MCPVet
Medium
github · 250 files analyzed
apify/actors-mcp-server
Powerful capabilities — review before trusting.
View source ↗Outbound network 10
Environment variables (config / keys) 24
Filesystem writes 1
Shell / command execution 2
AI review
This is a legitimate development and testing tool for the Apify MCP server. The flagged items are standard development patterns (build scripts, evaluation infrastructure, environment variable access for configuration) that are expected and appropriate for this type of project. No hidden instructions, data exfiltration, or deceptive behavior was found.
- low Standard development tooling — The command_exec findings (execSync, spawn) are used in build scripts and development utilities, which is expected for a Node.js project. The env_access findings are for legitimate configuration (API tokens, base URLs) used in evaluation/testing infrastructure, not for exfiltration.
- low No hidden or deceptive instructions — The agent instructions (mcpc-tester, bug-triage, dig) are clearly documented development/testing agents with appropriate scope. They do not contain hidden prompts, data exfiltration commands, or instructions to access secrets outside the project's intended purpose.
- low Legitimate network dependencies — The axios dependency and fetch calls are standard for an MCP server that needs to communicate with external APIs (Apify API, telemetry, payment processing). These are expected for the stated purpose of the extension.
Model: deepseek-chat
Static findings
Shell / command execution · Executes shell / system commands
info
.github/scripts/before-beta-release.js:2
import { execSync } from 'node:child_process';
medium
scripts/dev_standby.js:7
import { spawn } from 'node:child_process';
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
evals/config.ts:205
PHOENIX_BASE_URL: process.env.PHOENIX_BASE_URL,
low
evals/create_dataset.ts:96
baseUrl: process.env.PHOENIX_BASE_URL!,
low
evals/evaluation_utils.ts:44
const apifyClient = new ApifyClient({ token: process.env.APIFY_API_TOKEN || '' });
low
evals/run_evaluation.ts:190
baseUrl: process.env.PHOENIX_BASE_URL!,
low
evals/shared/config.ts:11
baseURL: sanitizeEnvValue(process.env.OPENROUTER_BASE_URL) || 'https://openrouter.ai/api/v1',
low
evals/workflows/mcp_client.ts:58
...process.env,
low
evals/workflows/run_workflow_evals.ts:213
const apifyToken = sanitizeEnvValue(process.env.APIFY_TOKEN);
info
res/integration_test_coverage_audit.md:193
// - call apify/python-example with _meta.apifyToken = process.env.APIFY_TOKEN.
low
res/integration_test_coverage_plan.md:93
1. `should accept apifyToken via tools/call _meta and run successfully` — create client with `omitToken: true`. Send `tools/call` for `apify/python-example` with `_meta.apifyToken = process.env.APIFY_
low
scripts/dev_standby.js:18
env: { ...process.env, ...opts.env },
low
src/apify_client.ts:21
if (process.env.APIFY_IS_AT_HOME) return 'https://api.apify.com';
low
src/dev_server.ts:24
process.env.TELEMETRY_ENV ??= 'DEV';
+ 12 more
Outbound network · Makes outbound network requests
low
package.json:62
"axios": "^1.16.0",
info
pnpm-lock.yaml:247
axios:
info
res/integration_test_coverage_audit.md:167
// const r = await fetch(httpServerHost + '/');
low
res/integration_test_coverage_plan.md:72
1. `should return 405 on GET /` — `fetch(httpServerHost + '/')` → status 405, `Allow: POST`.
low
res/tasks_cancel_abort_flow.md:188
- **Race each platform call**: `raceAbort(run.get(), abortSignal)` and `raceAbort(run.waitForFinish(), abortSignal)` so a mid-call cancel returns promptly instead of blocking on the HTTP fetch (the cl
low
src/mcp/client.ts:90
async fetch(input: Request | URL | string, init?: RequestInit) {
low
src/payments/x402.ts:136
const response = await fetch(url, {
low
src/tools/common/fetch_apify_docs.ts:114
const response = await fetch(mdUrl);
info
src/tools/core/actor_run_response.ts:590
// instead of blocking on the HTTP fetch (the SDK does not accept an AbortSignal directly).
info
src/utils/payment_errors.ts:24
* The axios response interceptor stores the header value here so it can be
Filesystem writes · Reads or writes the filesystem
low
src/web/build.js:96
await fs.rm(distPath, { recursive: true, force: true });
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.