First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
77/100
Findings (4)
Detects references to private/internal IP ranges in URL context
https://192.168.1.50:Implement URL allowlisting for all outbound requests. Block requests to private IP ranges (10.x, 172.16-31.x, 192.168.x), localhost, and link-local addresses.
Likely FP if the match is a localhost URL used for local development (e.g., http://localhost:3000) in setup documentation.
Detects API keys or tokens exposed in shell export commands
export HOME_ASSISTANT_TOKEN="your-restricted-user-token-here"Remove credentials from shell export statements. Use a .env file (excluded from version control) or a secrets manager, and load secrets at runtime.
Likely FP if the export line uses a placeholder value (e.g., export API_KEY=your-key-here) or is in documentation describing environment setup.
Detects patterns where external API responses are used directly without validation or sanitization
endpoint
- **NEVER** output + without a passValidate and sanitize all data received from external APIs before using it in tool operations or agent prompts. Implement schema validation and treat API responses as untrusted input.
Likely FP if the match is a truncated table cell or documentation fragment that mentions API responses in a descriptive context, not actual unvalidated data processing.
Detects hardcoded API keys, tokens, or passwords in MCP server environment configuration
"env": { + "apiKey": "your-restricted-user-token-here"Remove shell metacharacters (semicolons, pipes, ampersands, backticks) from MCP server arguments. Use explicit argument arrays and avoid shell expansion in MCP configurations.
Likely FP if the metacharacter is a literal part of a non-shell argument (e.g., a regex pattern or a URL query parameter containing ampersands).