MCPVet
← Scan another
Medium
github · 250 files analyzed

cloudflare/mcp-server-cloudflare

Powerful capabilities — review before trusting.

View source ↗
Outbound network 40
Filesystem writes 1
Shell / command execution 1
Install-time scripts 1

AI review

This is an official Cloudflare MCP server repository with no evidence of prompt injection, hidden instructions, or deceptive tool descriptions. All network calls are legitimate Cloudflare API interactions consistent with the stated purpose of providing MCP access to Cloudflare services.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

low apps/ai-gateway/src/ai-gateway.app.ts:104 }).fetch(req, env, ctx)
low apps/ai-gateway/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/auditlogs/src/auditlogs.app.ts:105 }).fetch(req, env, ctx)
low apps/auditlogs/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/autorag/src/autorag.app.ts:138 }).fetch(req, env, ctx)
low apps/autorag/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/browser-rendering/src/browser.app.ts:104 }).fetch(req, env, ctx)
low apps/browser-rendering/worker-configuration.d.ts:328 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/cloudflare-one-casb/src/cf1-casb.app.ts:105 }).fetch(req, env, ctx)
low apps/cloudflare-one-casb/worker-configuration.d.ts:324 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;
low apps/demo-day/frontend/script.js:144 const response = await fetch(url, options)
low apps/demo-day/worker-configuration.d.ts:310 fetch(input: RequestInfo | URL, init?: RequestInit<RequestInitCfProperties>): Promise<Response>;

+ 28 more

Shell / command execution · Executes shell / system commands

medium apps/sandbox-container/container/sandbox.container.app.ts:1 import { exec } from 'node:child_process'

Filesystem writes · Reads or writes the filesystem

low apps/sandbox-container/container/sandbox.container.app.ts:120 await fs.rm(path.join(process.cwd(), reqPath), { recursive: true })

Install-time scripts · Runs scripts on install (postinstall/preinstall)

medium apps/sandbox-container/package.json:14 "postinstall": "mkdir -p workdir",

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.