MCPVet
Low
Environment variables (config / keys) 4
Shell / command execution 1
AI review
This is an official Redis MCP server with no hidden instructions, prompt injection, or data exfiltration mechanisms. The code accesses environment variables only for legitimate Redis connection configuration and logging, which is expected for a database client. All tool descriptions match the stated purpose of providing a natural language interface to Redis.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/common/config.py:16
"host": os.getenv("REDIS_HOST", "127.0.0.1"),
low
src/common/logging_utils.py:12
name = os.getenv("MCP_REDIS_LOG_LEVEL")
info
tests/test_config.py:240
@patch.dict(os.environ, {}, clear=True)
info
tests/test_integration.py:40
env={"REDIS_HOST": "localhost", "REDIS_PORT": "6379", **dict(os.environ)},
Shell / command execution · Executes shell / system commands
info
tests/test_integration.py:31
return subprocess.Popen(
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.