Azure/azure-mcp

No risky behavior detected.

View source ↗

Outbound network 1

Environment variables (config / keys) 5

Filesystem writes 1

Shell / command execution 2

Install-time scripts 1

Sensitive credential files 4

AI review

This is an official Microsoft Azure MCP server extension with no evidence of malicious intent. The flagged items are standard engineering pipeline files (npmrc creation, build scripts, environment variable access) used for legitimate CI/CD and development purposes, not for data exfiltration or agent manipulation.

low Standard CI/CD pipeline files flagged as sensitive — Files like create-authenticated-npmrc.yml and npm-publish.yml are part of Azure's internal engineering pipelines for publishing packages. They do not execute in the MCP server context and are not loaded by the agent.
low Child process and environment variable usage in build scripts — eng/npm/platform/index.js and eng/npm/wrapper/index.js use child_process and process.env for local development and debugging. These are not part of the MCP server runtime and do not pose a risk to agent security.
low Postinstall hook in package.json — The postinstall script runs during npm package installation for development tooling. It does not exfiltrate data or inject malicious instructions into the MCP server.
low No hidden instructions or prompt injection vectors found — The copilot-instructions.md and other documentation files contain only legitimate coding guidelines and contribution instructions. No attempts to manipulate the agent or exfiltrate data were detected.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

info eng/common/docgeneration/templates/matthews/styles/main.js:86 var xmlHttp = new XMLHttpRequest();

Sensitive credential files · Reads sensitive credential files

info eng/common/pipelines/templates/archetype-typespec-emitter.yml:192 # Create authenticated .npmrc file for publishing to devops

info eng/common/pipelines/templates/jobs/npm-publish.yml:117 npmrcPath: $(ArtifactPath)/.npmrc

info eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml:12 Write-Host "Creating .npmrc file ${{ parameters.npmrcPath }} for registry ${{ parameters.registryUrl }}"

info eng/pipelines/templates/steps/publish-to-dev-feed.yml:14 npmrcPath: ${{parameters.PathToArtifacts}}/.npmrc

Filesystem writes · Reads or writes the filesystem

info eng/common/pipelines/templates/steps/mashup-doc-index.yml:81 shutil.rmtree(os.path.join(SITE_INDEX, 'api'))

Shell / command execution · Executes shell / system commands

info eng/npm/platform/index.js:5 const childProcess = require('child_process')

info eng/npm/wrapper/index.js:40 const { execSync } = require('child_process')

Environment variables (config / keys) · Reads environment variables (config / API keys)

info eng/npm/platform/index.js:8 const isDebugMode = process.env.DEBUG && (

info eng/npm/wrapper/index.js:6 const isDebugMode = process.env.DEBUG && (

info eng/vscode/src/test/suite/allTests.ts:12 timeout: process.env.TEST_TIMEOUT ?? "10s"

info eng/vscode/src/test/suite/unitTests.ts:12 timeout: process.env.TEST_TIMEOUT ?? "10s",

info eng/vscode/webpack.config.js:18 const debugWebpack = !!process.env.DEBUG_WEBPACK;

Install-time scripts · Runs scripts on install (postinstall/preinstall)

info eng/npm/wrapper/package.json:34 "postinstall": "node ./scripts/post-install-script.js"

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.