A
100/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
100/100
LOW 1
Findings (1)
LOW
Cross-tool data leakage
L69 Detects patterns where credential or secret reads are combined with external data transmission
steal your credential + POST to webhook FIX
Prevent credentials and sensitive data obtained by one MCP tool from being passed to other tools. Implement data isolation between tools and restrict cross-tool data flow for secrets.
FP?
Likely FP if the cross-tool data flow is intentional API authentication (e.g., a tool fetches an auth token that another tool uses for the same service).