MCPVet
← Scan another
Clean
github · 61 files analyzed

winor30/mcp-server-datadog

No risky behavior detected.

View source ↗

Check your own MCP server

Free · no signup · instant shareable report.

Outbound network 1
Environment variables (config / keys) 14

AI review

This is a legitimate MCP server for the Datadog API that only accesses environment variables for authentication (DATADOG_API_KEY, DATADOG_APP_KEY, DATADOG_STORAGE_TIER) and uses them solely to make authorized API calls to Datadog. No hidden instructions, prompt injection, data exfiltration, or deceptive tool descriptions were found.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low smithery.yaml:32 env: Object.assign({}, process.env, {
low src/index.ts:69 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
low src/tools/logs/tool.ts:15 const value = process.env.DATADOG_STORAGE_TIER
info tests/setup.ts:3 process.env.DATADOG_API_KEY = 'test-api-key'
info tests/tools/dashboards.test.ts:13 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
info tests/tools/downtimes.test.ts:13 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
info tests/tools/hosts.test.ts:15 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
info tests/tools/incident.test.ts:13 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
info tests/tools/logs-storage-tier.test.ts:13 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
info tests/tools/logs.test.ts:13 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
info tests/tools/metrics.test.ts:13 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {
info tests/tools/monitors.test.ts:13 if (!process.env.DATADOG_API_KEY || !process.env.DATADOG_APP_KEY) {

+ 2 more

Outbound network · Makes outbound network requests

info tests/tools/traces.test.ts:37 name: 'http.request',

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.