First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
92/100
Findings (3)
Detects patterns where credential or secret reads are combined with external data transmission
access and valid Maton API key + Upload ContentPrevent credentials and sensitive data obtained by one MCP tool from being passed to other tools. Implement data isolation between tools and restrict cross-tool data flow for secrets.
Likely FP if the cross-tool data flow is intentional API authentication (e.g., a tool fetches an auth token that another tool uses for the same service).
Detects MCP server configurations connecting to non-localhost remote URLs
"url": "https://connect.maton.ai/?session_token=..."Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.
Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).
Detects URLs fetched at runtime that control or influence agent behavior without pinning
Get File](https:// + settingsAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.