MCPVet
Low
github · 28 files analyzed
vivekVells/mcp-pandoc
Minor capabilities, nothing alarming.
View source ↗Environment variables (config / keys) 1
Filesystem writes 1
Shell / command execution 1
AI review
No real safety risks found. The extension is a legitimate MCP server for document conversion using pandoc, with standard environment variable access and test files that use os.system for legitimate testing purposes. All code aligns with the stated purpose of providing document format conversion functionality.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/mcp_pandoc/server.py:333
env = os.environ.copy()
Shell / command execution · Executes shell / system commands
info
tests/test_advanced_features.py:74
!!python/object/apply:os.system
Filesystem writes · Reads or writes the filesystem
info
tests/test_advanced_features.py:29
shutil.rmtree(self.temp_dir)
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.