MCPVet
Clean
github · 11 files analyzed
nickclyde/duckduckgo-mcp-server
No risky behavior detected.
View source ↗Outbound network 2
Environment variables (config / keys) 1
AI review
No safety risks found. This is a straightforward DuckDuckGo search and web content fetching MCP server with no hidden instructions, data exfiltration, or deceptive tool descriptions. The environment variable usage is limited to SafeSearch and region configuration, which is appropriate for its stated purpose.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
info
README.md:140
# Force curl for every fetch (requires the [browser] extra)
low
src/duckduckgo_mcp_server/server.py:420
url: The full URL of the webpage to fetch (must start with http:// or https://).
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/duckduckgo_mcp_server/server.py:369
SAFE_SEARCH_MODE = os.getenv("DDG_SAFE_SEARCH", "MODERATE").upper()
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.