Skip to main content
mcpSource-backed

MongoDB MCP Server for Claude

Official MongoDB MCP server that connects Claude and other MCP clients to MongoDB databases and MongoDB Atlas for read-only analysis, schema metadata, aggregation, Atlas project operations, performance advisor data, exports, and MongoDB Assistant knowledge search.

by MongoDB · submitted by oktofeesh1·added 2026-06-04·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://www.mongodb.com/docs/mcp-server/overview/, https://github.com/mongodb-js/mongodb-mcp-server
Safety notes
MongoDB's README uses `--readOnly` in examples by default. Keep read-only mode enabled for analysis so create, update, and delete operation types are not registered with the server., Without read-only mode, the server can create collections and indexes, insert documents, update many documents, delete many documents, drop indexes, drop collections, drop databases, create Atlas projects and clusters, manage access lists, create database users, and manage stream processing resources., Use `disabledTools` to remove tool names, operation types, or categories such as `create`, `update`, `delete`, `atlas`, or `mongodb` when a client should only perform a narrow workflow., Confirmation-required tools depend on MCP client elicitation support. If a client does not support elicitation, review whether the server still executes those tools without a confirmation prompt., Use `indexCheck` and bounded query limits when letting an agent run find or aggregation operations against shared, large, or production-like datasets., HTTP transport is not recommended for production without authentication, HTTPS, firewalls or private networking, rate limiting, and a review of request headers, externally managed sessions, host binding, and port exposure., Atlas service account credentials should use the minimum required project-level roles. Avoid Organization Owner unless full organization administration is explicitly required., Connection strings and Atlas API credentials should be passed through environment variables or protected config files rather than command-line arguments, which can appear in process lists and logs.
Privacy notes
Tool results can expose database names, collection names, index metadata, schemas, document samples, aggregation results, exports, logs, Atlas organization and project metadata, cluster names, alerts, users, access lists, slow query samples, and performance advisor recommendations., Connection strings can include usernames, passwords, hosts, database names, auth sources, TLS options, and replica set details; keep them out of prompts, screenshots, shell history, command-line arguments, and shared MCP config files., Atlas API client IDs and client secrets grant Atlas access according to service account roles and should be short-lived, scoped, rotated, and kept out of logs and transcripts., Exported data is stored temporarily on the machine running the MCP server until cleanup, and export directories require restrictive filesystem permissions because exported documents may contain sensitive data., The default logger configuration can write logs to disk and send logs to the MCP client, so log paths, terminal output, AI transcripts, and client logs should be treated as sensitive., Telemetry is enabled by default according to the README and can be disabled with `MDB_MCP_TELEMETRY=disabled`, `--telemetry disabled`, or `DO_NOT_TRACK=1`.
Author
MongoDB
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

15 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Have accounts and credentials ready first. Includes a review or approval gate.

0/6 ready
Account & credentials2Install & runtime1Network & hosting2Review & approval115 minutes

Safety & privacy surface

Safety & privacy surface

8 safety and 6 privacy notes across 7 risk areas. Review closely: credentials & tokens, permissions & scopes.

