MCPVet
Medium
github · 37 files analyzed
semgrep/mcp
Powerful capabilities — review before trusting.
View source ↗Environment variables (config / keys) 5
Filesystem writes 1
Shell / command execution 3
Sensitive credential files 1
AI review
The extension reads environment variables for configuration (SEMGREP_APP_TOKEN, SEMGREP_PATH, SEMGREP_URL) and executes subprocess commands (claude --version, semgrep scan), which is expected behavior for a Semgrep MCP server. No hidden instructions, prompt injection, or data exfiltration mechanisms were found. The test file accessing /etc/passwd is a unit test for path traversal protection, not a vulnerability.
- low Environment variable access for authentication and configuration — The extension reads SEMGREP_APP_TOKEN, SEMGREP_PATH, and SEMGREP_URL from environment variables. This is expected for a Semgrep integration that needs to authenticate with Semgrep's API and locate the semgrep binary. No evidence of exfiltration or misuse.
- low Subprocess execution of claude and semgrep commands — The extension runs subprocess commands including 'claude --version' (to check Claude availability) and 'semgrep scan' (core functionality). These are legitimate operations for the stated purpose of running Semgrep scans via MCP.
- low Test file references /etc/passwd in safe_join test — The test file tests safe_join with '/etc/passwd' to verify path traversal protection. This is a standard security test, not an actual vulnerability or attempt to access sensitive files.
Model: deepseek-chat
Static findings
Shell / command execution · Executes shell / system commands
medium
scripts/configure_semgrep_mcp.py:37
result = subprocess.run(["claude", "--version"], capture_output=True, text=True, timeout=10)
medium
src/semgrep_mcp/semgrep.py:184
process = subprocess.run(
medium
src/semgrep_mcp/utilities/utils.py:99
process = subprocess.run(
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
scripts/configure_semgrep_mcp.py:48
if semgrep_token := os.getenv("SEMGREP_APP_TOKEN"):
low
src/semgrep_mcp/semgrep.py:31
SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)
low
src/semgrep_mcp/server.py:40
SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")
low
src/semgrep_mcp/utilities/tracing.py:30
SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")
low
src/semgrep_mcp/utilities/utils.py:14
SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)
Filesystem writes · Reads or writes the filesystem
low
src/semgrep_mcp/server.py:190
shutil.rmtree(temp_dir, ignore_errors=True)
Sensitive credential files · Reads sensitive credential files
info
tests/unit/test_safe_join.py:44
safe_join(base_dir, "/etc/passwd")
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.