MCPVet
Clean
Environment variables (config / keys) 1
Filesystem writes 1
Shell / command execution 1
AI review
No real safety risks found. The extension is a legitimate MCP server for document conversion using pandoc, with standard environment variable access and test cleanup operations that are expected for this type of tool.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/mcp_pandoc/server.py:333
env = os.environ.copy()
Shell / command execution · Executes shell / system commands
info
tests/test_advanced_features.py:74
!!python/object/apply:os.system
Filesystem writes · Reads or writes the filesystem
info
tests/test_advanced_features.py:29
shutil.rmtree(self.temp_dir)
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.