chroma-core/chroma-mcp

Minor capabilities, nothing alarming.

Environment variables (config / keys) 2

Remote code execution 1

AI review

The extension is a legitimate MCP server for Chroma vector database operations with no hidden instructions or data exfiltration mechanisms. The only notable finding is a remote code execution pattern in CI that downloads and runs an installer script, but this is standard CI practice and not part of the extension's runtime behavior.

low Remote script execution in CI workflow — Line 24 of .github/workflows/test.yml runs `curl -LsSf https://astral.sh/uv/install.sh | sh`, which downloads and executes an external script. While this is a common CI pattern for installing tools, it introduces supply chain risk if the external source is compromised. This does not affect the extension's runtime behavior.

Model: deepseek-chat

Static findings

Remote code execution · Downloads and executes remote code

info .github/workflows/test.yml:24 curl -LsSf https://astral.sh/uv/install.sh | sh

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/chroma_mcp/server.py:40 default=os.getenv('CHROMA_CLIENT_TYPE', 'ephemeral'),

info tests/test_server.py:26 original_environ = os.environ.copy()

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.