7 areas
  • SafetyGeneralMongoDB's README uses `--readOnly` in examples by default. Keep read-only mode enabled for analysis so create, update, and delete operation types are not registered with the server.
  • SafetyExecution & processesWithout read-only mode, the server can create collections and indexes, insert documents, update many documents, delete many documents, drop indexes, drop collections, drop databases, create Atlas projects and clusters, manage access lists, create database users, and manage stream processing resources.
  • SafetyGeneralUse `disabledTools` to remove tool names, operation types, or categories such as `create`, `update`, `delete`, `atlas`, or `mongodb` when a client should only perform a narrow workflow.
  • SafetyExecution & processesConfirmation-required tools depend on MCP client elicitation support. If a client does not support elicitation, review whether the server still executes those tools without a confirmation prompt.
  • SafetyExecution & processesUse `indexCheck` and bounded query limits when letting an agent run find or aggregation operations against shared, large, or production-like datasets.
  • SafetyCredentials & tokensHTTP transport is not recommended for production without authentication, HTTPS, firewalls or private networking, rate limiting, and a review of request headers, externally managed sessions, host binding, and port exposure.
  • SafetyCredentials & tokensAtlas service account credentials should use the minimum required project-level roles. Avoid Organization Owner unless full organization administration is explicitly required.
  • SafetyCredentials & tokensConnection strings and Atlas API credentials should be passed through environment variables or protected config files rather than command-line arguments, which can appear in process lists and logs.
  • PrivacyData retentionTool results can expose database names, collection names, index metadata, schemas, document samples, aggregation results, exports, logs, Atlas organization and project metadata, cluster names, alerts, users, access lists, slow query samples, and performance advisor recommendations.
  • PrivacyCredentials & tokensConnection strings can include usernames, passwords, hosts, database names, auth sources, TLS options, and replica set details; keep them out of prompts, screenshots, shell history, command-line arguments, and shared MCP config files.
  • PrivacyCredentials & tokensAtlas API client IDs and client secrets grant Atlas access according to service account roles and should be short-lived, scoped, rotated, and kept out of logs and transcripts.
  • PrivacyPermissions & scopesExported data is stored temporarily on the machine running the MCP server until cleanup, and export directories require restrictive filesystem permissions because exported documents may contain sensitive data.
  • PrivacyLocal filesThe default logger configuration can write logs to disk and send logs to the MCP client, so log paths, terminal output, AI transcripts, and client logs should be treated as sensitive.
  • PrivacyTelemetryTelemetry is enabled by default according to the README and can be disabled with `MDB_MCP_TELEMETRY=disabled`, `--telemetry disabled`, or `DO_NOT_TRACK=1`.

Safety notes

  • MongoDB's README uses `--readOnly` in examples by default. Keep read-only mode enabled for analysis so create, update, and delete operation types are not registered with the server.
  • Without read-only mode, the server can create collections and indexes, insert documents, update many documents, delete many documents, drop indexes, drop collections, drop databases, create Atlas projects and clusters, manage access lists, create database users, and manage stream processing resources.
  • Use `disabledTools` to remove tool names, operation types, or categories such as `create`, `update`, `delete`, `atlas`, or `mongodb` when a client should only perform a narrow workflow.
  • Confirmation-required tools depend on MCP client elicitation support. If a client does not support elicitation, review whether the server still executes those tools without a confirmation prompt.
  • Use `indexCheck` and bounded query limits when letting an agent run find or aggregation operations against shared, large, or production-like datasets.
  • HTTP transport is not recommended for production without authentication, HTTPS, firewalls or private networking, rate limiting, and a review of request headers, externally managed sessions, host binding, and port exposure.
  • Atlas service account credentials should use the minimum required project-level roles. Avoid Organization Owner unless full organization administration is explicitly required.
  • Connection strings and Atlas API credentials should be passed through environment variables or protected config files rather than command-line arguments, which can appear in process lists and logs.

Privacy notes

  • Tool results can expose database names, collection names, index metadata, schemas, document samples, aggregation results, exports, logs, Atlas organization and project metadata, cluster names, alerts, users, access lists, slow query samples, and performance advisor recommendations.
  • Connection strings can include usernames, passwords, hosts, database names, auth sources, TLS options, and replica set details; keep them out of prompts, screenshots, shell history, command-line arguments, and shared MCP config files.
  • Atlas API client IDs and client secrets grant Atlas access according to service account roles and should be short-lived, scoped, rotated, and kept out of logs and transcripts.
  • Exported data is stored temporarily on the machine running the MCP server until cleanup, and export directories require restrictive filesystem permissions because exported documents may contain sensitive data.
  • The default logger configuration can write logs to disk and send logs to the MCP client, so log paths, terminal output, AI transcripts, and client logs should be treated as sensitive.
  • Telemetry is enabled by default according to the README and can be disabled with `MDB_MCP_TELEMETRY=disabled`, `--telemetry disabled`, or `DO_NOT_TRACK=1`.

