chroma-core/chroma-mcp

Minor capabilities, nothing alarming.

Environment variables (config / keys) 2

Remote code execution 1

AI review

The extension is a legitimate MCP server for Chroma vector database operations with no hidden instructions or data exfiltration mechanisms. The only notable finding is a remote code execution risk in the CI pipeline from downloading a shell script, which is a common CI pattern but should use pinned versions.

low Unpinned remote script download in CI — In .github/workflows/test.yml:24, the command 'curl -LsSf https://astral.sh/uv/install.sh | sh' downloads and executes a shell script without pinning a specific version or verifying integrity. While this is a standard CI pattern for installing uv, it could be exploited if the upstream URL is compromised. This does not affect the runtime MCP server itself.

Model: deepseek-chat

Static findings

Remote code execution · Downloads and executes remote code

info .github/workflows/test.yml:24 curl -LsSf https://astral.sh/uv/install.sh | sh

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/chroma_mcp/server.py:40 default=os.getenv('CHROMA_CLIENT_TYPE', 'ephemeral'),

info tests/test_server.py:26 original_environ = os.environ.copy()

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.