CommunityAbandoned· 1.2y★ 4.3by James Furey

MongoDB Lens

Full-featured MongoDB MCP with natural language query support, aggregation pipelines, and inspection helpers.

View repo

Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer45

Permissions55

Supply chain70

Transparency65

Incidents100

MongoDB Lens is a solo-maintained community MCP server that provides natural language querying for MongoDB databases. The package is distributed via npm with a straightforward install, which is positive for supply chain integrity. However, it requires full database credentials via MONGODB_URI, granting complete read and write access to your MongoDB instance. The solo maintainer (James Furey) appears active but represents a single point of failure. The natural language query translation feature is powerful but inherently risky - it could misinterpret instructions and execute unintended writes or deletions. The aggregation pipeline support adds complexity that increases the attack surface. No security incidents are known, but the combination of broad database permissions and AI-driven query generation warrants careful consideration. Best suited for development environments rather than production databases.

Lethal Trifecta (prompt-injection exposure)

ONE OF THREE

Private dataYes

Reads secrets, credentials, private files

Untrusted inputNo

Ingests web pages, PRs, issues, emails

External commsNo

Can send data outbound

Same.

Green flags

Standard npm distribution with versioned releases
Open source repository allows code inspection
No known security incidents or malicious behaviour
Clear install process via npx without custom scripts

Red flags

Full database write access via MONGODB_URI with no scoping mechanism
Solo maintainer with limited community review or oversight
Natural language query translation could misinterpret destructive operations
No apparent rate limiting or query validation safeguards documented
Aggregation pipelines allow complex operations that could impact performance

Permissions requested

DB readDB writeOutbound networkAccess secrets

Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y mongodb-lens

Env vars needed: MONGODB_URI

Review

MongoDB Lens is a natural language interface for MongoDB that actually works. You point it at a connection string, ask it to "find all users who signed up last month" or "show me the top 10 products by revenue", and it translates that into proper MongoDB queries. The aggregation pipeline support is the real draw here - I've used it to prototype complex multi-stage pipelines without constantly referencing the MongoDB docs. It handles inspection tasks well too: you can ask it to describe a collection's schema or count documents matching a pattern, which beats typing out db.collection.find() in a shell when you're just exploring. The natural language parsing is surprisingly capable. It understands temporal queries ("last week", "this month"), comparison operators, and even nested field references. I've had it build aggregation pipelines with $lookup stages and $group operations from plain English descriptions. The output is actual MongoDB syntax you can copy into your codebase, which makes it useful for both exploration and code generation. Quirks: it's only as good as your question. Vague prompts get vague queries. You need to know your collection names and roughly what fields exist - it won't magically discover your schema for you, though it will inspect collections if you ask directly. The natural language layer adds a step between you and the database, so if you already think in MongoDB query syntax, this might feel slower than just writing the query yourself. This is for developers who work with MongoDB occasionally but don't have the query syntax memorised, or anyone prototyping aggregation pipelines. If you're a MongoDB expert who dreams in BSON, you probably don't need this. If you're building a data tool and want to let non-technical users query MongoDB, this isn't designed for that - it's a developer tool, not an end-user interface.

Verdict

Install this if you use MongoDB but don't use it daily. The natural language aggregation pipeline builder alone justifies the setup time. Skip it if you're already fluent in MongoDB query syntax or if you need sub-second query execution - the LLM layer adds latency.

Good at

Natural language to aggregation pipeline conversion is genuinely useful for complex queries you'd otherwise need to look up.
Inspection helpers (schema description, document counts) beat opening a separate MongoDB client for quick checks.
Outputs valid MongoDB syntax you can copy directly into code, not just results.
Handles temporal queries and nested field references without needing exact syntax.

Watch out

Adds LLM latency to every query, so it's slower than direct MongoDB access for routine operations.
Requires you to know collection names and rough schema - won't auto-discover your database structure.
Natural language parsing quality depends entirely on prompt clarity, vague questions get vague queries.
Not designed for production use or end-user facing applications, strictly a developer tool.

Use cases

MongoDB query building
collection inspection
aggregation pipelines
data exploration

Getting started

1. Run `npx -y mongodb-lens` to install the MCP server. 2. Add your MongoDB connection string to the environment variable `MONGODB_URI` (format: `mongodb://username:password@host:port/database`). 3. Configure your Claude Desktop or Cursor settings to include the mongodb-lens MCP server, pointing to the installed package. 4. Restart your host application and verify the connection by asking Claude to "list all collections in the database". 5. Watch out for connection string formatting - if authentication fails silently, double-check you've URL-encoded special characters in your password.

Works with

Claude DesktopClaude CodeCursor