mongodb-mcp-setup
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (
env,grep,docker info,echo $SHELL) for environment discovery and configuration verification. These operations are diagnostic in nature and implemented safely. - [SAFE]: Credential handling is performed securely. The skill explicitly avoids requesting or processing user secrets directly. Instead, it provides instructions for users to store credentials in a local environment file (
~/.mcp-env) with restricted filesystem permissions (chmod 600). - [SAFE]: Sensitive information exposure is mitigated in diagnostic outputs. The skill uses
sedto mask environment variable values (e.g.,MDB_MCP_CONNECTION_STRING) before displaying them to the user. - [SAFE]: The skill provides proactive security guidance, such as warning users against the risks of using permissive IP access lists (
0.0.0.0/0) for Atlas Service Accounts.
Audit Metadata