Prerequisites

  • Node.js 20.19 or later, Node.js 22.12 or later, or a supported newer Node.js version for running the npm package.
  • MongoDB connection string for a local, self-hosted, or Atlas cluster, or MongoDB Atlas service account credentials for Atlas tools.
  • MCP client configuration for Claude Desktop, Claude Code, Cursor, VS Code, GitHub Copilot CLI, OpenCode, Windsurf, or another compatible client.
  • Least-privilege Atlas service account roles and API access-list configuration when enabling Atlas operations.
  • Decision on read-only mode, disabled tool categories, confirmation-required tools, index-check enforcement, maximum documents or bytes per query, export location, logging, and telemetry.
  • Review process for any write-capable database, collection, index, Atlas cluster, database user, access-list, stream processing, or Atlas Local operation.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Runtime and command metadata
Script body
## Content

MongoDB MCP Server connects Claude and other MCP-capable clients to MongoDB
databases and MongoDB Atlas through a local stdio server, Docker container, or
HTTP transport. It gives an assistant tools for database inspection, find and
aggregation queries, schema and index metadata, Atlas project and cluster
operations, performance advisor data, exports, Atlas Local deployments, and
MongoDB Assistant knowledge search.

The safest default is to run it with `--readOnly`, pass credentials through
environment variables, and disable tool categories that are not needed for the
current task. MongoDB's own examples include read-only mode by default, and the
server exposes additional guardrails for disabled tools, confirmation-required
tools, index checking, query limits, export cleanup, logging, and telemetry.

## Features

- Local stdio MCP server through `npx -y mongodb-mcp-server@latest`.
- Docker-based setup with the official `mongodb/mongodb-mcp-server` image.
- Optional Streamable HTTP transport with configurable host, port, request
  headers, response type, session handling, and monitoring endpoints.
- Connection through MongoDB connection strings or MongoDB Atlas service account
  credentials.
- Read-only mode that restricts the server to read, connect, and metadata
  operation types.
- Disabled tool configuration by tool name, operation type, or category.
- Confirmation-required tool configuration for destructive or sensitive tools
  when the MCP client supports elicitation.
- MongoDB database tools for finding documents, running aggregations, listing
  databases and collections, inspecting schema and indexes, explaining queries,
  exporting results, and reading logs.
- Atlas tools for organizations, projects, clusters, database users, access
  lists, alerts, performance advisor recommendations, Atlas Stream Processing,
  and Atlas Local deployments.
- MongoDB Assistant tools for searching official documentation and curated
  MongoDB guidance.
- Resources for redacted configuration, MongoDB debug information, and exported
  data.

## Use Cases

- Ask Claude to list MongoDB databases and collections before touching
  application data.
- Inspect collection schemas, indexes, and storage size while planning a model
  or API change.
- Run bounded read-only find or aggregation queries against development or
  staging data.
- Use Atlas Performance Advisor and slow query samples to investigate query
  performance.
- Search MongoDB Assistant knowledge while implementing a driver, Atlas, or
  schema-design workflow.
- Export query results for short-lived local analysis with explicit cleanup and
  access controls.
- Manage Atlas projects, clusters, access lists, database users, or stream
  processing resources only after narrowing roles and requiring human approval.

## Installation

### Read-only stdio setup

Pass the MongoDB connection string through an environment variable and keep
read-only mode enabled:

```json
{
  "mcpServers": {
    "MongoDB": {
      "command": "npx",
      "args": ["-y", "mongodb-mcp-server@latest", "--readOnly"],
      "env": {
        "MDB_MCP_CONNECTION_STRING": "mongodb://localhost:27017/myDatabase"
      }
    }
  }
}
```

### Read-only Atlas setup

Use Atlas service account credentials when Atlas tools are required:

```json
{
  "mcpServers": {
    "MongoDB": {
      "command": "npx",
      "args": ["-y", "mongodb-mcp-server@latest", "--readOnly"],
      "env": {
        "MDB_MCP_API_CLIENT_ID": "ATLAS_SERVICE_ACCOUNT_CLIENT_ID",
        "MDB_MCP_API_CLIENT_SECRET": "ATLAS_SERVICE_ACCOUNT_CLIENT_SECRET"
      }
    }
  }
}
```

### Docker setup

Run the official Docker image with read-only mode and credentials supplied as
environment variables:

```json
{
  "mcpServers": {
    "MongoDB": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "MDB_MCP_CONNECTION_STRING",
        "-e",
        "MDB_MCP_READ_ONLY=true",
        "mongodb/mongodb-mcp-server:latest"
      ],
      "env": {
        "MDB_MCP_CONNECTION_STRING": "mongodb://localhost:27017/myDatabase"
      }
    }
  }
}
```

## Configuration

### Disable writes and expensive query patterns

```bash
export MDB_MCP_READ_ONLY=true
export MDB_MCP_DISABLED_TOOLS="create,update,delete"
export MDB_MCP_INDEX_CHECK=true
export MDB_MCP_MAX_DOCUMENTS_PER_QUERY=100
export MDB_MCP_TELEMETRY=disabled
```

