MCPVet
← Scan another
Medium
github · 129 files analyzed

modelcontextprotocol/servers

Powerful capabilities — review before trusting.

View source ↗
Outbound network 2
Environment variables (config / keys) 9
Filesystem writes 8
Shell / command execution 3
Sensitive credential files 3

AI review

The repository contains test code that accesses environment variables and performs filesystem operations, but these are part of legitimate testing and not malicious. The `get-env.ts` tool exposes all environment variables, which could be a concern if deployed in a sensitive context, but it is a reference/demo server. No hidden instructions or prompt injection were found.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

low CLAUDE.md:17 fetch/ Py mcp-server-fetch (web content fetching)
low src/everything/tools/gzip-file-as-resource.ts:195 const response = await fetch(url, { signal: controller.signal });

Shell / command execution · Executes shell / system commands

medium scripts/release.py:42 subprocess.run(
info src/filesystem/__tests__/startup-validation.test.ts:2 import { spawn } from 'child_process';
info src/filesystem/__tests__/structured-content.test.ts:7 import { spawn } from 'child_process';

Environment variables (config / keys) · Reads environment variables (config / API keys)

info src/everything/__tests__/tools.test.ts:164 process.env.TEST_VAR_EVERYTHING = 'test_value';
low src/everything/tools/get-env.ts:34 text: JSON.stringify(process.env, null, 2),
low src/everything/tools/gzip-file-as-resource.ts:12 process.env.GZIP_MAX_FETCH_SIZE ?? String(10 * 1024 * 1024)
low src/everything/transports/sse.ts:74 const PORT = process.env.PORT || 3001;
low src/everything/transports/streamableHttp.ts:201 const PORT = process.env.PORT || 3001;
info src/memory/__tests__/file-path.test.ts:16 originalEnv = process.env.MEMORY_FILE_PATH;
low src/memory/index.ts:16 if (process.env.MEMORY_FILE_PATH) {
info src/sequentialthinking/__tests__/lib.test.ts:21 process.env.DISABLE_THOUGHT_LOGGING = 'true';
low src/sequentialthinking/lib.ts:21 this.disableThoughtLogging = (process.env.DISABLE_THOUGHT_LOGGING || "").toLowerCase() === "true";

Filesystem writes · Reads or writes the filesystem

info src/filesystem/__tests__/directory-tree.test.ts:73 await fs.rm(testDir, { recursive: true, force: true });
info src/filesystem/__tests__/path-validation.test.ts:29 await fs.rm(testDir, { recursive: true, force: true });
info src/filesystem/__tests__/startup-validation.test.ts:53 await fs.rm(testDir, { recursive: true, force: true });
info src/filesystem/__tests__/structured-content.test.ts:50 await fs.rm(testDir, { recursive: true, force: true });
low src/filesystem/lib.ts:177 await fs.unlink(tempPath);
info src/git/tests/test_server.py:33 shutil.rmtree(repo_path)
info src/memory/__tests__/file-path.test.ts:31 await fs.unlink(oldMemoryPath);
info src/memory/__tests__/knowledge-graph.test.ts:23 await fs.unlink(testFilePath);

Sensitive credential files · Reads sensitive credential files

info src/filesystem/__tests__/lib.test.ts:170 const testPath = process.platform === 'win32' ? 'C:\\Windows\\System32\\file.txt' : '/etc/passwd';
info src/filesystem/__tests__/path-validation.test.ts:75 expect(isPathWithinAllowedDirectories('/etc/passwd', allowed)).toBe(false);
info src/git/src/mcp_server_git/server.py:137 # working tree to prevent path traversal (e.g. '../../etc/passwd' or an

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.