MCPVet
Clean
Outbound network 8
Environment variables (config / keys) 37
Filesystem writes 1
Sensitive credential files 1
AI review
This is a legitimate MCP server for Atlassian products that reads environment variables for configuration and authentication, which is expected behavior. No hidden instructions, prompt injection, or data exfiltration mechanisms were found. The code follows standard security practices for an API integration tool.
- low Environment variable access for configuration — The extension reads standard environment variables (CONFLUENCE_URL, JIRA_SLA_METRICS, ATLASSIAN_OAUTH_CLIENT_ID, etc.) for authentication and configuration. This is expected and necessary for an Atlassian integration tool. No secrets are being exfiltrated or sent to unauthorized endpoints.
- low Network requests to Atlassian APIs — The extension makes HTTP requests to Atlassian APIs (Jira, Confluence) and OAuth endpoints. This is the stated purpose of the tool. All network requests are to legitimate Atlassian services or configured endpoints, not to arbitrary or malicious destinations.
- low File system operations in preprocessing — The extension uses shutil.rmtree for temporary directory cleanup during content preprocessing. This is standard practice and operates only on temporary directories created by the tool itself, not on arbitrary user files.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
scripts/oauth_authorize.py:313
args.client_id = os.getenv("ATLASSIAN_OAUTH_CLIENT_ID")
low
src/mcp_atlassian/__init__.py:16
if os.getenv(
low
src/mcp_atlassian/confluence/client.py:141
os.environ["NO_PROXY"] = self.config.no_proxy
low
src/mcp_atlassian/confluence/config.py:92
url = os.getenv("CONFLUENCE_URL")
low
src/mcp_atlassian/jira/client.py:154
os.environ["NO_PROXY"] = self.config.no_proxy
low
src/mcp_atlassian/jira/config.py:54
metrics_str = os.getenv("JIRA_SLA_METRICS", "cycle_time,time_in_status")
low
src/mcp_atlassian/jira/forms_api.py:48
self._cloud_id = os.getenv("ATLASSIAN_OAUTH_CLOUD_ID")
low
src/mcp_atlassian/servers/client_storage.py:147
mode = os.getenv(CLIENT_STORAGE_MODE_ENV, "default").strip().lower()
low
src/mcp_atlassian/servers/main.py:685
raw = os.getenv("ATLASSIAN_OAUTH_ALLOWED_CLIENT_REDIRECT_URIS")
low
src/mcp_atlassian/utils/env.py:19
return os.getenv(env_var_name, default).lower() in ("true", "1", "yes")
low
src/mcp_atlassian/utils/environment.py:38
client_id = os.getenv(client_id_envs[0]) or os.getenv(client_id_envs[1])
low
src/mcp_atlassian/utils/oauth.py:493
oauth_enabled = os.getenv("ATLASSIAN_OAUTH_ENABLE", "").lower() in (
+ 25 more
Outbound network · Makes outbound network requests
low
src/mcp_atlassian/confluence/pages.py:843
limit: Maximum number of pages to fetch (default: 500)
low
src/mcp_atlassian/jira/users.py:244
response = requests.get(
low
src/mcp_atlassian/servers/confluence.py:379
limit: Maximum pages to fetch (start with 100 for faster results).
low
src/mcp_atlassian/utils/oauth.py:177
response = requests.post(token_endpoint, data=payload, timeout=HTTP_TIMEOUT)
info
tests/e2e/cloud/conftest.py:123
resp = requests.get(
info
tests/e2e/conftest.py:151
resp = requests.get(f"{url}/status", timeout=10)
info
tests/unit/auth/test_authentication.py:39
with patch("requests.post") as mock_post:
info
tests/unit/jira/test_users.py:421
# Mock requests.get
Filesystem writes · Reads or writes the filesystem
low
src/mcp_atlassian/preprocessing/confluence.py:90
shutil.rmtree(temp_dir, ignore_errors=True)
Sensitive credential files · Reads sensitive credential files
info
src/mcp_atlassian/utils/io.py:30
attacks (e.g., ``../../etc/passwd``).
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.