### Protect logs and exports

```bash
export MDB_MCP_LOGGERS="mcp,stderr"
export MDB_MCP_EXPORTS_PATH="/path/to/restricted/mongodb-mcp-exports"
```

## Examples

### Inspect collections safely

```plaintext
Using MongoDB MCP in read-only mode, list databases and collections, then summarize likely application data boundaries without modifying anything.
```

### Review schema and indexes

```plaintext
Describe the schema and indexes for the orders collection, then identify queries that may need a supporting index.
```

### Run a bounded aggregation

```plaintext
Run a read-only aggregation that counts orders by status and returns only aggregate totals, not raw customer documents.
```

### Check Atlas performance recommendations

```plaintext
Use Atlas Performance Advisor for the selected project and summarize suggested indexes and slow query samples without creating resources.
```

### Search MongoDB guidance

```plaintext
Search MongoDB Assistant knowledge for schema design guidance related to time-series data and summarize the official recommendations.
```

## Source notes

- The official repository describes MongoDB MCP Server as a Model Context
  Protocol server for interacting with MongoDB databases and MongoDB Atlas.
- The README says the server will not start unless configured with either a
  MongoDB connection string or Atlas API credentials.
- The README lists Node.js requirements and documents setup for MCP clients,
  `npx`, Docker, HTTP transport, Copilot CLI, and OpenCode.
- The README states that examples include `--readOnly` by default and says to
  remove it only when write operations are needed.
- The README recommends environment variables for sensitive configuration such
  as connection strings and Atlas API credentials instead of command-line
  arguments because command-line arguments can appear in process lists and
  logs.
- The README lists MongoDB database tools such as `find`, `aggregate`,
  `collection-schema`, `collection-indexes`, `explain`, `export`, `insert-many`,
  `update-many`, `delete-many`, `drop-collection`, and `drop-database`.
- The README lists Atlas tools for organizations, projects, clusters, alerts,
  access lists, database users, performance advisor, stream processing, and
  Atlas Local deployments.
- The README documents `MDB_MCP_READ_ONLY` and `--readOnly`, saying read-only
  mode allows only read, connect, and metadata operation types.
- The README documents `disabledTools`, operation-type categories, default
  confirmation-required tools, `indexCheck`, max document and byte limits,
  export cleanup, loggers, and telemetry opt-out.
- The README warns that HTTP transport is not recommended for production use
  without authentication, HTTPS or TLS, private networking or firewalls, rate
  limiting, and not exposing it directly to the internet.
- The README's Atlas API permissions section recommends least-privilege service
  account roles and warns that Organization Owner is rarely necessary.
- The repository is `mongodb-js/mongodb-mcp-server`, is Apache-2.0 licensed,
  active, and maintained by MongoDB.

## Duplicate check

Checked current `content/mcp/`, `content/tools/`, guides, skills, agents, hooks,
open pull requests, live issue state, and repository-wide content for `MongoDB
MCP`, `mongodb-js/mongodb-mcp-server`, `mongodb-mcp-server`,
`www.mongodb.com/docs/mcp-server`, `MDB_MCP_CONNECTION_STRING`,
`MDB_MCP_READ_ONLY`, `Atlas service account`, `MongoDB Atlas MCP`, and
`MongoDB Assistant`. No dedicated MongoDB MCP entry, target file, exact source
URL duplicate, issue duplicate, semantic duplicate, or open duplicate PR was
found.

## Disclosure

Editorial listing. No paid placement or affiliate link is used. MongoDB MCP
Server is Apache-2.0 open-source software maintained by MongoDB; MongoDB Atlas,
MongoDB databases, cloud providers, Docker, MCP clients, API credentials,
telemetry, logs, exports, and downstream storage or analysis systems may have
separate licenses, billing, terms, privacy obligations, and access controls.
Collection metadata
Estimated setup
15 minutes
Difficulty
intermediate
Full copyable content
{
  "mcpServers": {
    "MongoDB": {
      "command": "npx",
      "args": ["-y", "mongodb-mcp-server@latest", "--readOnly"],
      "env": {
        "MDB_MCP_CONNECTION_STRING": "mongodb://localhost:27017/myDatabase"
      }
    }
  }
}

About this resource

Content

MongoDB MCP Server connects Claude and other MCP-capable clients to MongoDB databases and MongoDB Atlas through a local stdio server, Docker container, or HTTP transport. It gives an assistant tools for database inspection, find and aggregation queries, schema and index metadata, Atlas project and cluster operations, performance advisor data, exports, Atlas Local deployments, and MongoDB Assistant knowledge search.

