNOWFLAKE_DATABASE = "${SNOWFLAKE_DATABASE}" } ``` ### Zed — `~/.config/zed/settings.json` Zed calls them "context_servers". Settings live-reload on save. ```jsonc { "context_servers": { "snowflake": { "command": { "path": "uvx", "args": [ "mcp-snowflake-server" ] }, "env": { "SNOWFLAKE_ACCOUNT": "${SNOWFLAKE_ACCOUNT}", "SNOWFLAKE_USER": "${SNOWFLAKE_USER}", "SNOWFLAKE_PASSWORD": "${SNOWFLAKE_PASSWORD}", "SNOWFLAKE_ROLE": "${SNOWFLAKE_ROLE}", "SNOWFLAKE_WAREHOUSE": "${SNOWFLAKE_WAREHOUSE}", "SNOWFLAKE_DATABASE": "${SNOWFLAKE_DATABASE}" } } } } ``` ### ChatGPT — `ChatGPT → Apps directory` Snowflake doesn't ship a hosted HTTPS endpoint today. ChatGPT supports remote MCP servers only — to use this server in ChatGPT you'll need to deploy it to a public HTTPS URL first (e.g. via Cloudflare Workers or Vercel) or wait for an official remote build. ```none ``` ## At a glance - **Maintainer:** Community - **Transport:** stdio - **Auth model:** API key - **Required secrets:** SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, SNOWFLAKE_PASSWORD, SNOWFLAKE_ROLE, SNOWFLAKE_WAREHOUSE, SNOWFLAKE_DATABASE - **Supported clients:** Claude, Cursor, VS Code, Windsurf, Any MCP-compatible client, Snowflake account - **License:** MIT - **Language:** Python - **Latest version:** latest - **Last verified:** 2026-06-02 - **GitHub stars:** 183 (fetched 2026-06-02T13:16:41.064Z) - **Score:** 57/100 (rubric 2026-04 — see https://top-mcps.com/about/methodology) - **Source:** https://github.com/isaacwasserman/mcp-snowflake-server ## Tools & permissions | Tool | Description | Args | Side effects | |------|-------------|------|--------------| | `list_databases` | List databases visible to the connected role. | `—` | read | | `list_schemas` | List schemas in a database. | `database: string` | read | | `list_tables` | List tables in a schema. | `schema: string` | read | | `describe_table` | Return columns, types, and clustering info for a table. | `table: string` | read | | `query` | Run a SELECT statement and return rows. | `sql: string` | read | ## Security & scope - **Access scope:** read-only - **Sandbox:** Connects to a Snowflake account using key-pair or password auth. Read-only at the MCP tool layer; pair with a SELECT-only role and a resource-monitored XS warehouse to bound spend. - **Gotchas:** - Snowflake is billed per warehouse-second. Always attach a resource monitor to the warehouse the MCP uses. - Static passwords in env are leak-prone — prefer key-pair auth and a key path the OS keychain can protect. - A privileged role connected here can drop tables. Scope to a SELECT-only role even on staging accounts. ## Quick answer **What it does.** Connects to a Snowflake account and exposes database/schema/table enumeration, column metadata, and SELECT execution to AI models. **Best for:** - Schema discovery - Analytical query drafting - Cross-database joins inside one account - Information schema audits - Staging-account debugging **Not for:** - Write-heavy DML from an LLM - Cost-sensitive workloads without a per-user resource monitor - Multi-account federated queries ## Description A community-maintained MCP that connects an AI agent to a Snowflake account. Lists databases, schemas, and tables, returns column-level metadata, and executes SELECT against a warehouse you choose at connect time. Authentication uses Snowflake key-pair auth or username/password; the safe default is a read-only role on a dedicated WAREHOUSE so an LLM cannot burn through credits accidentally. ## Why it matters Snowflake is the dominant warehouse in mid-market and enterprise stacks. Getting an AI agent to draft and run analytical SQL against it without leaving Claude or Cursor closes the loop between question and answer. ## Key features - Key-pair auth supported (no static passwords) - Per-WAREHOUSE scoping at connect time - Database / schema / table introspection - INFORMATION_SCHEMA access - Read-only-by-default tool surface ## FAQ ### Key-pair auth or password? Key-pair is supported and recommended for production accounts — set SNOWFLAKE_PRIVATE_KEY_PATH instead of SNOWFLAKE_PASSWORD. Most teams keep password auth only for the staging-account MCP used by an agent. ### Does it pick the WAREHOUSE per query? No — the WAREHOUSE is fixed at connect time. Create a dedicated XS warehouse (e.g. XS_AGENT_WH) with a resource monitor so the agent cannot accidentally scale up a production warehouse. ### Can the agent write? Default tool set is SELECT-only. The role you connect with should also be SELECT-only as defence in depth; the MCP cannot enforce what the SQL actually does. ### Does it support OAuth or external browser auth? External browser auth is not exposed because MCP servers are non-interactive. Use key-pair auth for service-style identities. ## Changelog - **2026-06-02** — Refreshed install snippets and fact sheet; verified for 2026. - **2025-01-22** — Initial directory listing.