MCPVet
Clean
Outbound network 1
Environment variables (config / keys) 1
AI review
This is the official Brave Search MCP server published by Brave Software. It reads the BRAVE_API_KEY from environment variables and makes outbound HTTPS requests to the Brave Search API, which is exactly what its stated purpose describes. No hidden instructions, prompt injection, or deceptive tool descriptions were found.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
low
src/BraveAPI/index.ts:117
const response = await fetch(urlWithParams, { headers });
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/config.ts:33
braveApiKey: process.env.BRAVE_API_KEY ?? '',
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.