roychri/mcp-server-asana

No risky behavior detected.

View source ↗

Check your own MCP server

Free · no signup · instant shareable report.

Outbound network 1

Environment variables (config / keys) 5

AI review

No safety risks found. The extension reads environment variables for configuration (ASANA_ACCESS_TOKEN, READ_ONLY_MODE) but does not exfiltrate them. All tool descriptions and functionality match the stated Asana integration purpose. No hidden instructions, prompt injection vectors, or deceptive behaviors detected.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

low CONVENTIONS.md:99 collection.fetch(200).then((tasks) => {

Environment variables (config / keys) · Reads environment variables (config / API keys)

low build.js:16 'process.env.NODE_ENV': JSON.stringify('production')

low src/index.ts:20 const asanaToken = process.env.ASANA_ACCESS_TOKEN;

low src/prompt-handler.ts:77 const isReadOnlyMode = process.env.READ_ONLY_MODE === 'true';

low src/tool-handler.ts:129 const isReadOnlyMode = process.env.READ_ONLY_MODE === 'true';

low src/version.ts:2 export const VERSION = process.env.NODE_ENV === 'development'

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.