MCPVet
Low
github · 104 files analyzed
paypal/agent-toolkit
Minor capabilities, nothing alarming.
View source ↗Outbound network 4
Environment variables (config / keys) 11
Sensitive credential files 1
AI review
The extension is a legitimate PayPal API toolkit with no hidden instructions or prompt injection. The only concerns are standard credential handling via environment variables and a CI workflow that writes an NPM token to .npmrc, which is a common but potentially risky practice if the CI environment is compromised.
- medium NPM token written to .npmrc in CI workflow — In .github/workflows/publish.yml:116, the command 'echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc' writes the NPM token to a file. If the CI runner is compromised or logs are exposed, this could leak the token. Consider using 'npm config set' or a temporary .npmrc with restricted permissions.
- low Environment variable access for PayPal credentials — Multiple files read PAYPAL_CLIENT_ID and PAYPAL_CLIENT_SECRET from environment variables. This is standard and expected for API authentication, but developers should ensure these secrets are not exposed in logs or error messages.
Model: deepseek-chat
Static findings
Sensitive credential files · Reads sensitive credential files
info
.github/workflows/publish.yml:116
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
Environment variables (config / keys) · Reads environment variables (config / API keys)
info
README.md:87
clientId: process.env.PAYPAL_CLIENT_ID,
info
python/examples/bedrock/app_agent.py:11
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/crewai/app_agent.py:14
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/langchain/app_agent.py:12
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/openai/app_agent.py:14
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/openai/app_assistant_chatbot.py:17
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
typescript/README.md:84
clientId: process.env.PAYPAL_CLIENT_ID,
info
typescript/examples/ai-sdk/index.ts:7
const envFilePath = process.env.ENV_FILE_PATH || '.env';
info
typescript/examples/bedrock/index.ts:5
const envFilePath = process.env.ENV_FILE_PATH || '.env';
info
typescript/examples/langchain/index.ts:6
const envFilePath = process.env.ENV_FILE_PATH || '.env';
info
typescript/examples/openai/index.ts:6
const envFilePath = process.env.ENV_FILE_PATH || ".env";
Outbound network · Makes outbound network requests
low
python/paypal_agent_toolkit/shared/paypal_client.py:48
response = requests.post(
low
typescript/package.json:62
"axios": "^1.8.4",
low
typescript/src/shared/client.ts:2
import axios from 'axios';
low
typescript/src/shared/functions.ts:1
import axios from 'axios';
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.