apify/actors-mcp-server

Minor capabilities, nothing alarming.

View source ↗

Outbound network 10

Environment variables (config / keys) 24

Filesystem writes 1

Shell / command execution 2

AI review

This is a legitimate development and testing tool for the Apify MCP server. The flagged items are standard development patterns (build scripts, evaluation infrastructure, environment variable access for configuration) that are expected and appropriate for this type of project. No prompt injection, data exfiltration, or deceptive behavior was found.

low Standard development tooling, not malicious — The `execSync` and `spawn` calls in `.github/scripts/before-beta-release.js` and `scripts/dev_standby.js` are standard build/dev scripts, not hidden command execution. The `env_access` patterns throughout `evals/` and `src/` are legitimate configuration access (API tokens, base URLs) for the server's intended operation and evaluation workflows.
low No deceptive tool descriptions or hidden instructions — The `.claude/agents/mcpc-tester.md` and `.claude/skills/` files contain clear, well-documented instructions for development testing and bug triage. They do not attempt to manipulate the agent, exfiltrate data, or perform actions outside their stated purpose. The `bug-triage` skill explicitly requires user approval before any write operations.
low Network dependencies are expected — The `axios` dependency and `fetch` usage are expected for an MCP server that communicates with external APIs (Apify API, OpenRouter, Phoenix). The network calls in `src/mcp/client.ts` and `src/payments/x402.ts` are part of the server's core functionality.

Model: deepseek-chat

Static findings

Shell / command execution · Executes shell / system commands

info .github/scripts/before-beta-release.js:2 import { execSync } from 'node:child_process';

medium scripts/dev_standby.js:7 import { spawn } from 'node:child_process';

Environment variables (config / keys) · Reads environment variables (config / API keys)

low evals/config.ts:205 PHOENIX_BASE_URL: process.env.PHOENIX_BASE_URL,

low evals/create_dataset.ts:96 baseUrl: process.env.PHOENIX_BASE_URL!,

low evals/evaluation_utils.ts:44 const apifyClient = new ApifyClient({ token: process.env.APIFY_API_TOKEN || '' });

low evals/run_evaluation.ts:190 baseUrl: process.env.PHOENIX_BASE_URL!,

low evals/shared/config.ts:11 baseURL: sanitizeEnvValue(process.env.OPENROUTER_BASE_URL) || 'https://openrouter.ai/api/v1',

low evals/workflows/mcp_client.ts:58 ...process.env,

low evals/workflows/run_workflow_evals.ts:213 const apifyToken = sanitizeEnvValue(process.env.APIFY_TOKEN);

info res/integration_test_coverage_audit.md:193 // - call apify/python-example with _meta.apifyToken = process.env.APIFY_TOKEN.

low res/integration_test_coverage_plan.md:93

1. `should accept apifyToken via tools/call _meta and run successfully` — create client with `omitToken: true`. Send `tools/call` for `apify/python-example` with `_meta.apifyToken = process.env.APIFY_

low scripts/dev_standby.js:18 env: { ...process.env, ...opts.env },

low src/apify_client.ts:21 if (process.env.APIFY_IS_AT_HOME) return 'https://api.apify.com';

low src/dev_server.ts:24 process.env.TELEMETRY_ENV ??= 'DEV';

+ 12 more

Outbound network · Makes outbound network requests

low package.json:62 "axios": "^1.16.0",

info pnpm-lock.yaml:247 axios:

info res/integration_test_coverage_audit.md:167 // const r = await fetch(httpServerHost + '/');

low res/integration_test_coverage_plan.md:72 1. `should return 405 on GET /` — `fetch(httpServerHost + '/')` → status 405, `Allow: POST`.

low res/tasks_cancel_abort_flow.md:188

- **Race each platform call**: `raceAbort(run.get(), abortSignal)` and `raceAbort(run.waitForFinish(), abortSignal)` so a mid-call cancel returns promptly instead of blocking on the HTTP fetch (the cl

low src/mcp/client.ts:90 async fetch(input: Request | URL | string, init?: RequestInit) {

low src/payments/x402.ts:136 const response = await fetch(url, {

low src/tools/common/fetch_apify_docs.ts:114 const response = await fetch(mdUrl);

info src/tools/core/actor_run_response.ts:590 // instead of blocking on the HTTP fetch (the SDK does not accept an AbortSignal directly).

info src/utils/payment_errors.ts:24 * The axios response interceptor stores the header value here so it can be

Filesystem writes · Reads or writes the filesystem

low src/web/build.js:96 await fs.rm(distPath, { recursive: true, force: true });

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.