UUSQLMCPA universal SQL MCP (Model Context Protocol).

mcp-so:usqlmcp_thesoulless

View source

77/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

77/100

HIGH 1

MEDIUM 1

Findings (2)

HIGH

Database connection string CRED_006

credential-leak L121

Detects database connection strings with credentials

postgres://username:password@host.docker.internal:

FIX

Remove the database connection string and replace it with an environment variable reference. Rotate the database password if the connection string was exposed publicly.

FP?

Likely FP if the connection string uses localhost with no password (e.g., mongodb://localhost:27017/mydb) or is a documented example URI.

MEDIUM

Docker pull and run untrusted image EXTDL_015

external-download L115

Detects pulling and running Docker images from external registries

docker
run
-i
--rm
ghcr.io/thesoulless/u

FIX

Pin Docker images to a specific digest (e.g., image@sha256:abc...) instead of using mutable tags like :latest. Use trusted base images from verified publishers.

FP?

Likely FP if the Docker command pulls a well-known official image (e.g., docker pull python:3.11) in setup documentation.