The safest default is to run it with --readOnly, pass credentials through environment variables, and disable tool categories that are not needed for the current task. MongoDB's own examples include read-only mode by default, and the server exposes additional guardrails for disabled tools, confirmation-required tools, index checking, query limits, export cleanup, logging, and telemetry.

Features

  • Local stdio MCP server through npx -y mongodb-mcp-server@latest.
  • Docker-based setup with the official mongodb/mongodb-mcp-server image.
  • Optional Streamable HTTP transport with configurable host, port, request headers, response type, session handling, and monitoring endpoints.
  • Connection through MongoDB connection strings or MongoDB Atlas service account credentials.
  • Read-only mode that restricts the server to read, connect, and metadata operation types.
  • Disabled tool configuration by tool name, operation type, or category.
  • Confirmation-required tool configuration for destructive or sensitive tools when the MCP client supports elicitation.
  • MongoDB database tools for finding documents, running aggregations, listing databases and collections, inspecting schema and indexes, explaining queries, exporting results, and reading logs.
  • Atlas tools for organizations, projects, clusters, database users, access lists, alerts, performance advisor recommendations, Atlas Stream Processing, and Atlas Local deployments.
  • MongoDB Assistant tools for searching official documentation and curated MongoDB guidance.
  • Resources for redacted configuration, MongoDB debug information, and exported data.

Use Cases

  • Ask Claude to list MongoDB databases and collections before touching application data.
  • Inspect collection schemas, indexes, and storage size while planning a model or API change.
  • Run bounded read-only find or aggregation queries against development or staging data.
  • Use Atlas Performance Advisor and slow query samples to investigate query performance.
  • Search MongoDB Assistant knowledge while implementing a driver, Atlas, or schema-design workflow.
  • Export query results for short-lived local analysis with explicit cleanup and access controls.
  • Manage Atlas projects, clusters, access lists, database users, or stream processing resources only after narrowing roles and requiring human approval.

Installation

Read-only stdio setup

Pass the MongoDB connection string through an environment variable and keep read-only mode enabled:

{
  "mcpServers": {
    "MongoDB": {
      "command": "npx",
      "args": ["-y", "mongodb-mcp-server@latest", "--readOnly"],
      "env": {
        "MDB_MCP_CONNECTION_STRING": "mongodb://localhost:27017/myDatabase"
      }
    }
  }
}

Read-only Atlas setup

Use Atlas service account credentials when Atlas tools are required:

{
  "mcpServers": {
    "MongoDB": {
      "command": "npx",
      "args": ["-y", "mongodb-mcp-server@latest", "--readOnly"],
      "env": {
        "MDB_MCP_API_CLIENT_ID": "ATLAS_SERVICE_ACCOUNT_CLIENT_ID",
        "MDB_MCP_API_CLIENT_SECRET": "ATLAS_SERVICE_ACCOUNT_CLIENT_SECRET"
      }
    }
  }
}

Docker setup

Run the official Docker image with read-only mode and credentials supplied as environment variables:

{
  "mcpServers": {
    "MongoDB": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "MDB_MCP_CONNECTION_STRING",
        "-e",
        "MDB_MCP_READ_ONLY=true",
        "mongodb/mongodb-mcp-server:latest"
      ],
      "env": {
        "MDB_MCP_CONNECTION_STRING": "mongodb://localhost:27017/myDatabase"
      }
    }
  }
}

Configuration

Disable writes and expensive query patterns

export MDB_MCP_READ_ONLY=true
export MDB_MCP_DISABLED_TOOLS="create,update,delete"
export MDB_MCP_INDEX_CHECK=true
export MDB_MCP_MAX_DOCUMENTS_PER_QUERY=100
export MDB_MCP_TELEMETRY=disabled

Protect logs and exports

export MDB_MCP_LOGGERS="mcp,stderr"
export MDB_MCP_EXPORTS_PATH="/path/to/restricted/mongodb-mcp-exports"

Examples

Inspect collections safely

Using MongoDB MCP in read-only mode, list databases and collections, then summarize likely application data boundaries without modifying anything.

