MCPVet
Low
github · 250 files analyzed
mongodb-js/mongodb-mcp-server
Minor capabilities, nothing alarming.
View source ↗Outbound network 1
Environment variables (config / keys) 10
Filesystem writes 1
Shell / command execution 6
AI review
This is a legitimate MongoDB MCP server implementation with no deceptive or malicious intent. The code accesses environment variables and executes shell commands only for legitimate build, test, and release automation purposes, not for data exfiltration or agent manipulation.
- low Environment variable access for configuration — The server reads environment variables like MONGODB_PRODUCTION_URI, GITHUB_* variables, and MDB_MCP_API_BASE_URL for standard configuration purposes. These are expected for a MongoDB Atlas integration tool and do not indicate exfiltration.
- low Shell command execution in scripts — Scripts use spawn/execSync for build automation (release notes, argument generation, UI generation) and setup tasks. These are standard development scripts, not runtime agent manipulation.
- low Agent instruction files are benign — The .github/agentic-workflows.agent.md and copilot-instructions.md files contain only project documentation and workflow routing instructions. No hidden prompts, data exfiltration commands, or deceptive tool descriptions were found.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
MCP_SERVER_LIBRARY.md:285
production: process.env.MONGODB_PRODUCTION_URI,
low
scripts/accuracy/generateTestSummary.ts:246
const { GITHUB_SERVER_URL, GITHUB_REPOSITORY, GITHUB_RUN_ID } = process.env;
low
scripts/accuracy/updateAccuracyRunStatus.ts:5
const envAccuracyRunId = process.env.MDB_ACCURACY_RUN_ID;
info
scripts/cleanupAtlasTestLeftovers.test.ts:146
baseUrl: process.env.MDB_MCP_API_BASE_URL || "https://cloud-dev.mongodb.com",
low
scripts/generate-release-notes.ts:26
const GROVE_API_KEY = process.env["GROVE_API_KEY"];
low
scripts/generate/generateArguments.ts:239
serverJson.version = process.env.VERSION || version;
low
src/common/config/configUtils.ts:44
? path.join(process.env.LOCALAPPDATA || process.env.APPDATA || os.homedir(), "mongodb")
low
src/helpers/container.ts:15
if (process.env.container) {
low
src/setup/aiTool.ts:53
return process.env.APPDATA || path.join(os.homedir(), "AppData", "Roaming");
low
src/telemetry/telemetry.ts:240
if (typeof process === "undefined" || !process.env) {
Shell / command execution · Executes shell / system commands
medium
scripts/createMcpb.ts:9
import { spawn } from "node:child_process";
medium
scripts/generate-release-notes.ts:6
import { execFileSync } from "child_process";
medium
scripts/generate/generateArguments.ts:13
import { execSync } from "child_process";
medium
scripts/generate/generateUI.ts:8
import { execSync } from "child_process";
medium
src/setup/aiTool.ts:6
import { exec } from "child_process";
medium
src/setup/installSkills.ts:2
import { spawn } from "node:child_process";
Outbound network · Makes outbound network requests
low
src/common/atlas/apiClient.ts:152
const response = await fetch(url, {
Filesystem writes · Reads or writes the filesystem
low
src/common/exportsManager.ts:117
await fs.rm(this.exportsDirectoryPath, { force: true, recursive: true });
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.