CClaude ContextClaude Context is an MCP plugin that adds semantic code search to Claude Code and other AI coding agents, giving them deep context from your entire codebase.

mcp-so:claude-context_zilliztech

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

npx MCP server without version pin MCPCFG_001

mcp-config L35

Detects MCP server configs using npx to run packages without version pinning

"command": "npx"

FIX

Pin the npx package in the MCP config to an exact version (e.g., @scope/server@1.2.3). Unpinned npx commands can silently fetch a compromised package version.

FP?

Likely FP if the MCP config is a local development setup example, though unpinned npx in production configs is a real supply chain risk.

LOW

Hardcoded secrets in MCP env block MCPCFG_003

mcp-config L39

Detects hardcoded API keys, tokens, or passwords in MCP server environment configuration

"env": { + "MILVUS_TOKEN": "your-zilliz-cloud-api-key"

FIX

Remove shell metacharacters (semicolons, pipes, ampersands, backticks) from MCP server arguments. Use explicit argument arrays and avoid shell expansion in MCP configurations.

FP?

Likely FP if the metacharacter is a literal part of a non-shell argument (e.g., a regex pattern or a URL query parameter containing ampersands).