ClickHouse/mcp-clickhouse

No risky behavior detected.

Outbound network 1

Environment variables (config / keys) 9

AI review

This is a legitimate ClickHouse MCP server extension with no deceptive or malicious behavior. The code accesses environment variables for configuration purposes only, which is expected for a database connector. The 'your_data_url' placeholder in chdb_prompt.py is a documentation example, not an actual exfiltration endpoint.

low Placeholder URL in documentation example — File mcp_clickhouse/chdb_prompt.py contains 'response = requests.get('your_data_url')' which is a placeholder in a documentation prompt, not executable code. This is a benign example showing how to use table functions, not an actual data exfiltration attempt.
low Environment variable access for legitimate configuration — Multiple files access environment variables (MCP_CLICKHOUSE_TRUSTSTORE_DISABLE, CLICKHOUSE_ENABLED, MCP_MIDDLEWARE_MODULE, FASTMCP_SERVER_AUTH, etc.) for standard configuration purposes. This is expected behavior for a database connector that needs connection settings, authentication tokens, and feature flags. No evidence of secret exfiltration.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low mcp_clickhouse/__init__.py:18 if os.getenv("MCP_CLICKHOUSE_TRUSTSTORE_DISABLE", None) != "1":

low mcp_clickhouse/mcp_env.py:64 return os.getenv("CLICKHOUSE_ENABLED", "true").lower() == "true"

low mcp_clickhouse/mcp_middleware_hook.py:10 middleware_module = os.getenv("MCP_MIDDLEWARE_MODULE")

low mcp_clickhouse/mcp_server.py:92 "FASTMCP_SERVER_AUTH": bool(os.getenv("FASTMCP_SERVER_AUTH")),

info tests/test_chdb_tool.py:19 cls._previous_chdb_enabled = os.environ.get("CHDB_ENABLED")

info tests/test_context_config_override.py:97 not __import__("os").getenv("CLICKHOUSE_HOST"),

info tests/test_middleware.py:15 with patch.dict(os.environ, {}, clear=False):

info tests/test_optional_chdb.py:21 patch.dict("os.environ", {"CHDB_ENABLED": "true"}, clear=False),

info tests/test_tool.py:135 @patch.dict(os.environ, {"CLICKHOUSE_ALLOW_WRITE_ACCESS": "true", "CLICKHOUSE_ALLOW_DROP": "true"})

Outbound network · Makes outbound network requests

low mcp_clickhouse/chdb_prompt.py:80 response = requests.get('your_data_url')

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.