modelcontextprotocol/servers

Powerful capabilities — review before trusting.

View source ↗

Outbound network 2

Environment variables (config / keys) 9

Filesystem writes 8

Shell / command execution 3

Sensitive credential files 3

AI review

The repository contains test code that accesses environment variables and performs filesystem operations, but these are isolated to test suites and do not represent runtime risks. The `get-env.ts` tool exposes all environment variables, which could leak secrets if deployed without proper access controls. No prompt injection or hidden instructions were found.

medium Environment variable exposure in everything server — src/everything/tools/get-env.ts:34 returns JSON.stringify(process.env) which exposes all environment variables, including potential secrets (API keys, tokens). This is a reference/demo server, but if used in production or exposed to untrusted users, it could leak sensitive data.
low Test code accesses environment variables and filesystem — Multiple test files (e.g., src/everything/__tests__/tools.test.ts, src/filesystem/__tests__/lib.test.ts) read or modify environment variables and perform filesystem operations. These are confined to test suites and do not affect runtime behavior, but they indicate that environment variables are used in tests without sanitization.
low Filesystem server tests reference sensitive paths — src/filesystem/__tests__/lib.test.ts:170 and path-validation.test.ts:75 reference '/etc/passwd' in test assertions. This is only for testing path validation logic and does not actually read the file, but it shows awareness of path traversal risks.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

low CLAUDE.md:17 fetch/ Py mcp-server-fetch (web content fetching)

low src/everything/tools/gzip-file-as-resource.ts:195 const response = await fetch(url, { signal: controller.signal });

Shell / command execution · Executes shell / system commands

medium scripts/release.py:42 subprocess.run(

info src/filesystem/__tests__/startup-validation.test.ts:2 import { spawn } from 'child_process';

info src/filesystem/__tests__/structured-content.test.ts:7 import { spawn } from 'child_process';

Environment variables (config / keys) · Reads environment variables (config / API keys)

info src/everything/__tests__/tools.test.ts:164 process.env.TEST_VAR_EVERYTHING = 'test_value';

low src/everything/tools/get-env.ts:34 text: JSON.stringify(process.env, null, 2),

low src/everything/tools/gzip-file-as-resource.ts:12 process.env.GZIP_MAX_FETCH_SIZE ?? String(10 * 1024 * 1024)

low src/everything/transports/sse.ts:74 const PORT = process.env.PORT || 3001;

low src/everything/transports/streamableHttp.ts:201 const PORT = process.env.PORT || 3001;

info src/memory/__tests__/file-path.test.ts:16 originalEnv = process.env.MEMORY_FILE_PATH;

low src/memory/index.ts:16 if (process.env.MEMORY_FILE_PATH) {

info src/sequentialthinking/__tests__/lib.test.ts:21 process.env.DISABLE_THOUGHT_LOGGING = 'true';

low src/sequentialthinking/lib.ts:21 this.disableThoughtLogging = (process.env.DISABLE_THOUGHT_LOGGING || "").toLowerCase() === "true";

Filesystem writes · Reads or writes the filesystem

info src/filesystem/__tests__/directory-tree.test.ts:73 await fs.rm(testDir, { recursive: true, force: true });

info src/filesystem/__tests__/path-validation.test.ts:29 await fs.rm(testDir, { recursive: true, force: true });

info src/filesystem/__tests__/startup-validation.test.ts:53 await fs.rm(testDir, { recursive: true, force: true });

info src/filesystem/__tests__/structured-content.test.ts:50 await fs.rm(testDir, { recursive: true, force: true });

low src/filesystem/lib.ts:177 await fs.unlink(tempPath);

info src/git/tests/test_server.py:33 shutil.rmtree(repo_path)

info src/memory/__tests__/file-path.test.ts:31 await fs.unlink(oldMemoryPath);

info src/memory/__tests__/knowledge-graph.test.ts:23 await fs.unlink(testFilePath);

Sensitive credential files · Reads sensitive credential files

info src/filesystem/__tests__/lib.test.ts:170 const testPath = process.platform === 'win32' ? 'C:\\Windows\\System32\\file.txt' : '/etc/passwd';

info src/filesystem/__tests__/path-validation.test.ts:75 expect(isPathWithinAllowedDirectories('/etc/passwd', allowed)).toBe(false);

info src/git/src/mcp_server_git/server.py:137 # working tree to prevent path traversal (e.g. '../../etc/passwd' or an

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.