MCPVet
Low
Environment variables (config / keys) 4
Shell / command execution 1
AI review
This is an official Redis MCP server that provides standard Redis operations through natural language. The code accesses environment variables for configuration (host, port, log level) as expected for a database connector, and the test files use subprocess and environment manipulation only for integration testing purposes. No hidden instructions, prompt injection, or data exfiltration mechanisms were found.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/common/config.py:16
"host": os.getenv("REDIS_HOST", "127.0.0.1"),
low
src/common/logging_utils.py:12
name = os.getenv("MCP_REDIS_LOG_LEVEL")
info
tests/test_config.py:240
@patch.dict(os.environ, {}, clear=True)
info
tests/test_integration.py:40
env={"REDIS_HOST": "localhost", "REDIS_PORT": "6379", **dict(os.environ)},
Shell / command execution · Executes shell / system commands
info
tests/test_integration.py:31
return subprocess.Popen(
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.