chroma-core/chroma-mcp

Minor capabilities, nothing alarming.

Environment variables (config / keys) 2

Remote code execution 1

AI review

The extension is a legitimate MCP server for Chroma vector database operations. The only notable finding is a remote code execution pattern in CI that downloads and runs an installer script, but this is standard CI practice and not a runtime risk. No prompt injection, hidden instructions, or data exfiltration mechanisms were found.

low Remote script execution in CI workflow — Line 24 of .github/workflows/test.yml uses curl to pipe a shell script from astral.sh into sh. While this is a common CI pattern, it introduces supply chain risk if the upstream script is compromised. This does not affect runtime security of the MCP server itself.

Model: deepseek-chat

Static findings

Remote code execution · Downloads and executes remote code

info .github/workflows/test.yml:24 curl -LsSf https://astral.sh/uv/install.sh | sh

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/chroma_mcp/server.py:40 default=os.getenv('CHROMA_CLIENT_TYPE', 'ephemeral'),

info tests/test_server.py:26 original_environ = os.environ.copy()

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.