MCPVet
← MCP directory
Low
github · 250 files analyzed

cloudflare/mcp-server-cloudflare

Minor capabilities, nothing alarming.

View source ↗
Outbound network 40
Filesystem writes 1
Shell / command execution 1
Install-time scripts 1

AI review

This is an official Cloudflare MCP server repository with no evidence of prompt injection, hidden instructions, or deceptive tool descriptions. All network calls are legitimate Cloudflare API interactions for the stated purposes of each server (AI Gateway, audit logs, DNS analytics, etc.). The codebase follows standard development practices and contains no exfiltration mechanisms or credential-stealing logic.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

low apps/ai-gateway/src/ai-gateway.app.ts:104 }).fetch(req, env, ctx)
low apps/ai-gateway/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/auditlogs/src/auditlogs.app.ts:105 }).fetch(req, env, ctx)
low apps/auditlogs/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/autorag/src/autorag.app.ts:138 }).fetch(req, env, ctx)
low apps/autorag/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/browser-rendering/src/browser.app.ts:104 }).fetch(req, env, ctx)
low apps/browser-rendering/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/cloudflare-one-casb/src/cf1-casb.app.ts:105 }).fetch(req, env, ctx)
low apps/cloudflare-one-casb/worker-configuration.d.ts:324 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/demo-day/frontend/script.js:144 const response = await fetch(url, options)
low apps/demo-day/worker-configuration.d.ts:310 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;

+ 28 more

Shell / command execution · Executes shell / system commands

medium apps/sandbox-container/container/sandbox.container.app.ts:1 import { exec } from 'node:child_process'

Filesystem writes · Reads or writes the filesystem

low apps/sandbox-container/container/sandbox.container.app.ts:120 await fs.rm(path.join(process.cwd(), reqPath), { recursive: true })

Install-time scripts · Runs scripts on install (postinstall/preinstall)

medium apps/sandbox-container/package.json:14 "postinstall": "mkdir -p workdir",

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.