MCPVet
Clean
Check your own MCP server
Free · no signup · instant shareable report.
Outbound network 1
Remote code execution 1
AI review
No real safety risk found. The README contains a harmless example curl command referencing a fictional domain (antigravity.google) which is not a real threat. The axios dependency is standard for HTTP communication. The issue templates and privacy policy are legitimate and transparent about data handling.
- low Fictional curl example in README — Line 193 shows `curl -fsSL https://antigravity.google/cli/install.sh | bash` which references a non-existent domain. This is clearly a placeholder/example and not an actual remote code execution risk. No action needed.
Model: deepseek-chat
Static findings
Remote code execution · Downloads and executes remote code
info
README.md:193
curl -fsSL https://antigravity.google/cli/install.sh | bash
Outbound network · Makes outbound network requests
low
package.json:75
"axios": "^1.6.7",
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.