MCPVet
Clean
Check your own MCP server
Free · no signup · instant shareable report.
Outbound network 1
Environment variables (config / keys) 2
AI review
This is a legitimate MCP server that provides AI agent readability scanning services. It requires an API key for its core functionality but does not attempt to exfiltrate credentials or inject hidden instructions. The code and documentation are transparent about its purpose and data handling.
- low No security concerns detected — The extension reads environment variables for configuration (API key, URL, timeouts) but only sends them to the documented Agent Ready API endpoint. No code attempts to exfiltrate credentials to unauthorized destinations. The ask tool is documented as public and requires no API key, which is consistent with its stated purpose.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
scripts/check-resource-drift.mjs:16
const BASE = (process.env.AGENT_READY_API_URL ?? "https://agent-ready.dev").replace(
low
src/client.ts:16
export function createConfig(env: NodeJS.ProcessEnv = process.env): Config {
Outbound network · Makes outbound network requests
low
src/client.ts:71
res = await fetch(url, {
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.