Skip to main content
Glama

MCPVet MCP server

Vet an MCP server, Claude Code skill, or plugin for unsafe behavior — shell execution, secret access, data exfiltration, prompt injection, remote code — before you install it, right inside your agent.

It's a thin, auditable client: all analysis runs server-side at mcpvet.com. This process holds no credentials, touches no local files, and makes exactly one outbound HTTPS call per scan.

Install (Claude Code)

claude mcp add mcpvet -- npx -y github:LorenzoLombardi111/factory-mcpvet

Or add it to your MCP config manually:

{
  "mcpServers": {
    "mcpvet": {
      "command": "npx",
      "args": ["-y", "github:LorenzoLombardi111/factory-mcpvet"]
    }
  }
}

Related MCP server: mcp-security-audit

Use

Ask your agent:

Before I install it, scan @some/mcp-server with MCPVet.

The scan_extension tool accepts:

  • a GitHub repo URLhttps://github.com/owner/repo

  • an npm package name@scope/pkg

  • pasted skill / manifest text

It returns a graded verdict (clean → critical), the flagged findings with file and line, and a shareable report link.

Config

Env

Default

Purpose

MCPVET_API

https://mcpvet.com

API origin (override for self-host/testing)

MIT licensed.

A
license - permissive license
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/LorenzoLombardi111/factory-mcpvet'

If you have feedback or need assistance with the MCP directory API, please join our Discord server