modelcontextprotocol/servers

Minor capabilities, nothing alarming.

View source ↗

Outbound network 2

Environment variables (config / keys) 9

Filesystem writes 8

Shell / command execution 3

Sensitive credential files 3

AI review

The repository contains test code that accesses environment variables and performs filesystem operations, but these are confined to test suites and do not represent runtime risks. The `get-env.ts` tool exposes all environment variables, which could leak secrets if deployed without restriction, but this is part of the 'everything' reference server intended for demonstration and testing, not production use.

medium Environment variable exposure in 'everything' server — src/everything/tools/get-env.ts:34 returns JSON.stringify(process.env) to the client, potentially leaking all environment variables including secrets. This is a reference/demo server, but if used in production or connected to sensitive environments, it poses a data exfiltration risk.
low Test code accesses environment variables and filesystem — Multiple test files (e.g., everything/__tests__/tools.test.ts, filesystem/__tests__/lib.test.ts) read or set environment variables and perform filesystem operations. These are isolated to test suites and do not affect runtime behavior, but they indicate that environment variables are used in the codebase and should be handled carefully.
low Filesystem server tests reference sensitive paths — src/filesystem/__tests__/lib.test.ts:170 and path-validation.test.ts:75 reference '/etc/passwd' in test assertions. This is only for validating path traversal protection logic and does not represent a real vulnerability.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

low CLAUDE.md:17 fetch/ Py mcp-server-fetch (web content fetching)

low src/everything/tools/gzip-file-as-resource.ts:195 const response = await fetch(url, { signal: controller.signal });

Shell / command execution · Executes shell / system commands

medium scripts/release.py:42 subprocess.run(

info src/filesystem/__tests__/startup-validation.test.ts:2 import { spawn } from 'child_process';

info src/filesystem/__tests__/structured-content.test.ts:7 import { spawn } from 'child_process';

Environment variables (config / keys) · Reads environment variables (config / API keys)

info src/everything/__tests__/tools.test.ts:164 process.env.TEST_VAR_EVERYTHING = 'test_value';

low src/everything/tools/get-env.ts:34 text: JSON.stringify(process.env, null, 2),

low src/everything/tools/gzip-file-as-resource.ts:12 process.env.GZIP_MAX_FETCH_SIZE ?? String(10 * 1024 * 1024)

low src/everything/transports/sse.ts:74 const PORT = process.env.PORT || 3001;

low src/everything/transports/streamableHttp.ts:201 const PORT = process.env.PORT || 3001;

info src/memory/__tests__/file-path.test.ts:16 originalEnv = process.env.MEMORY_FILE_PATH;

low src/memory/index.ts:16 if (process.env.MEMORY_FILE_PATH) {

info src/sequentialthinking/__tests__/lib.test.ts:21 process.env.DISABLE_THOUGHT_LOGGING = 'true';

low src/sequentialthinking/lib.ts:21 this.disableThoughtLogging = (process.env.DISABLE_THOUGHT_LOGGING || "").toLowerCase() === "true";

Filesystem writes · Reads or writes the filesystem

info src/filesystem/__tests__/directory-tree.test.ts:73 await fs.rm(testDir, { recursive: true, force: true });

info src/filesystem/__tests__/path-validation.test.ts:29 await fs.rm(testDir, { recursive: true, force: true });

info src/filesystem/__tests__/startup-validation.test.ts:53 await fs.rm(testDir, { recursive: true, force: true });

info src/filesystem/__tests__/structured-content.test.ts:50 await fs.rm(testDir, { recursive: true, force: true });

low src/filesystem/lib.ts:177 await fs.unlink(tempPath);

info src/git/tests/test_server.py:33 shutil.rmtree(repo_path)

info src/memory/__tests__/file-path.test.ts:31 await fs.unlink(oldMemoryPath);

info src/memory/__tests__/knowledge-graph.test.ts:23 await fs.unlink(testFilePath);

Sensitive credential files · Reads sensitive credential files

info src/filesystem/__tests__/lib.test.ts:170 const testPath = process.platform === 'win32' ? 'C:\\Windows\\System32\\file.txt' : '/etc/passwd';

info src/filesystem/__tests__/path-validation.test.ts:75 expect(isPathWithinAllowedDirectories('/etc/passwd', allowed)).toBe(false);

info src/git/src/mcp_server_git/server.py:137 # working tree to prevent path traversal (e.g. '../../etc/passwd' or an

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.