integromat/make-mcp-server

Minor capabilities, nothing alarming.

View source ↗

Check your own MCP server

Free · no signup · instant shareable report.

Outbound network 1

Environment variables (config / keys) 1

AI review

The extension reads a MAKE_API_KEY environment variable and sends it as an authorization header to Make.com API calls, which is expected behavior for its stated purpose. No hidden instructions, prompt injection vectors, or deceptive tool descriptions were found. The code is straightforward and matches the documented functionality.

low API key used as authentication token — The MAKE_API_KEY is read from environment variables and sent as 'Token <key>' in the Authorization header to Make.com API endpoints. This is standard and necessary for the extension's purpose. No exfiltration to third-party hosts occurs.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/index.ts:21 if (!process.env.MAKE_API_KEY) {

Outbound network · Makes outbound network requests

low src/make.ts:74 const res = await fetch(url, options);

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.