MCPVet
← Scan another
Medium
github · 129 files analyzed

modelcontextprotocol/servers

Powerful capabilities — review before trusting.

View source ↗
Outbound network 2
Environment variables (config / keys) 9
Filesystem writes 8
Shell / command execution 3
Sensitive credential files 3

AI review

The repository contains test code that accesses environment variables and performs filesystem operations, but these are confined to test suites and do not represent runtime risks. The `get-env.ts` tool exposes all environment variables, which could leak secrets if deployed without restriction, but this is part of the 'everything' reference server intended for demonstration. No hidden instructions or prompt injection vectors were found.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

low CLAUDE.md:17 fetch/ Py mcp-server-fetch (web content fetching)
low src/everything/tools/gzip-file-as-resource.ts:195 const response = await fetch(url, { signal: controller.signal });

Shell / command execution · Executes shell / system commands

medium scripts/release.py:42 subprocess.run(
info src/filesystem/__tests__/startup-validation.test.ts:2 import { spawn } from 'child_process';
info src/filesystem/__tests__/structured-content.test.ts:7 import { spawn } from 'child_process';

Environment variables (config / keys) · Reads environment variables (config / API keys)

info src/everything/__tests__/tools.test.ts:164 process.env.TEST_VAR_EVERYTHING = 'test_value';
low src/everything/tools/get-env.ts:34 text: JSON.stringify(process.env, null, 2),
low src/everything/tools/gzip-file-as-resource.ts:12 process.env.GZIP_MAX_FETCH_SIZE ?? String(10 * 1024 * 1024)
low src/everything/transports/sse.ts:74 const PORT = process.env.PORT || 3001;
low src/everything/transports/streamableHttp.ts:201 const PORT = process.env.PORT || 3001;
info src/memory/__tests__/file-path.test.ts:16 originalEnv = process.env.MEMORY_FILE_PATH;
low src/memory/index.ts:16 if (process.env.MEMORY_FILE_PATH) {
info src/sequentialthinking/__tests__/lib.test.ts:21 process.env.DISABLE_THOUGHT_LOGGING = 'true';
low src/sequentialthinking/lib.ts:21 this.disableThoughtLogging = (process.env.DISABLE_THOUGHT_LOGGING || "").toLowerCase() === "true";

Filesystem writes · Reads or writes the filesystem

info src/filesystem/__tests__/directory-tree.test.ts:73 await fs.rm(testDir, { recursive: true, force: true });
info src/filesystem/__tests__/path-validation.test.ts:29 await fs.rm(testDir, { recursive: true, force: true });
info src/filesystem/__tests__/startup-validation.test.ts:53 await fs.rm(testDir, { recursive: true, force: true });
info src/filesystem/__tests__/structured-content.test.ts:50 await fs.rm(testDir, { recursive: true, force: true });
low src/filesystem/lib.ts:177 await fs.unlink(tempPath);
info src/git/tests/test_server.py:33 shutil.rmtree(repo_path)
info src/memory/__tests__/file-path.test.ts:31 await fs.unlink(oldMemoryPath);
info src/memory/__tests__/knowledge-graph.test.ts:23 await fs.unlink(testFilePath);

Sensitive credential files · Reads sensitive credential files

info src/filesystem/__tests__/lib.test.ts:170 const testPath = process.platform === 'win32' ? 'C:\\Windows\\System32\\file.txt' : '/etc/passwd';
info src/filesystem/__tests__/path-validation.test.ts:75 expect(isPathWithinAllowedDirectories('/etc/passwd', allowed)).toBe(false);
info src/git/src/mcp_server_git/server.py:137 # working tree to prevent path traversal (e.g. '../../etc/passwd' or an

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.