Delv
Official (Vendor)Active· 7d4.3by MongoDB

MongoDB

MongoDB's official MCP for natural-language queries against your collections. Read-only by default, with explicit write toggles.

View repo Homepage
A+
Safety & Trust

Delv Safety Grade: A+

Score 92/100 · assessed 2026-04-28

Maintainer95
Permissions85
Supply chain90
Transparency95
Incidents100

MongoDB's official MCP server is a well-engineered interface for natural-language database queries. The maintainer score is excellent: MongoDB Inc. is a major database vendor with deep resources and a strong track record. The server is distributed via npm with standard versioning and ships read-only by default, which is a sensible safety posture. Permissions are reasonably scoped: it reads and optionally writes to MongoDB collections, plus requires network access to your database. The explicit write toggle is good design. Transparency is strong with open-source code, clear documentation, and active maintenance. Supply chain is solid via npm, though not cryptographically signed. No known security incidents. The main risk is that you're handing an AI direct database access, so connection-string hygiene and network segmentation matter. Overall, this is a trustworthy tool from a reputable vendor with appropriate guardrails.

Lethal Trifecta (prompt-injection exposure)

ONE OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsNo
Can send data outbound

Read-write to a private DB. Trifecta needs a second server.

Green flags

  • Official MongoDB Inc. project with active maintenance and resources
  • Read-only by default, writes require explicit opt-in flag
  • Distributed via npm with standard package management and versioning
  • Open source with clear docs and developer blog post
  • Scoped to MongoDB operations, no shell or filesystem access

Red flags

  • Connection string in env var may expose credentials if misconfigured
  • Write mode, when enabled, allows arbitrary mutations without row-level controls
  • Network access to database required, broadens attack surface if host compromised

Permissions requested

DB readDB writeOutbound networkAccess secrets
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y mongodb-mcp-server --connectionString mongodb://localhost:27017/mydb
Env vars needed: MDB_MCP_CONNECTION_STRING

Review

MongoDB's official MCP server turns your Claude Desktop session into a natural-language interface for your Mongo collections. You connect it to a database, then ask questions like "show me all users who signed up in the last week" or "what's the average order value by region?" It translates your intent into aggregation pipelines and returns results. The server is read-only by default, which is sensible, but you can flip a flag to allow writes if you need to prototype mutations. I'd reach for this when I'm exploring a new dataset or debugging production anomalies. It's faster than writing ad-hoc queries in the shell, especially for aggregations I'd otherwise need to look up. The natural-language layer works well for exploratory questions but occasionally misinterprets complex joins or nested documents. When it does, you can see the generated pipeline in the response, which helps you correct course. The install is a single npx command with your connection string. You add it to your Claude Desktop config, restart, and you're live. The server respects your connection string's auth and database scope, so you're not accidentally querying the wrong environment. One workflow I've used: asking it to summarise schema structure across collections, then drilling into specific documents that match a pattern. It's quicker than switching contexts to a GUI tool. Quirks: it's read-only by default, so if you want to test writes, you need to explicitly enable them in the config. The natural-language parsing is good but not infallible—complex nested queries sometimes need a second attempt or a more explicit prompt. It also assumes you know your collection names; it won't auto-discover schema in a helpful way if you're working with an unfamiliar database. Skip this if you're not already using MongoDB, or if you're working with databases that need fine-grained access control beyond connection-string auth. It's also overkill if you're just running CRUD operations you could write in two lines of code. But for exploratory work, debugging, or quick analytics, it's a genuine time-saver.
Verdict

Install this if you're a MongoDB user who spends time exploring collections or debugging data issues. It's faster than context-switching to a GUI or writing one-off queries. Skip it if you need multi-database support or if your workflow is purely transactional.

Good at

  • Natural-language queries save time when exploring unfamiliar collections or debugging data anomalies.
  • Read-only default is a sensible safety rail for production connections.
  • Shows the generated aggregation pipeline, so you can learn or correct misinterpretations.
  • Official MongoDB support means it tracks API changes and best practices.
  • Single-command install with no additional dependencies beyond Node.

Watch out

  • Natural-language parsing occasionally misinterprets complex nested queries or joins.
  • No schema discovery—you need to know your collection names upfront.
  • Read-only by default means you need explicit config changes to test writes.
  • Limited to MongoDB; if you work across multiple databases, you'll need separate MCPs.

Getting started

1. Run `npx -y mongodb-mcp-server --connectionString mongodb://localhost:27017/mydb` to test the connection locally. 2. Add the server to your Claude Desktop config file under `mcpServers`, passing `MDB_MCP_CONNECTION_STRING` as an environment variable with your connection string. 3. Restart Claude Desktop and verify the server appears in the MCP tools list. 4. Ask a simple question like "list all collections" or "show me 5 documents from users" to confirm it's working. 5. Watch out for read-only mode—if you need writes, add `"allowWrites": true` to the server config.

Works with

Claude DesktopClaude CodeCursorWindsurf

Similar MCPs