Review schema and indexes

Describe the schema and indexes for the orders collection, then identify queries that may need a supporting index.

Run a bounded aggregation

Run a read-only aggregation that counts orders by status and returns only aggregate totals, not raw customer documents.

Check Atlas performance recommendations

Use Atlas Performance Advisor for the selected project and summarize suggested indexes and slow query samples without creating resources.

Search MongoDB guidance

Search MongoDB Assistant knowledge for schema design guidance related to time-series data and summarize the official recommendations.

Source notes

  • The official repository describes MongoDB MCP Server as a Model Context Protocol server for interacting with MongoDB databases and MongoDB Atlas.
  • The README says the server will not start unless configured with either a MongoDB connection string or Atlas API credentials.
  • The README lists Node.js requirements and documents setup for MCP clients, npx, Docker, HTTP transport, Copilot CLI, and OpenCode.
  • The README states that examples include --readOnly by default and says to remove it only when write operations are needed.
  • The README recommends environment variables for sensitive configuration such as connection strings and Atlas API credentials instead of command-line arguments because command-line arguments can appear in process lists and logs.
  • The README lists MongoDB database tools such as find, aggregate, collection-schema, collection-indexes, explain, export, insert-many, update-many, delete-many, drop-collection, and drop-database.
  • The README lists Atlas tools for organizations, projects, clusters, alerts, access lists, database users, performance advisor, stream processing, and Atlas Local deployments.
  • The README documents MDB_MCP_READ_ONLY and --readOnly, saying read-only mode allows only read, connect, and metadata operation types.
  • The README documents disabledTools, operation-type categories, default confirmation-required tools, indexCheck, max document and byte limits, export cleanup, loggers, and telemetry opt-out.
  • The README warns that HTTP transport is not recommended for production use without authentication, HTTPS or TLS, private networking or firewalls, rate limiting, and not exposing it directly to the internet.
  • The README's Atlas API permissions section recommends least-privilege service account roles and warns that Organization Owner is rarely necessary.
  • The repository is mongodb-js/mongodb-mcp-server, is Apache-2.0 licensed, active, and maintained by MongoDB.

Duplicate check

Checked current content/mcp/, content/tools/, guides, skills, agents, hooks, open pull requests, live issue state, and repository-wide content for MongoDB MCP, mongodb-js/mongodb-mcp-server, mongodb-mcp-server, www.mongodb.com/docs/mcp-server, MDB_MCP_CONNECTION_STRING, MDB_MCP_READ_ONLY, Atlas service account, MongoDB Atlas MCP, and MongoDB Assistant. No dedicated MongoDB MCP entry, target file, exact source URL duplicate, issue duplicate, semantic duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used. MongoDB MCP Server is Apache-2.0 open-source software maintained by MongoDB; MongoDB Atlas, MongoDB databases, cloud providers, Docker, MCP clients, API credentials, telemetry, logs, exports, and downstream storage or analysis systems may have separate licenses, billing, terms, privacy obligations, and access controls.

Source citations

Add this badge to your README

Show that MongoDB MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/mongodb-mcp-server.svg)](https://heyclau.de/entry/mcp/mongodb-mcp-server)

How it compares

MongoDB MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Official MongoDB MCP server that connects Claude and other MCP clients to MongoDB databases and MongoDB Atlas for read-only analysis, schema metadata, aggregation, Atlas project operations, performance advisor data, exports, and MongoDB Assistant knowledge search.

Open dossier

Connect Claude to your Elasticsearch cluster — search indices, inspect mappings, run ES|QL, and check shard health — with Elastic's official Model Context Protocol server.

Open dossier

Open source MCP server and tool framework from Google for connecting AI agents, IDEs, and applications to databases through prebuilt or custom database tools.

