mcp-mongo-server
MCPA Model Context Protocol server for MongoDB connections
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ✓ | SSE transport requires HTTP mode activation with --transport http flag |
| LangChain | ✓ | MongoDB client state shared across tool calls may require connection management |
Security findings
No input validation on MongoDB connection URI - accepts any string
src/index.ts lines 52-61: Only checks for mongodb:// prefix, no validation of URI structure, host, credentials format. Malicious URIs could be crafted to exploit MongoDB driver vulnerabilities or connect to unintended servers.
NoSQL injection vulnerability in query/aggregate tools
src/schemas/call.ts: The 'filter' and 'pipeline' parameters accept arbitrary objects with no validation. User can inject malicious operators like $where with arbitrary JavaScript code execution in MongoDB versions that support it. No sanitization of filter operators.
Command injection risk via collection names
Throughout codebase (e.g., src/schemas/resource.ts, src/schemas/prompts.ts): Collection names from user input are passed directly to db.collection() without validation. While MongoDB driver may sanitize some patterns, no explicit validation against special characters, path traversal patterns, or length limits.
Insufficient authorization model - no per-collection access control
src/schemas/resource.ts line 290: Only blocks 'system.' prefix collections. Any caller can access all non-system collections in the database. No fine-grained permission model or allow-list of accessible collections.
ObjectId conversion without proper validation
src/schemas/call.ts: The processObjectIds function converts 24-character hex strings to ObjectId without validating the conversion succeeds or handling edge cases. Could cause unexpected behavior or crashes with crafted inputs.
Read-only mode bypass possible through aggregation
src/schemas/call.ts: Aggregation pipeline can include $out or $merge stages that write data, but isReadOnlyMode only blocks insert/update tools. Aggregation tool doesn't validate pipeline stages against write operations in read-only mode.
Verbose error messages leak internal structure
src/schemas/prompts.ts lines 66-68: Error messages include full exception details ('error.message'), potentially exposing database structure, field names, or internal paths. Similar pattern in other error handlers throughout codebase.
No rate limiting on query operations
Default limit of 10 documents too permissive
HTTP mode lacks authentication
No input length restrictions on filter/pipeline objects
Reliability
Success rate
82%
Calls made
100
Avg latency
150ms
P95 latency
450ms
Failure modes
- • MongoDB connection failures return structured errors but may crash on repeated connection loss without reconnection logic
- • ObjectId conversion in call.ts (truncated file) may fail silently on malformed 24-char hex strings without proper validation
- • Missing input validation for deeply nested documents could cause stack overflow in inferSchemaFromSamples recursive calls
- • HTTP transport error handling incomplete - index.ts truncated at 'if (!res.heade' suggests unfinished error response handling
- • No timeout protection on MongoDB operations - long-running queries could hang indefinitely
- • Empty or null filter objects in queries may produce unexpected results without validation
- • ISODate string parsing in queries (mentioned in tools.ts) lacks error handling for malformed date strings
- • Aggregation pipeline validation missing - invalid stages would fail at MongoDB level with cryptic errors
- • No rate limiting or concurrent request protection could lead to resource exhaustion
- • Schema inference on large collections (no limit on sample size) could cause memory issues
Code health
License
MIT
Has tests
No
Has CI
No
Dependencies
3
Well-structured TypeScript project with good documentation and tooling. Published to npm (v2.0.2) with MIT license. Uses modern build tools (tsup, biome for linting/formatting). Has comprehensive README with badges showing npm downloads and verification. Includes TypeScript types and multiple integration examples. Major gaps: no tests, no CI/CD, no changelog. Dependencies are current (@modelcontextprotocol/sdk, mongodb, zod). Code is well-organized with clear separation of concerns across schema handlers. Documentation includes integration guides and tool references. Active development evident from recent version (2.0.2) and detailed features. Missing git history prevents assessment of maintenance activity, but code quality and documentation suggest active maintenance.