MCPVet
Medium
github · 37 files analyzed
semgrep/mcp
Powerful capabilities — review before trusting.
View source ↗Environment variables (config / keys) 5
Filesystem writes 1
Shell / command execution 3
Sensitive credential files 1
AI review
The extension reads environment variables (SEMGREP_APP_TOKEN, SEMGREP_PATH, SEMGREP_URL) and executes subprocesses (claude, semgrep), but these are expected for its stated purpose of running Semgrep scans. No hidden instructions, prompt injection, or data exfiltration mechanisms were found. The test file accessing /etc/passwd is a unit test for path traversal protection, not a vulnerability.
- low Environment variable access for authentication and configuration — The extension reads SEMGREP_APP_TOKEN, SEMGREP_PATH, and SEMGREP_URL from environment variables. This is expected behavior for a Semgrep MCP server that needs to authenticate and configure itself. No evidence of exfiltration or misuse.
- low Subprocess execution of claude and semgrep — The extension runs subprocesses for 'claude --version' and 'semgrep' commands. These are legitimate operations for checking dependencies and running scans. No injection of untrusted input into command strings was observed.
- low Test file references /etc/passwd — The test file tests/safe_join.py uses '/etc/passwd' as a test case for the safe_join function, which is designed to prevent path traversal. This is a standard security test, not an actual vulnerability.
Model: deepseek-chat
Static findings
Shell / command execution · Executes shell / system commands
medium
scripts/configure_semgrep_mcp.py:37
result = subprocess.run(["claude", "--version"], capture_output=True, text=True, timeout=10)
medium
src/semgrep_mcp/semgrep.py:184
process = subprocess.run(
medium
src/semgrep_mcp/utilities/utils.py:99
process = subprocess.run(
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
scripts/configure_semgrep_mcp.py:48
if semgrep_token := os.getenv("SEMGREP_APP_TOKEN"):
low
src/semgrep_mcp/semgrep.py:31
SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)
low
src/semgrep_mcp/server.py:40
SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")
low
src/semgrep_mcp/utilities/tracing.py:30
SEMGREP_URL = os.environ.get("SEMGREP_URL", "https://semgrep.dev")
low
src/semgrep_mcp/utilities/utils.py:14
SEMGREP_PATH = os.getenv("SEMGREP_PATH", None)
Filesystem writes · Reads or writes the filesystem
low
src/semgrep_mcp/server.py:190
shutil.rmtree(temp_dir, ignore_errors=True)
Sensitive credential files · Reads sensitive credential files
info
tests/unit/test_safe_join.py:44
safe_join(base_dir, "/etc/passwd")
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.