Connect
Optimize
Secure
Snowflake MCP Server
for AI Agents
Production-ready Snowflake MCP server with 80 extensible actions — plus built-in authentication, security, and optimized execution.
Snowflake MCP Server
Built by 
StackOne
StackOne 
Coverage
80 Agent Actions
Create, read, update, and delete across Snowflake — and extend your agent's capabilities with custom actions.
Authentication
Agent Tool Authentication
Per-user OAuth in one call. Your Snowflake MCP server gets session-scoped tokens with zero credentials stored on your infra.
Agent Auth →
Security
Agent Protection
Every Snowflake tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.
Prompt Injection Defense →
Performance
Max Agent Context. Min Cost.
Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Snowflake call.
Tools Discovery →What is the Snowflake MCP Server?
A Snowflake MCP server lets AI agents read and write Snowflake data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Snowflake MCP server ships with 80 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.
All Snowflake MCP Tools and Actions
Every action from Snowflake's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.
Databases
- Create Database
Create a new database in the Snowflake account
- Clone Database
Create a copy of an existing database with all its objects
- List Databases
Retrieve list of all databases in the account
- Update Database
Modify database properties like data retention or ownership
- Delete Database
Drop a database and all its contained objects
Schemas
- Create Schema
Create a new schema within a database
- List Schemas
Get all schemas in a specific database
- Update Schema
Modify schema properties like data retention or managed access
- Delete Schema
Drop a schema and all its contained objects
Tables
- Create Table
Create new permanent, transient, or temporary table
- Clone Table
Create a copy of an existing table with its data and structure
- List Tables
Retrieve all tables within a schema
- Update Table
Modify table properties like clustering keys or retention period
- Delete Table
Drop a table and its data
Views
- Create View
Create standard, secure, or materialized view
- List Views
Get all views in a schema
- Update View
Modify view definition or properties
- Delete View
Drop a view
Warehouses
- Create Warehouse
Provision a new virtual warehouse with specified size and properties
- List Warehouses
Get all warehouses in the account
- Update Warehouse
Modify warehouse size, auto-suspend, or other properties
- Delete Warehouse
Drop a virtual warehouse
Users
- Create User
Provision a new user account with authentication settings
- List Users
Retrieve all user accounts in the account
- Update User
Modify user properties like email, default role, or MFA settings
- Delete User
Remove a user account from the system
Roles
- Create Role
Define a new role for access control
- List Roles
Get all roles in the account
- Delete Role
Drop a custom role
Stages
- Create Stage
Create internal or external stage for data loading and unloading
- List Stages
Get all stages in a schema
- Update Stage
Modify stage properties like file format or credentials
- Delete Stage
Drop a stage object
Pipes
- Create Pipe
Set up Snowpipe for continuous data ingestion
- List Pipes
Get all pipes in a schema
- Update Pipe
Modify pipe properties or COPY statement
- Delete Pipe
Drop a Snowpipe object
Streams
- Create Stream
Create change data capture stream on table or view
- List Streams
Get all streams in a schema
- Delete Stream
Drop a stream object
Tasks
- Create Task
Define scheduled or DAG-based task for automation
- List Tasks
Get all tasks in a schema
- Update Task
Modify task schedule, definition, or warehouse
- Delete Task
Drop a task object
Functions
- List Functions
Get all user-defined functions in a schema
- Delete Function
Drop a user-defined function
Procedures
- Create Procedure
Define stored procedure in SQL, JavaScript, Python, Java, or Scala
- List Procedures
Get all stored procedures in a schema
- Delete Procedure
Drop a stored procedure
Other (31)
- Create Table As Select
Create a new table populated from a SQL SELECT query
- Get Statement Results
Retrieve results from executed SQL queries
- Get Database Details
Fetch metadata and properties of a specific database
- Get Schema Details
Retrieve metadata for a specific schema
- Get Table Details
Fetch table metadata including columns, constraints, and statistics
- Get View Details
Retrieve view definition and metadata
- Get Warehouse Details
Retrieve warehouse configuration and current status
- Get User Details
Fetch user profile information and settings
- Get Stage Details
Retrieve stage configuration and storage integration details
- Get Pipe Details
Retrieve pipe configuration and status
- Get Stream Details
Retrieve stream metadata and current offset
- Get Task Details
Retrieve task definition, schedule, and status
- Get Function Details
Retrieve function signature and implementation
- Get Procedure Details
Retrieve procedure definition and metadata
- Execute Query
Execute simple SELECT queries that complete within 45 seconds and return results immediately
- Execute SQL Statement
Execute SQL statements with custom formatting and optional async execution for operations exceeding 45 seconds
- Check Statement Status
Retrieve execution status, progress, and results for asynchronously submitted SQL statements
- Cancel Statement Execution
Terminate actively running SQL statements to reclaim compute resources and prevent unwanted operations
- Undrop Database
Restore a previously dropped database within the Time Travel retention period
- Alter Table
Create or replace a table with updated structure and properties
- Undrop Table
Restore a previously dropped table within the Time Travel retention period
- Start Warehouse
Resume a suspended warehouse to begin processing queries
- Suspend Warehouse
Pause a running warehouse to stop consuming credits
- Alter Warehouse
Create or replace a warehouse with updated configuration
- Grant Role To User
Assign a role to a user account
- Revoke Role From User
Remove role assignment from a user
- Grant Privileges To Role
Grant object privileges to a role for access control
- Resume Task
Enable a suspended task to run on schedule
- Suspend Task
Pause a running task to stop scheduled execution
- Execute Task
Manually trigger a task to run immediately
- Call Stored Procedure
Execute a stored procedure with parameters
Set Up Your Snowflake MCP Server in Minutes
One endpoint. Any framework. Your agent is talking to Snowflake in under 10 lines of code.
MCP Clients
Agent Frameworks
JSON{
"mcpServers": {
"stackone": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://api.stackone.com/mcp?x-account-id=<account_id>",
"--header",
"Authorization: Basic <YOUR_BASE64_TOKEN>"
]
}
}
}Snowflake MCP Server Resources
MCP Code Mode: Keeping Tool Responses Out of Agent Context
Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.
11 min
Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery
Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.
10 min
Indirect Prompt Injection Defense for MCP Tools: A Technical Guide
MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.
12 min
Snowflake MCP Server FAQ
Snowflake MCP server vs direct API integration — what's the difference?
A Snowflake MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Snowflake. A Snowflake MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Snowflake at runtime. StackOne provides both.
How does Snowflake authentication work for AI agents?
Snowflake authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Snowflake account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via
origin_owner_id.Are Snowflake MCP tools vulnerable to prompt injection?
Yes — Snowflake MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Snowflake agent and how do I avoid it?
Context bloat happens when Snowflake tool schemas and API responses eat your Snowflake agent's memory, preventing it from reasoning effectively. A single Snowflake query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Snowflake agent can access?
Yes — you can limit which actions your Snowflake agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Snowflake MCP server?
Yes — you can create custom agent actions for your Snowflake MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Snowflake's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Snowflake MCP server?
Skip a Snowflake MCP server if your integration is purely software-to-software — direct Snowflake API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Snowflake actions at runtime.
What AI frameworks and AI clients does the StackOne Snowflake MCP server support?
The StackOne Snowflake MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.
Put your AI agents to work
All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.