MCP Server for MongoDB: the 4 real options
Four servers connect MongoDB to your agent. One is official, three are community, and only two guard writes properly — here's how to choose.

The best MCP server for MongoDB in most cases is the official MongoDB MCP Server — it connects Atlas, Community, or Enterprise, exposes 15 tools, and ships a real --readOnly flag. If you want fewer tools or a specific feature, three community servers fill the gaps. This is a comparison of all four, with the exact config to wire one up.
All four run locally over stdio via npx, which is normal: about 90% of MCP servers run locally over stdio, and databases are no exception. There's no hosted "MongoDB MCP endpoint" you point a URL at — the server runs on your machine and holds a connection string.
The four MongoDB MCP servers, compared
Here's the whole field. "Official" means the repo belongs to MongoDB itself; the other three are third-party builds.
| Server | Maker | Tools | Read-only guard | Last commit |
|---|---|---|---|---|
| MongoDB MCP Server | Official (mongodb-js) | 15 | --readOnly flag | May 2026 |
| MCP MongoDB Server | Community (kiliczsh) | 7 | --read-only flag | Feb 2026 |
| MongoDB Lens | Community (furey) | 41 | two-step delete confirm | Apr 2025 |
| Mongo MCP | Community (QuantGeekDev) | 8 | none | Mar 2025 |
Two things jump out. First, tool count varies 6x — MongoDB Lens ships 41 tools, which is a lot to spend from a client's ~40-tool budget on one server. Second, the two most recently maintained servers are also the two with a real read-only mode. That's not a coincidence; write safety is the thing serious maintainers keep fixing.
Just use the official one (mostly)
Start with the official MongoDB MCP Server unless you have a reason not to. It's the only first-party option, it's actively maintained, and it targets Atlas, Community, and Enterprise the same way. At 15 tools it's a sane middle: enough to query, aggregate, inspect indexes, and manage collections without eating your whole tool budget.
The part I care about most is that it takes the connection string through an env var (MDB_MCP_CONNECTION_STRING) rather than a command-line argument, and it has a --readOnly flag baked in. Credentials in args get logged and show up in ps; credentials in env vars are marginally safer. Pair that with a scoped, read-only database user and the blast radius of a confused agent stays small.
When would you skip it? If you specifically want a tiny surface (7-8 tools) or one of Lens's niche features, a community server is a fair call. Otherwise, official is the boring correct answer.
When a community server is the better pick
Reach for a community MongoDB server when you want a smaller tool surface or a specific behavior the official one doesn't have. Two are worth your time; one I'd skip.
- MCP MongoDB Server (7 tools) — the minimalist pick. Its
--read-onlymode does more than block writes: it disables theupdate,insert, andcreateIndextools entirely and can route reads to a secondary. Fewest tools of the four, which is friendly to your budget. The catch: it has no auth layer and passes the URI in args unless you use theMCP_MONGODB_URIenv var — do that. - MongoDB Lens (41 tools) — the everything server. Query, aggregate, manage users and indexes, run admin ops, all via natural language, with two-step token confirmation on destructive operations like drop-collection and drop-database. But 41 tools is a heavy load on one client, its last commit was April 2025, and the destructive-op guard can be switched off with
CONFIG_DISABLE_DESTRUCTIVE_OPERATION_TOKENS=true. Broad surface, aging codebase. - Mongo MCP (8 tools) — I'd skip this one. It has no read-only mode, passes credentials as a plaintext CLI arg, and connecting with write-capable creds gives the LLM full insert/update/delete access with nothing in the way. Last commit March 2025. If you want a small server, take MCP MongoDB Server instead.
One more option that isn't a MongoDB server at all: if your database lives behind a bastion host, MCP SSH Manager (24 tools) runs commands and DB operations over SSH. It's a fallback for locked-down infra, not a replacement for a proper driver-based server — you're shelling out to mongosh on the far side, and you're handing an agent arbitrary command execution. Use its readonly or restricted modes if you go this way.
Wire it up: the copy-paste config
Add the official server to your client's MCP config with this block. It uses an env var for the connection string and starts read-only:
{
"mcpServers": {
"mongodb": {
"command": "npx",
"args": ["-y", "mongodb-mcp-server@latest", "--readOnly"],
"env": {
"MDB_MCP_CONNECTION_STRING": "mongodb+srv://<user>:<password>@<cluster-host>/<db>"
}
}
}
}
Swap the Atlas SRV string for mongodb://localhost:27017/<db> if you're on a local Community deployment. Drop --readOnly only once you actually want the agent to write — and even then, connect as a scoped user, not an admin. If your client wants a different shape, the config generator will emit it, and the general steps live in how to add an MCP server.
Don't hand the agent your admin user
The single biggest mistake with any MongoDB MCP server is connecting with credentials that can do more than the task needs. The server inherits exactly the permissions of the connection-string user — every one of these servers says so plainly. Give it an admin URI and "drop that collection" is one hallucinated tool call away.
Do three things regardless of which server you pick. Create a dedicated database user scoped to the one database (and read-only if the agent only needs to read). Keep the connection string in an env var, never a command-line argument, so it stays out of logs and process lists. And start with the read-only flag on — you can always widen access later. The full reasoning is in MCP security: what actually matters.
That's the whole decision. Official server, scoped user, read-only until proven otherwise. Browse the rest of the field on best MCP servers or compare capabilities on the capabilities page.