
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
mcp-mongodb-bio-invasion
Advanced tools
一个基于 Model Context Protocol (MCP) 的 MongoDB 自然语言查询服务器,专门用于生物入侵研究数据的智能检索和分析。
# 使用 uv 包管理器安装
uv sync
# 或者使用 pip
pip install -e .
创建 .env
文件并配置以下环境变量:
# MongoDB 配置
MONGO_URI=mongodb://localhost:27017/
MONGO_DB_NAME=中国生物入侵研究
MONGO_COLLECTION=生物入侵研究
# 模型配置
EMBEDDING_MODEL=dengcao/Qwen3-Embedding-8B:Q5_K_M
RERANKER_MODEL=BAAI/bge-reranker-large
# DeepSeek API 配置(可选)
DEEPSEEK_API_KEY=your_deepseek_api_key_here
DEEPSEEK_API_URL=https://api.deepseek.com/v1/chat/completions
将文本转换为 768 维嵌入向量
参数:
text
(string, 必需): 需要转换的文本(建议 ≤512 字符)示例:
{
"text": "生物入侵对生态系统的影响"
}
自然语言查询 MongoDB 数据库
参数:
query_text
(string, 必需): 自然语言查询语句limit
(int, 可选, 默认=5): 返回结果数量(1-20)use_reranker
(bool, 可选, 默认=true): 是否使用 BGE 模型重排序enhance
(bool, 可选, 默认=false): 是否用 DeepSeek 增强结果示例:
{
"query_text": "查找关于外来物种入侵的研究",
"limit": 10,
"use_reranker": true,
"enhance": true
}
查看所有可用工具列表及参数说明
# 使用 uv 运行
uv run python mcp_mongodb_server.py
# 或者直接运行
python mcp_mongodb_server.py
服务器启动后将通过 stdio 与 MCP 客户端通信。
MongoDB 集合需要包含以下字段以支持向量搜索:
{
"_id": ObjectId,
"content": "文档内容文本",
"embedding": [0.1, 0.2, 0.3, ...], // 768 维向量
// 其他相关字段...
}
需要创建向量索引:
db.collection.createIndex({
"embedding": "vector"
}, {
"name": "vector_index",
"type": "vector",
"dimension": 768,
"similarity": "cosine"
})
mcp[cli]>=1.13.1
pymongo>=4.6.0
transformers>=4.37.0
, torch>=2.1.0
requests>=2.31.0
python-dotenv>=1.0.0
git checkout -b feature/AmazingFeature
)git commit -m 'Add some AmazingFeature'
)git push origin feature/AmazingFeature
)本项目采用 MIT 许可证 - 查看 LICENSE 文件了解详情
如有问题或建议,请提交 Issue 或联系开发团队。
注意: 使用前请确保 MongoDB 服务器正常运行,并已配置正确的向量索引。
FAQs
MongoDB生物入侵研究MCP服务器 - 自然语言查询工具
We found that mcp-mongodb-bio-invasion demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.