bolta-skills-index

Remove the Stripe API key and replace it with a reference to an environment variable. Immediately roll the key in the Stripe dashboard if it was a live key (sk_live_).

Likely FP if the key uses the test prefix (sk_test_) in a documentation context, or is a clearly truncated example string.

Pin the downloaded resource to a specific version or commit hash, and verify its integrity with a checksum (SHA-256). Avoid fetching scripts or binaries from arbitrary URLs at runtime.

Likely FP if the download URL points to a well-known CDN or package registry (e.g., npmjs.com, pypi.org) and is pinned to a specific version.

Restrict the tool to well-defined scopes and prevent it from requesting all permissions. Implement least-privilege access controls and audit permission grants.

Likely FP if the match is a tool description documenting available permission scopes, not a tool that actually requests overly broad access.

Restrict the tool to well-defined scopes and prevent it from requesting all permissions. Implement least-privilege access controls and audit permission grants.

Likely FP if the match is a tool description documenting available permission scopes, not a tool that actually requests overly broad access.

Restrict the tool to well-defined scopes and prevent it from requesting all permissions. Implement least-privilege access controls and audit permission grants.

Likely FP if the match is a tool description documenting available permission scopes, not a tool that actually requests overly broad access.

Restrict the tool to well-defined scopes and prevent it from requesting all permissions. Implement least-privilege access controls and audit permission grants.

Likely FP if the match is a tool description documenting available permission scopes, not a tool that actually requests overly broad access.

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

Pin the npx package in the MCP config to an exact version (e.g., @scope/server@1.2.3). Unpinned npx commands can silently fetch a compromised package version.

Likely FP if the MCP config is a local development setup example, though unpinned npx in production configs is a real supply chain risk.

Remove the -y/--yes auto-confirm flag from MCP server launch arguments. This flag bypasses user confirmation prompts and allows unattended execution of potentially dangerous operations.

Likely FP if the matched text is an isolated flag (-y or --yes) in documentation describing command-line options, not in an actual MCP config.

Remove shell metacharacters (semicolons, pipes, ampersands, backticks) from MCP server arguments. Use explicit argument arrays and avoid shell expansion in MCP configurations.

Likely FP if the metacharacter is a literal part of a non-shell argument (e.g., a regex pattern or a URL query parameter containing ampersands).

Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.

Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.

Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.

Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.