Open dossier

Official Neon MCP server that connects Claude and other MCP clients to Neon Postgres projects, branches, schemas, SQL queries, migrations, performance tuning, Neon Auth, Data API setup, and Neon documentation through a hosted Streamable HTTP endpoint.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandMCP Toolbox for Databases logoMCP Toolbox for Databases
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorMongoDBElasticGoogleNeon
Added2026-06-042026-06-172026-06-052026-06-04
Platforms
Harness
Source repo
Safety notesMongoDB's README uses `--readOnly` in examples by default. Keep read-only mode enabled for analysis so create, update, and delete operation types are not registered with the server. Without read-only mode, the server can create collections and indexes, insert documents, update many documents, delete many documents, drop indexes, drop collections, drop databases, create Atlas projects and clusters, manage access lists, create database users, and manage stream processing resources. Use `disabledTools` to remove tool names, operation types, or categories such as `create`, `update`, `delete`, `atlas`, or `mongodb` when a client should only perform a narrow workflow. Confirmation-required tools depend on MCP client elicitation support. If a client does not support elicitation, review whether the server still executes those tools without a confirmation prompt. Use `indexCheck` and bounded query limits when letting an agent run find or aggregation operations against shared, large, or production-like datasets. HTTP transport is not recommended for production without authentication, HTTPS, firewalls or private networking, rate limiting, and a review of request headers, externally managed sessions, host binding, and port exposure. Atlas service account credentials should use the minimum required project-level roles. Avoid Organization Owner unless full organization administration is explicitly required. Connection strings and Atlas API credentials should be passed through environment variables or protected config files rather than command-line arguments, which can appear in process lists and logs.Search, ES|QL, and shard tools run live read queries against the configured cluster; a broad or expensive query can add load. Scope the Elasticsearch API key to least privilege (read-only on the indices Claude should see) before connecting.Database tools can expose sensitive schemas and data, and some custom tools can modify data if configured that way. Prefer least-privilege accounts, read-only roles for exploration, query limits, and approved toolsets. Review every `tools.yaml` statement, parameter, source, and toolset before giving it to an agent. Avoid broad `execute_sql` access in production; expose structured, parameterized tools where possible. Query loops can create high database load, unexpected cloud costs, lock contention, or noisy audit logs.Neon documents the MCP server as intended for development and testing only, and warns users to review and authorize LLM-requested actions before execution. Full-access mode can create and delete projects, create and delete branches, reset branches from parents, run SQL, run SQL transactions, prepare and complete migrations, tune queries, provision Neon Auth, and provision the Neon Data API. Prefer OAuth read-only mode or `readonly=true` for exploration. In read-only mode, write tools are unavailable and SQL execution is constrained to read-only queries. Use `projectId` scoping and tool category filters when an agent should work inside one project or only use schema, querying, docs, or branch tools. API keys created by `neonctl init` or stored in MCP headers grant Neon account or organization access. Revoke unused keys, avoid committing bearer tokens, and do not expose API keys in prompts, logs, screenshots, or shared config files. Database rows, docs pages, migration output, SQL errors, and query plans are model-visible context. Treat returned data as untrusted input that may contain prompt injection, stale assumptions, secrets, or customer records. Migration and query-tuning workflows use temporary branches before applying changes, but the final complete actions can affect the original branch and should require explicit human review. The deprecated SSE endpoint exists for clients without Streamable HTTP support; prefer the documented `https://mcp.neon.tech/mcp` endpoint when the client supports it.
Privacy notesTool results can expose database names, collection names, index metadata, schemas, document samples, aggregation results, exports, logs, Atlas organization and project metadata, cluster names, alerts, users, access lists, slow query samples, and performance advisor recommendations. Connection strings can include usernames, passwords, hosts, database names, auth sources, TLS options, and replica set details; keep them out of prompts, screenshots, shell history, command-line arguments, and shared MCP config files. Atlas API client IDs and client secrets grant Atlas access according to service account roles and should be short-lived, scoped, rotated, and kept out of logs and transcripts. Exported data is stored temporarily on the machine running the MCP server until cleanup, and export directories