zcaceres/fetch-mcp

Powerful capabilities — review before trusting.

View source ↗

Outbound network 1

Environment variables (config / keys) 1

Shell / command execution 1

Sensitive credential files 2

AI review

The extension contains test code that attempts to read local files via file:// URLs (e.g., /etc/passwd), and imports child_process for executing external commands (yt-dlp). While the production code appears to have safeguards against local file access and command injection, the presence of these patterns in tests and the use of execSync/execFileSync for YouTube transcript fetching could be exploited if input validation is bypassed or if the proxy/URL parameters are not properly sanitized.

medium Test code accesses sensitive local file — src/Fetcher.test.ts:185 and src/cli.test.ts:226 contain tests that fetch file:///etc/passwd. While these are tests, they demonstrate that the codebase handles file:// URLs, which could be a vector for local file disclosure if the production code does not properly block such requests.
medium Child process execution for YouTube transcripts — src/Fetcher.ts:210 imports child_process (execFileSync, execSync) to run yt-dlp. If the URL or lang parameters are not strictly validated, this could allow command injection. The extension's stated purpose includes YouTube transcript fetching, but the use of execSync with user-supplied input is a risk.
low Environment variable used without validation — src/types.ts:3 reads process.env.DEFAULT_LIMIT and parses it as an integer. If set to a non-numeric value, it could cause unexpected behavior or denial of service, though this is not a direct security vulnerability.

Model: deepseek-chat

Static findings

Sensitive credential files · Reads sensitive credential files

info src/Fetcher.test.ts:185 const result = await Fetcher.html({ url: "file:///etc/passwd" });

info src/cli.test.ts:226 parseArgs(["html", "file:///etc/passwd"]);

Shell / command execution · Executes shell / system commands

medium src/Fetcher.ts:210 const { execFileSync, execSync } = await import("child_process");

Outbound network · Makes outbound network requests

low src/Fetcher.ts:64 response = await fetch(url, {

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/types.ts:3 const parsedLimit = Number.parseInt(process.env.DEFAULT_LIMIT ?? "5000");

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.