MCPVet
Low
Outbound network 12
Environment variables (config / keys) 39
Shell / command execution 23
AI review
This is a legitimate GitLab MCP server extension. All environment variable accesses are standard configuration (API URL, tokens, log level, workspace root) and are not exfiltrated. Network calls are to GitLab API endpoints as expected. Test files use standard patterns. No hidden instructions, prompt injection, or deceptive tool descriptions found.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
info
.github/agents/python-reviewer.agent.md:81
- **HIGH:** Do not mix `asyncio` and blocking I/O in the same event loop. Blocking calls (`time.sleep`, `open` in sync mode, `requests.get`) block the entire event loop.
low
oauth.ts:85
const req = http.request(options, res => {
low
test-note.ts:24
const response = await fetch(url.toString(), {
low
test-resolve-issue-note.ts:28
const response = await fetch(url.toString(), {
info
test/dynamic-api-url-test.ts:319
const response = await fetch(metricsUrl);
info
test/mcp-oauth-tests.ts:287
const res = await fetch(mcpUrl, {
info
test/remote-auth-simple-test.ts:38
const response = await fetch(metricsUrl);
info
test/remote-auth-tests.ts:70
const response = await fetch(url, {
info
test/stateless/session-id-integration.test.ts:115
const res = await fetch(url, {
info
test/test-remote-downloads.ts:410
const downloadRes = await fetch(parsed.download_url);
info
test/test-token-optimizations.ts:68
const response = await fetch(url, {
info
test/validate-api.js:63
const response = await fetch(test.url, {
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
config.ts:25
return cliArgs[cliKey] || process.env[envKey] || defaultValue;
low
customSchemas.ts:2
const DEFAULT_NULL = process.env.DEFAULT_NULL === "true";
low
index.ts:58
const secret = process.env.DOWNLOAD_TOKEN_SECRET;
low
mcp-server/src/utils.ts:8
return path.resolve(process.env.WORKSPACE_ROOT || process.cwd());
low
oauth.ts:14
level: process.env.LOG_LEVEL || "info",
low
stateless/secret.ts:62
env: NodeJS.ProcessEnv = process.env
low
test-cli.js:34
return cliArgs[cliKey] || process.env[envKey] || defaultValue;
low
test-note.ts:10
const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
low
test-resolve-issue-note.ts:10
const GITLAB_API_URL = process.env.GITLAB_API_URL || "https://gitlab.com";
info
test/clients/stdio-client.ts:33
// Copy process.env, filtering out undefined values
info
test/config-allowed-groups.test.ts:11
* config.ts reads process.env at module load, so each scenario runs in a
info
test/dynamic-routing-tests.ts:18
const originalToken = process.env.GITLAB_TOKEN_TEST;
+ 27 more
Shell / command execution · Executes shell / system commands
info
test/config-allowed-groups.test.ts:16
import { execFileSync } from "node:child_process";
info
test/stateless/config-ttl.test.ts:22
import { execFileSync } from "node:child_process";
info
test/streamable-http-static-token-auth.test.ts:2
import { spawn } from "node:child_process";
info
test/test-ci-lint.ts:3
import { spawn } from "child_process";
info
test/test-ci-variables.ts:3
import { spawn } from "child_process";
info
test/test-dependency-proxy.ts:3
import { spawn } from "child_process";
info
test/test-deployment-tools.ts:3
import { spawn } from "child_process";
info
test/test-download-attachment.ts:3
import { spawn } from 'node:child_process';
info
test/test-get-file-blame.ts:3
import { spawn } from "child_process";
info
test/test-job-artifacts.ts:3
import { spawn } from 'child_process';
info
test/test-list-issues.ts:3
import { spawn } from "child_process";
info
test/test-list-merge-requests.ts:3
import { spawn } from 'child_process';
+ 11 more
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.