Query and inspect MongoDB collections from Claude, Cursor, and VS Code.
database, nosql, mongodb, atlas
Best Read-Only MCPs
Read-only MCPs can inspect, query, and fetch — but they never write, post, or trigger side effects. That makes them the safest option for exploratory agent workflows, production databases, and anywhere a misfire would cost money or corrupt state.
24 MCPs in this collectionFilter:
read-onlyTop Read-Only MCPs ranked
Popularity-ordered. Click any card for install snippets, fact sheet, and trust signals.
Inspect keys, run commands, and debug Redis from an AI agent.
database, cache, redis, valkey
Inspect deployments, logs, and project state on Vercel from an AI agent.
vercel, hosting, deployment, nextjs
Retrieve web pages and convert them to clean markdown.
web, fetch, markdown, scraping
Archived
Anthropic's reference Postgres MCP — archived July 2025 and superseded by Postgres MCP Pro or the Supabase MCP.
database, sql, postgres, archived
Official
Query ClickHouse and ClickHouse Cloud columnar warehouses from an AI agent.
database, warehouse, clickhouse, olap
Official
Search indices, inspect mappings, and run queries against Elasticsearch from an AI agent.
database, search, elasticsearch, elastic
Inject 1Password secrets into an AI agent's tool calls without exposing them in chat.
security, secrets, 1password, vault
Inject secrets from Doppler into agent workflows without exposing values in chat.
security, secrets, doppler, credentials
Official
Manage Bitbucket Cloud repos, pipelines, and pull requests from an AI agent.
git, bitbucket, atlassian, pipelines
Official
Inspect AWS resources, read CloudWatch logs, and audit IAM from an AI agent.
aws, cloud, cloudwatch, iam
Triage errors, inspect traces, and query events from Sentry.
sentry, errors, monitoring, observability
Archived
Search and read Google Drive files from an AI agent (archived reference implementation).
google-drive, storage, filesystem, documents
Run read-only MySQL queries and inspect schemas from an AI agent.
database, sql, mysql, mariadb
Real-time web search with privacy-focused results.
search, web, realtime, news
Up-to-date library docs pulled directly into your AI context.
coding, documentation, libraries, accuracy
Search, inspect, and run Hugging Face models and datasets from an agent.
huggingface, ml, models, inference
Geocoding, place search, directions, and travel times from Google Maps.
maps, geocoding, places, directions
Real-time and forecast weather data via the OpenWeatherMap API.
weather, forecast, openweathermap, lifestyle
Inspect Figma designs, components, and variables from an agent.
figma, design, design-to-code, components
Query Google BigQuery datasets from Claude, Cursor, and VS Code.
database, warehouse, bigquery, google-cloud
Self-hosted Git server — manage repos, issues, and PRs from an AI agent.
git, gitea, forgejo, codeberg
Inspect schemas and run SQL against a Snowflake account from an AI agent.
database, warehouse, snowflake, sql
Archived
Manage Porkbun domains, DNS, DNSSEC, and SSL — read-only by default. Community MCP repository archived; Porkbun itself is unaffected.
porkbun, domains, registrar, dns
FAQ: Read-Only
Why use a read-only MCP specifically?
Agents will sometimes call tools you didn't expect. For a production database or a paid API, you want the server itself to refuse mutations — not just your prompt asking it nicely. Read-only is a hard stop, not a soft hint.
Can I make any MCP read-only?
Partially. Many MCPs gate writes behind environment variables or credentials scopes. If the MCP exposes write tools but you hand it read-only credentials, the write calls will fail at the API layer — same outcome in practice.