semgrep/mcp

Minor capabilities, nothing alarming.

View source ↗

Environment variables (config / keys) 5

Filesystem writes 1

Shell / command execution 3

Sensitive credential files 1

AI review

The extension reads environment variables for configuration (SEMGREP_APP_TOKEN, SEMGREP_PATH, SEMGREP_URL) and executes subprocess commands (claude --version, semgrep scan), which is expected behavior for a Semgrep MCP server. No hidden instructions, prompt injection, or data exfiltration mechanisms were found. The test file accessing /etc/passwd is a unit test for path traversal protection, not a vulnerability.

low Environment variable access for authentication and configuration — The extension reads SEMGREP_APP_TOKEN, SEMGREP_PATH, and SEMGREP_URL from environment variables. This is expected for a Semgrep integration that needs to authenticate with Semgrep's API and locate the semgrep binary. No evidence of exfiltration or misuse.
low Subprocess execution of semgrep and claude commands — The extension runs subprocess commands to check claude version and execute semgrep scans. This is necessary for the extension's stated purpose of running Semgrep scans. The commands are hardcoded and not constructed from user input, reducing injection risk.
low Test file references /etc/passwd in safe_join test — The test file tests/safe_join.py uses '/etc/passwd' as a test case for path traversal protection. This is a legitimate unit test to verify that the safe_join function correctly blocks path traversal attempts. It does not represent a real vulnerability.

Model: deepseek-chat

Static findings

Shell / command execution · Executes shell / system commands

medium scripts/configure_semgrep_mcp.py:37 result = subprocess.run(["claude", "--version"], capture_output=True, text=True, timeout=10)

medium src/semgrep_mcp/semgrep.py:184 process = subprocess.run(

medium src/semgrep_mcp/utilities/utils.py:99 process = subprocess.run(

Environment variables (config / keys) · Reads environment variables (config / API keys)

low scripts/configure_semgrep_mcp.py:48 if semgrep_token := os.getenv("SEMGREP_APP_TOKEN"):

low src/semgrep_mcp/semgrep.py:31 SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)

low src/semgrep_mcp/server.py:40 SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")

low src/semgrep_mcp/utilities/tracing.py:30 SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")

low src/semgrep_mcp/utilities/utils.py:14 SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)

Filesystem writes · Reads or writes the filesystem

low src/semgrep_mcp/server.py:190 shutil.rmtree(temp_dir, ignore_errors=True)

Sensitive credential files · Reads sensitive credential files

info tests/unit/test_safe_join.py:44 safe_join(base_dir, "/etc/passwd")

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.