MCPVet
Clean
Outbound network 1
Environment variables (config / keys) 2
AI review
This is a deprecated community MCP server for Snowflake Cortex AI that performs legitimate database operations. It accesses environment variables for authentication and makes network requests to Snowflake APIs, which is expected behavior. No hidden instructions, prompt injection, or deceptive tool descriptions were found.
- low Environment variable access for authentication — The server reads SNOWFLAKE_PAT and SNOWFLAKE_PASSWORD from environment variables for authentication. This is standard and expected for a database client. No exfiltration or misuse of these credentials was detected.
- low Network requests to Snowflake APIs — The server makes HTTP POST requests to Snowflake's REST API endpoints. This is required for its stated purpose of querying Snowflake Cortex services. No suspicious or unexpected destinations were identified.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
low
mcp_server_snowflake/cortex_services/tools.py:81
response = requests.post(
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
mcp_server_snowflake/server.py:224
return os.getenv(
low
mcp_server_snowflake/utils.py:48
if os.environ.get("SNOWFLAKE_PAT") and not os.environ.get("SNOWFLAKE_PASSWORD"):
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.