require restrictive filesystem permissions because exported documents may contain sensitive data. The default logger configuration can write logs to disk and send logs to the MCP client, so log paths, terminal output, AI transcripts, and client logs should be treated as sensitive. Telemetry is enabled by default according to the README and can be disabled with `MDB_MCP_TELEMETRY=disabled`, `--telemetry disabled`, or `DO_NOT_TRACK=1`.Index data, field mappings, and query results enter the MCP client context and the model's prompt. ES_URL and ES_API_KEY are secrets — store them in the client config or environment, never in shared repositories.Schema names, table names, query text, query results, connection metadata, and business data may pass through the MCP server and AI client. Database passwords, IAM credentials, service account keys, and connection strings are secrets and should never be committed or pasted into prompts. Logs, traces, and metrics can include tool names, query metadata, error messages, and database identifiers.Tool results can expose Neon organization IDs, project IDs, branch IDs, compute endpoints, database names, table names, schemas, SQL text, query results, query plans, slow query details, connection strings, documentation content, and Neon Console links. OAuth authorization can disclose the Neon account identity and grants the connected MCP client access according to the approved scopes and URL parameters. API-key setup stores bearer credentials in MCP client configuration or process arguments when configured that way; protect local config files, shell history, CI variables, and agent transcripts. Generated migrations, SQL errors, query tuning suggestions, logs, client debug output, and AI chat transcripts can retain database schema and sample data outside Neon. ChatGPT connectors, hosted IDEs, remote agents, MCP proxies, and other clients may have separate logging, retention, connector trust, and data-use policies from Neon. Connection string tools may return credentials or connection details for a Neon database. Avoid exposing those values to untrusted clients or shared conversations.
Prerequisites
  • Node.js 20.19 or later, Node.js 22.12 or later, or a supported newer Node.js version for running the npm package.
  • MongoDB connection string for a local, self-hosted, or Atlas cluster, or MongoDB Atlas service account credentials for Atlas tools.
  • MCP client configuration for Claude Desktop, Claude Code, Cursor, VS Code, GitHub Copilot CLI, OpenCode, Windsurf, or another compatible client.
  • Least-privilege Atlas service account roles and API access-list configuration when enabling Atlas operations.
  • Docker installed (the server is distributed as the docker.elastic.co/mcp/elasticsearch image).
  • An Elasticsearch cluster URL (ES_URL) you can reach.
  • An Elasticsearch API key (ES_API_KEY) or username/password (ES_USERNAME + ES_PASSWORD).
  • An MCP client such as Claude Code or Claude Desktop.
  • Node.js and npx for the npm server path, or another documented Toolbox runtime.
  • Database credentials scoped to the exact database, schema, and permissions needed.
  • Environment variables or secret storage for database connection settings.
  • A reviewed prebuilt database target or `tools.yaml` file before exposing tools to an agent.
  • Neon account with access to the projects, branches, databases, organizations, or shared projects Claude should inspect or manage.
  • MCP-capable client that supports remote Streamable HTTP MCP servers, OAuth, `mcp-remote`, or Neon-supported configuration through `add-mcp`.
  • Authentication plan using Neon OAuth for local clients, an API key for remote or headless agents, or `neonctl init` when intentionally creating a local API key and editor configuration.
  • Access-control plan for OAuth scopes, `readonly=true`, project scoping with `projectId`, tool categories, organization access, and API key ownership.
Install
npx -y mongodb-mcp-server@latest --readOnly
claude mcp add elasticsearch -- docker run -i --rm -e ES_URL=<your-cluster-url> -e ES_API_KEY=<your-api-key> docker.elastic.co/mcp/elasticsearch stdio
claude mcp add toolbox-postgres -- npx -y @toolbox-sdk/server --prebuilt=postgres --stdio
npx add-mcp https://mcp.neon.tech/mcp
Config
{
  "mcpServers": {
    "MongoDB": {
      "command": "npx",
      "args": ["-y", "mongodb-mcp-server@latest", "--readOnly", "--indexCheck"],
      "env": {
        "MDB_MCP_CONNECTION_STRING": "mongodb://localhost:27017/myDatabase",
        "MDB_MCP_TELEMETRY": "disabled"
      }
    }
  }
}
{
  "mcpServers": {
    "elasticsearch-mcp-server": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-e", "ES_URL", "-e", "ES_API_KEY",
        "docker.elastic.co/mcp/elasticsearch", "stdio"
      ],
      "env": {
        "ES_URL": "<elasticsearch-cluster-url>",
        "ES_API_KEY": "<elasticsearch-api-key>"
      }
    }
  }
}
{
  "mcpServers": {
    "toolbox-postgres": {
      "command": "npx",
      "args": ["-y", "@toolbox-sdk/server", "--prebuilt=postgres", "--stdio"]
    }
  }
}
{
  "mcpServers": {
    "neon": {
      "type": "http",
      "url": "https://mcp.neon.tech/mcp?readonly=true&projectId=PROJECT_ID"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.