MCPVet
← MCP directory
Clean
github · 7 files analyzed

tavily-ai/tavily-mcp

No risky behavior detected.

View source ↗
Outbound network 3
Environment variables (config / keys) 1

AI review

This is a legitimate MCP server for Tavily's web search API. It reads the API key from environment variables and uses axios to make outbound requests to Tavily's API. No hidden instructions, deceptive tool descriptions, or data exfiltration mechanisms were found.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

info package-lock.json:13 "axios": "^1.6.7",
low package.json:51 "axios": "^1.6.7",
low src/index.ts:6 import axios from "axios";

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/index.ts:15 const API_KEY = process.env.TAVILY_API_KEY;

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.