snapchat

clawhub:snapchat

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Cross-tool data leakage MCP_007

mcp-attack L7

Detects patterns where credential or secret reads are combined with external data transmission

access and valid Maton API key + POST /v1/ads_library/sponsored_content

FIX

Prevent credentials and sensitive data obtained by one MCP tool from being passed to other tools. Implement data isolation between tools and restrict cross-tool data flow for secrets.

FP?

Likely FP if the cross-tool data flow is intentional API authentication (e.g., a tool fetches an auth token that another tool uses for the same service).

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L113

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://connect.maton.ai/?session_token=..."

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).