← Back to Skills Marketplace

MongoDB Atlas

Name: MongoDB Atlas
Author: finishy1995

by David Wang · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1971

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mongodb-atlas-admin

Description

browse MongoDB Atlas Admin API specifications and execute operations (if credentials provided).

Usage Guidance

This skill is coherent with its description: it bundles the Atlas OpenAPI spec and provides Node scripts to browse the spec and (if you provide ATLAS_CLIENT_ID and ATLAS_CLIENT_SECRET) make live API calls. Before installing or using it, consider: - The tool will perform network calls to your Atlas endpoint and will exchange your service-account credentials for an access token (expected for this purpose). The client secret is used only for the token request and is not stored by the skill. - A token cache (access_token and expiry) is written to ~/.openclaw/.cache/mongodb-atlas/token.json; if you share the machine, remove that file when finished or run clearCachedToken if needed. - State-changing HTTP methods (POST/PUT/PATCH/DELETE) require explicit approval in the script and SKILL.md recommends always using --dry-run first. Do not run with --yes in automation unless you intentionally want destructive actions. If you trust the source and will only use it as a read-only spec browser, you can omit setting the Atlas credentials. If you plan to run live calls, provide service-account credentials with least privilege (a service account scoped only to the projects/operations you intend to use).

Capability Analysis

Type: OpenClaw Skill Name: mongodb-atlas-admin Version: 1.0.0 The skill bundle is classified as suspicious primarily due to the `scripts/atlas-call.mjs` script's `--file <path>` option. This option allows reading the content of any local file and attempting to parse it as JSON for use as a request body. While this is a plausible feature for an API client, it introduces a vulnerability where a prompt-injected AI agent could be instructed to read sensitive local files (e.g., `~/.ssh/id_rsa` if it's valid JSON, or its content could be exposed if the agent is instructed to print errors/content). However, the `SKILL.md` and `atlas-call.mjs` also implement strong safety protocols, explicitly instructing the AI agent to use `--dry-run` and seek user confirmation for any state-changing API operations, which is a positive security measure against prompt injection and accidental malicious actions.

Capability Assessment

✓ Purpose & Capability

Name/description match the contents: the package includes a full Atlas OpenAPI spec and two Node scripts — one for browsing the spec and one for making API calls. Requiring `node` and Atlas service account credentials (ATLAS_CLIENT_ID, ATLAS_CLIENT_SECRET) is appropriate for this functionality.

ℹ Instruction Scope

SKILL.md instructs the agent to run local Node scripts that only read the bundled OpenAPI spec and, when credentials are present, perform live HTTP calls to MongoDB Atlas. The runtime scripts are explicit about when they will modify resources and require interactive approval for POST/PUT/PATCH/DELETE. Note: atlas-call.mjs also reads/writes a local token cache and can use optional env vars (ATLAS_GROUP_ID, ATLAS_API_BASE_URL) not listed as required; these are reasonable but should be noted.

✓ Install Mechanism

No install step or external downloads are used — this is instruction-plus-local-code only. All included files are present in the bundle (large OpenAPI JSON and two scripts). No remote installers, URL downloads, or archives are present.

ℹ Credentials

The two required env vars (ATLAS_CLIENT_ID, ATLAS_CLIENT_SECRET) are appropriate for obtaining OAuth tokens via client-credentials flow. The scripts additionally accept optional ATLAS_GROUP_ID and ATLAS_API_BASE_URL (documented in the script) but these were not declared as required — this is low-risk but worth documenting. The skill does not request unrelated credentials.

ℹ Persistence & Privilege

The client caches the OAuth access token to disk under ~/.openclaw/.cache/mongodb-atlas/token.json to avoid repeated token requests; it does not persist client secrets. Writing a token cache to the user's home directory is reasonable for an API client but means authentication state persists on disk and should be considered by the user.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mongodb-atlas-admin
After installation, invoke the skill by name or use /mongodb-atlas-admin
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: API browser + live calls with safety guards

Metadata

Slug mongodb-atlas-admin

Version 1.0.0

License —

All-time Installs 1

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is MongoDB Atlas?

browse MongoDB Atlas Admin API specifications and execute operations (if credentials provided). It is an AI Agent Skill for Claude Code / OpenClaw, with 1971 downloads so far.

How do I install MongoDB Atlas?

Run "/install mongodb-atlas-admin" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MongoDB Atlas free?

Yes, MongoDB Atlas is completely free (open-source). You can download, install and use it at no cost.

Which platforms does MongoDB Atlas support?

MongoDB Atlas is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MongoDB Atlas?

It is built and maintained by David Wang (@finishy1995); the current version is v1.0.0.

More Skills