First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
2
Score
70/100
Findings (2)
Detects patterns where credential or secret reads are combined with external data transmission
read the config + forward pass in DistributedDataPrevent credentials and sensitive data obtained by one MCP tool from being passed to other tools. Implement data isolation between tools and restrict cross-tool data flow for secrets.
Likely FP if the cross-tool data flow is intentional API authentication (e.g., a tool fetches an auth token that another tool uses for the same service).
Detects attempts to read and transmit environment variables
os.environ['LOCAL_RANK']; the launcher will not pass --local-rank when you specify this flag. Warning local_rank is NOT globally unique: it is only unique per process on a machine. Thus, don’t use i...Validate that HTTP requests only send intended data. Block requests that embed file contents, environment variables, or credentials in URL parameters or request bodies to unknown hosts.
Likely FP if the matched text is an environment variable name that contains an HTTP verb (e.g., process.env.POST_URL) rather than an exfiltration pattern.