MCPVet
Clean
Check your own MCP server
Free · no signup · instant shareable report.
Outbound network 1
AI review
This extension is a straightforward Hacker News API wrapper with no hidden instructions, prompt injection, or data exfiltration. It only fetches public data from the official Hacker News API and does not access or transmit any secrets or credentials.
- low No security concerns detected — The extension makes standard HTTP GET requests to the public Hacker News API (hacker-news.firebaseio.com) and returns story, comment, and user data. There are no hidden instructions, deceptive tool descriptions, or attempts to read or exfiltrate sensitive information. The code is minimal and matches its stated purpose.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
low
src/mcp_hn/hn.py:39
response = requests.get(url)
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.