MCPVet
Low
github · 104 files analyzed
paypal/agent-toolkit
Minor capabilities, nothing alarming.
View source ↗Outbound network 4
Environment variables (config / keys) 11
Sensitive credential files 1
AI review
The extension is a legitimate PayPal API toolkit with no hidden instructions or prompt injection. The only concerns are standard credential handling via environment variables and a CI workflow that writes an NPM token to .npmrc, which is a common practice but could be a risk if the CI environment is compromised.
- medium CI workflow writes NPM token to .npmrc — In .github/workflows/publish.yml:116, the command 'echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc' writes the NPM token to a file. This is a standard practice for publishing packages, but if the CI runner is compromised or logs are exposed, the token could be leaked. Consider using npm's built-in token authentication via environment variables instead.
- low Environment variable usage for credentials — The toolkit reads PAYPAL_CLIENT_ID and PAYPAL_CLIENT_SECRET from environment variables in multiple example files and the main library. This is expected and secure as long as users do not hardcode secrets. No exfiltration or misuse is present.
Model: deepseek-chat
Static findings
Sensitive credential files · Reads sensitive credential files
info
.github/workflows/publish.yml:116
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
Environment variables (config / keys) · Reads environment variables (config / API keys)
info
README.md:87
clientId: process.env.PAYPAL_CLIENT_ID,
info
python/examples/bedrock/app_agent.py:11
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/crewai/app_agent.py:14
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/langchain/app_agent.py:12
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/openai/app_agent.py:14
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
python/examples/openai/app_assistant_chatbot.py:17
PAYPAL_CLIENT_ID = os.getenv("PAYPAL_CLIENT_ID")
info
typescript/README.md:84
clientId: process.env.PAYPAL_CLIENT_ID,
info
typescript/examples/ai-sdk/index.ts:7
const envFilePath = process.env.ENV_FILE_PATH || '.env';
info
typescript/examples/bedrock/index.ts:5
const envFilePath = process.env.ENV_FILE_PATH || '.env';
info
typescript/examples/langchain/index.ts:6
const envFilePath = process.env.ENV_FILE_PATH || '.env';
info
typescript/examples/openai/index.ts:6
const envFilePath = process.env.ENV_FILE_PATH || ".env";
Outbound network · Makes outbound network requests
low
python/paypal_agent_toolkit/shared/paypal_client.py:48
response = requests.post(
low
typescript/package.json:62
"axios": "^1.8.4",
low
typescript/src/shared/client.ts:2
import axios from 'axios';
low
typescript/src/shared/functions.ts:1
import axios from 'axios';
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.