semgrep/mcp

Powerful capabilities — review before trusting.

View source ↗

Environment variables (config / keys) 5

Filesystem writes 1

Shell / command execution 3

Sensitive credential files 1

AI review

The extension reads environment variables (SEMGREP_APP_TOKEN, SEMGREP_PATH, SEMGREP_URL) and executes subprocesses (claude, semgrep), but these are all consistent with its stated purpose of running Semgrep scans and integrating with Claude. No hidden instructions, prompt injection, or data exfiltration mechanisms were found. The test file accessing /etc/passwd is a unit test for path traversal protection, not a real risk.

low Environment variable access for authentication and configuration — The extension reads SEMGREP_APP_TOKEN, SEMGREP_PATH, and SEMGREP_URL from the environment. This is expected behavior for a Semgrep MCP server that needs to authenticate with Semgrep App and locate the semgrep binary. No evidence of exfiltration.
low Subprocess execution of claude and semgrep — The extension runs `claude --version` to check for Claude CLI availability and runs `semgrep` for scanning. These are legitimate operations for the extension's purpose. The commands are hardcoded and not constructed from user input, reducing injection risk.
low Test file references /etc/passwd — The test file tests/safe_join.py uses '/etc/passwd' as a test case for path traversal protection. This is a standard security test and does not represent actual access to sensitive files in production.

Model: deepseek-chat

Static findings

Shell / command execution · Executes shell / system commands

medium scripts/configure_semgrep_mcp.py:37 result = subprocess.run(["claude", "--version"], capture_output=True, text=True, timeout=10)

medium src/semgrep_mcp/semgrep.py:184 process = subprocess.run(

medium src/semgrep_mcp/utilities/utils.py:99 process = subprocess.run(

Environment variables (config / keys) · Reads environment variables (config / API keys)

low scripts/configure_semgrep_mcp.py:48 if semgrep_token := os.getenv("SEMGREP_APP_TOKEN"):

low src/semgrep_mcp/semgrep.py:31 SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)

low src/semgrep_mcp/server.py:40 SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")

low src/semgrep_mcp/utilities/tracing.py:30 SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")

low src/semgrep_mcp/utilities/utils.py:14 SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)

Filesystem writes · Reads or writes the filesystem

low src/semgrep_mcp/server.py:190 shutil.rmtree(temp_dir, ignore_errors=True)

Sensitive credential files · Reads sensitive credential files

info tests/unit/test_safe_join.py:44 safe_join(base_dir, "/etc/passwd")

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.