MCPVet
Clean
Check your own MCP server
Free · no signup · instant shareable report.
Outbound network 1
Environment variables (config / keys) 1
AI review
No safety risks identified. The extension is a straightforward Reddit content fetcher that requires standard OAuth credentials (client ID) passed via environment variables, which is normal for API access. No hidden instructions, deceptive tool descriptions, or data exfiltration mechanisms were found.
- low Standard API credential usage — The extension reads REDDIT_CLIENT_ID from environment variables, which is expected for Reddit API authentication. No code attempts to exfiltrate these credentials or use them outside their intended purpose.
- low No prompt injection or hidden instructions — The README and source code contain no hidden instructions, system prompt manipulations, or attempts to override agent behavior. All tool descriptions match the stated purpose of fetching Reddit content.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
low
src/mcp_reddit/reddit_fetcher.py:26
limit: Number of posts to fetch (default: 10)
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/mcp_reddit/reddit_fetcher.py:10
REDDIT_CLIENT_ID=os.getenv("REDDIT_CLIENT_ID")
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.