← Scan another

High

github · 250 files analyzed

mongodb-js/mongodb-mcp-server

Sensitive access patterns — review carefully.

View source ↗

Outbound network 1

Environment variables (config / keys) 10

Filesystem writes 1

Shell / command execution 6

Sensitive credential files 21

AI review

No prompt injection, hidden instructions, or deceptive tool descriptions found. The codebase is a legitimate MongoDB MCP server that handles credentials securely through a keychain abstraction and environment variables for configuration. The flagged items are standard patterns for a database connection tool that needs to manage authentication secrets.

low Legitimate credential management — The codebase uses a Keychain class for secret redaction and reads MongoDB connection URIs from environment variables. This is expected behavior for a database MCP server that needs to connect to MongoDB instances. The keychain pattern is a security best practice, not a vulnerability.
low Standard development scripts — Scripts using child_process (spawn, execSync, execFileSync) are standard build/release automation tools, not runtime agent manipulation. They are not exposed as MCP tools and cannot be invoked by the AI agent.
low No deceptive tool descriptions — The agent instructions and code review guidelines clearly describe the project's purpose as a MongoDB MCP server. Tool descriptions follow consistent naming conventions and are documented with proper categories (mongodb, atlas).

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low MCP_SERVER_LIBRARY.md:285 production: process.env.MONGODB_PRODUCTION_URI,

low scripts/accuracy/generateTestSummary.ts:246 const { GITHUB_SERVER_URL, GITHUB_REPOSITORY, GITHUB_RUN_ID } = process.env;

low scripts/accuracy/updateAccuracyRunStatus.ts:5 const envAccuracyRunId = process.env.MDB_ACCURACY_RUN_ID;

info scripts/cleanupAtlasTestLeftovers.test.ts:146 baseUrl: process.env.MDB_MCP_API_BASE_URL || "https://cloud-dev.mongodb.com",

low scripts/generate-release-notes.ts:26 const GROVE_API_KEY = process.env["GROVE_API_KEY"];

low scripts/generate/generateArguments.ts:239 serverJson.version = process.env.VERSION || version;

low src/common/config/configUtils.ts:44 ? path.join(process.env.LOCALAPPDATA || process.env.APPDATA || os.homedir(), "mongodb")

low src/helpers/container.ts:15 if (process.env.container) {

low src/setup/aiTool.ts:53 return process.env.APPDATA || path.join(os.homedir(), "AppData", "Roaming");

low src/telemetry/telemetry.ts:240 if (typeof process === "undefined" || !process.env) {

Sensitive credential files · Reads sensitive credential files

info MCP_SERVER_LIBRARY.md:1056 // Pass keychain for automatic secret redaction

high api-extractor/reports/mongodb-mcp-server.public.api.md:404 constructor(keychain: Keychain);

high api-extractor/reports/web.public.api.md:644 constructor(keychain: Keychain | undefined);

high packages/types/src/index.ts:3 export type * from "./keychain.js";

high src/common/config/parseUserConfig.ts:2 import { Keychain } from "../keychain.js";

info src/common/keychain.ts:5 * This class holds the secrets of a single server. Ideally, we might want to have a keychain

high src/common/logging/consoleLogger.ts:1 import type { Keychain } from "../keychain.js";

high src/common/logging/diskLogger.ts:3 import type { Keychain } from "../keychain.js";

high src/common/logging/loggerBase.ts:3 import type { Keychain } from "../keychain.js";

high src/common/logging/mcpLogger.ts:3 import type { Keychain } from "../keychain.js";

high src/common/session.ts:19 import type { Keychain } from "./keychain.js";

high src/index.ts:47 import { Keychain } from "./common/keychain.js";

+ 9 more

Shell / command execution · Executes shell / system commands

medium scripts/createMcpb.ts:9 import { spawn } from "node:child_process";

medium scripts/generate-release-notes.ts:6 import { execFileSync } from "child_process";

medium scripts/generate/generateArguments.ts:13 import { execSync } from "child_process";

medium scripts/generate/generateUI.ts:8 import { execSync } from "child_process";

medium src/setup/aiTool.ts:6 import { exec } from "child_process";

medium src/setup/installSkills.ts:2 import { spawn } from "node:child_process";

Outbound network · Makes outbound network requests

low src/common/atlas/apiClient.ts:152 const response = await fetch(url, {

Filesystem writes · Reads or writes the filesystem

low src/common/exportsManager.ts:117 await fs.rm(this.exportsDirectoryPath, { force: true, recursive: true });

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.