zcaceres/fetch-mcp

Powerful capabilities — review before trusting.

View source ↗

Outbound network 1

Environment variables (config / keys) 1

Shell / command execution 1

Sensitive credential files 2

AI review

The extension has a test that attempts to read /etc/passwd via file:// URL, and imports child_process for command execution, but these are used for legitimate functionality (YouTube transcript extraction via yt-dlp) and not for exfiltration. The file:// access in tests is a red flag but appears to be testing error handling, not actual exploitation. No hidden instructions or prompt injection vectors were found.

medium Test references sensitive file path — src/Fetcher.test.ts:185 and src/cli.test.ts:226 use 'file:///etc/passwd' as a test URL. While likely testing error handling for local file access, this pattern could be copied into production code or misused. The extension should explicitly block file:// protocol in production.
low Child process import for command execution — src/Fetcher.ts:210 imports execFileSync and execSync from child_process. This is used for YouTube transcript extraction via yt-dlp, which is a legitimate feature. However, if the URL parameter is not properly sanitized before being passed to execFileSync, it could enable command injection. The risk is low because the code appears to use execFileSync with a fixed command name.
low Environment variable for default limit — src/types.ts:3 reads process.env.DEFAULT_LIMIT. This is a documented configuration option and not a security risk, but it could allow large responses that might be used for denial of service if set too high.

Model: deepseek-chat

Static findings

Sensitive credential files · Reads sensitive credential files

info src/Fetcher.test.ts:185 const result = await Fetcher.html({ url: "file:///etc/passwd" });

info src/cli.test.ts:226 parseArgs(["html", "file:///etc/passwd"]);

Shell / command execution · Executes shell / system commands

medium src/Fetcher.ts:210 const { execFileSync, execSync } = await import("child_process");

Outbound network · Makes outbound network requests

low src/Fetcher.ts:64 response = await fetch(url, {

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/types.ts:3 const parsedLimit = Number.parseInt(process.env.DEFAULT_LIMIT ?? "5000");

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.