labarchive-integration

skills-sh:davila7_claude-code-templates__labarchive-integration

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Cross-tool data leakage MCP_007

mcp-attack L27

Detects patterns where credential or secret reads are combined with external data transmission

access credential + Upload experimental data

FIX

Prevent credentials and sensitive data obtained by one MCP tool from being passed to other tools. Implement data isolation between tools and restrict cross-tool data flow for secrets.

FP?

Likely FP if the cross-tool data flow is intentional API authentication (e.g., a tool fetches an auth token that another tool uses for the same service).

LOW

Git clone and execute chain SUPPLY_012

supply-chain L220

Detects git clone of repositories followed by execution of cloned content

git clone https://github.com/mcmero/labarchives-py + pip install .

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.