MCPVet
← Scan another
Clean
github · 89 files analyzed

render-oss/render-mcp-server

No risky behavior detected.

View source ↗

Check your own MCP server

Free · no signup · instant shareable report.

Outbound network 2
Remote code execution 1

AI review

This is an official Render MCP server with no hidden instructions, prompt injection, or data exfiltration mechanisms. The code and documentation are transparent about its purpose of managing Render resources via LLMs.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

info README.md:184 - `metricTypes`: Which metrics to fetch (array of strings, required). Accepted values:
low pkg/oauth/introspect.go:137 call.resp, call.err = i.fetch(context.WithoutCancel(ctx), token)

Remote code execution · Downloads and executes remote code

info bin/install.sh:4 # curl -fsSL https://raw.githubusercontent.com/render-oss/render-mcp-server/refs/heads/main/bin/install.sh | sh

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.