← Scan another

High

github · 250 files analyzed

mongodb-js/mongodb-mcp-server

Sensitive access patterns — review carefully.

View source ↗

Outbound network 1

Environment variables (config / keys) 10

Filesystem writes 1

Shell / command execution 6

Sensitive credential files 21

AI review

This is a legitimate MongoDB MCP server implementation with no deceptive or malicious code. The flagged items relate to standard environment variable usage for configuration, a keychain class for credential management (which is expected for a database tool), and build/test scripts that are normal for a TypeScript project. No hidden instructions, prompt injection, or data exfiltration mechanisms were found.

low Standard environment variable usage for configuration — The code reads environment variables like MONGODB_PRODUCTION_URI, GITHUB_SERVER_URL, etc. This is expected behavior for a database server that needs configuration. The variables are used for legitimate purposes like connecting to MongoDB instances and CI/CD operations, not for exfiltration.
low Keychain class for credential management — The Keychain class is used for automatic secret redaction in logs and managing database credentials. This is a security feature, not a vulnerability. It's properly scoped and doesn't exfiltrate data.
low Build and test scripts with standard operations — Scripts using child_process (spawn, execSync, execFileSync) are standard for build automation, release generation, and testing. They don't execute arbitrary user input or perform unauthorized operations.
low Agent workflow documentation is legitimate — The .github/agents/agentic-workflows.agent.md file describes a legitimate dispatcher agent for GitHub workflows. It doesn't contain hidden instructions or attempts to manipulate the agent into performing unauthorized actions.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low MCP_SERVER_LIBRARY.md:285 production: process.env.MONGODB_PRODUCTION_URI,

low scripts/accuracy/generateTestSummary.ts:246 const { GITHUB_SERVER_URL, GITHUB_REPOSITORY, GITHUB_RUN_ID } = process.env;

low scripts/accuracy/updateAccuracyRunStatus.ts:5 const envAccuracyRunId = process.env.MDB_ACCURACY_RUN_ID;

info scripts/cleanupAtlasTestLeftovers.test.ts:146 baseUrl: process.env.MDB_MCP_API_BASE_URL || "https://cloud-dev.mongodb.com",

low scripts/generate-release-notes.ts:26 const GROVE_API_KEY = process.env["GROVE_API_KEY"];

low scripts/generate/generateArguments.ts:239 serverJson.version = process.env.VERSION || version;

low src/common/config/configUtils.ts:44 ? path.join(process.env.LOCALAPPDATA || process.env.APPDATA || os.homedir(), "mongodb")

low src/helpers/container.ts:15 if (process.env.container) {

low src/setup/aiTool.ts:53 return process.env.APPDATA || path.join(os.homedir(), "AppData", "Roaming");

low src/telemetry/telemetry.ts:240 if (typeof process === "undefined" || !process.env) {

Sensitive credential files · Reads sensitive credential files

info MCP_SERVER_LIBRARY.md:1056 // Pass keychain for automatic secret redaction

high api-extractor/reports/mongodb-mcp-server.public.api.md:404 constructor(keychain: Keychain);

high api-extractor/reports/web.public.api.md:644 constructor(keychain: Keychain | undefined);

high packages/types/src/index.ts:3 export type * from "./keychain.js";

high src/common/config/parseUserConfig.ts:2 import { Keychain } from "../keychain.js";

info src/common/keychain.ts:5 * This class holds the secrets of a single server. Ideally, we might want to have a keychain

high src/common/logging/consoleLogger.ts:1 import type { Keychain } from "../keychain.js";

high src/common/logging/diskLogger.ts:3 import type { Keychain } from "../keychain.js";

high src/common/logging/loggerBase.ts:3 import type { Keychain } from "../keychain.js";

high src/common/logging/mcpLogger.ts:3 import type { Keychain } from "../keychain.js";

high src/common/session.ts:19 import type { Keychain } from "./keychain.js";

high src/index.ts:47 import { Keychain } from "./common/keychain.js";

+ 9 more

Shell / command execution · Executes shell / system commands

medium scripts/createMcpb.ts:9 import { spawn } from "node:child_process";

medium scripts/generate-release-notes.ts:6 import { execFileSync } from "child_process";

medium scripts/generate/generateArguments.ts:13 import { execSync } from "child_process";

medium scripts/generate/generateUI.ts:8 import { execSync } from "child_process";

medium src/setup/aiTool.ts:6 import { exec } from "child_process";

medium src/setup/installSkills.ts:2 import { spawn } from "node:child_process";

Outbound network · Makes outbound network requests

low src/common/atlas/apiClient.ts:152 const response = await fetch(url, {

Filesystem writes · Reads or writes the filesystem

low src/common/exportsManager.ts:117 await fs.rm(this.exportsDirectoryPath, { force: true, recursive: true });

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.