MCPVet
Low
github · 250 files analyzed
apify/actors-mcp-server
Minor capabilities, nothing alarming.
View source ↗Outbound network 10
Environment variables (config / keys) 24
Filesystem writes 1
Shell / command execution 2
AI review
This is a legitimate development and testing tool for the Apify MCP server. The flagged items are standard development patterns (build scripts, evaluation infrastructure, environment variable access for configuration) that are expected and appropriate for this type of project. No prompt injection, data exfiltration, or deceptive behavior was found.
- low Standard development tooling, not malicious — The `execSync` and `spawn` calls in `.github/scripts/before-beta-release.js` and `scripts/dev_standby.js` are standard build/dev scripts, not hidden command execution. The `env_access` patterns throughout `evals/` and `src/` are legitimate configuration access (API tokens, base URLs) for the server's intended operation and evaluation workflows.
- low No deceptive tool descriptions or hidden instructions — The `.claude/agents/mcpc-tester.md` and `.claude/skills/` files contain clear, well-documented instructions for development testing and bug triage. They do not attempt to manipulate the agent, exfiltrate data, or perform actions outside their stated purpose. The `bug-triage` skill explicitly requires user approval before any write operations.
- low Network dependencies are expected — The `axios` dependency and `fetch` usage are expected for an MCP server that communicates with external APIs (Apify API, OpenRouter, Phoenix). The network calls in `src/mcp/client.ts` and `src/payments/x402.ts` are part of the server's core functionality.
Model: deepseek-chat
Static findings
Shell / command execution · Executes shell / system commands
info
.github/scripts/before-beta-release.js:2
import { execSync } from 'node:child_process';
medium
scripts/dev_standby.js:7
import { spawn } from 'node:child_process';
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
evals/config.ts:205
PHOENIX_BASE_URL: process.env.PHOENIX_BASE_URL,
low
evals/create_dataset.ts:96
baseUrl: process.env.PHOENIX_BASE_URL!,
low
evals/evaluation_utils.ts:44
const apifyClient = new ApifyClient({ token: process.env.APIFY_API_TOKEN || '' });
low
evals/run_evaluation.ts:190
baseUrl: process.env.PHOENIX_BASE_URL!,
low
evals/shared/config.ts:11
baseURL: sanitizeEnvValue(process.env.OPENROUTER_BASE_URL) || 'https://openrouter.ai/api/v1',
low
evals/workflows/mcp_client.ts:58
...process.env,
low
evals/workflows/run_workflow_evals.ts:213
const apifyToken = sanitizeEnvValue(process.env.APIFY_TOKEN);
info
res/integration_test_coverage_audit.md:193
// - call apify/python-example with _meta.apifyToken = process.env.APIFY_TOKEN.
low
res/integration_test_coverage_plan.md:93
1. `should accept apifyToken via tools/call _meta and run successfully` — create client with `omitToken: true`. Send `tools/call` for `apify/python-example` with `_meta.apifyToken = process.env.APIFY_
low
scripts/dev_standby.js:18
env: { ...process.env, ...opts.env },
low
src/apify_client.ts:21
if (process.env.APIFY_IS_AT_HOME) return 'https://api.apify.com';
low
src/dev_server.ts:24
process.env.TELEMETRY_ENV ??= 'DEV';
+ 12 more
Outbound network · Makes outbound network requests
low
package.json:62
"axios": "^1.16.0",
info
pnpm-lock.yaml:247
axios:
info
res/integration_test_coverage_audit.md:167
// const r = await fetch(httpServerHost + '/');
low
res/integration_test_coverage_plan.md:72
1. `should return 405 on GET /` — `fetch(httpServerHost + '/')` → status 405, `Allow: POST`.
low
res/tasks_cancel_abort_flow.md:188
- **Race each platform call**: `raceAbort(run.get(), abortSignal)` and `raceAbort(run.waitForFinish(), abortSignal)` so a mid-call cancel returns promptly instead of blocking on the HTTP fetch (the cl
low
src/mcp/client.ts:90
async fetch(input: Request | URL | string, init?: RequestInit) {
low
src/payments/x402.ts:136
const response = await fetch(url, {
low
src/tools/common/fetch_apify_docs.ts:114
const response = await fetch(mdUrl);
info
src/tools/core/actor_run_response.ts:590
// instead of blocking on the HTTP fetch (the SDK does not accept an AbortSignal directly).
info
src/utils/payment_errors.ts:24
* The axios response interceptor stores the header value here so it can be
Filesystem writes · Reads or writes the filesystem
low
src/web/build.js:96
await fs.rm(distPath, { recursive: true, force: true });
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.