fastapi-microservices-development

skills-sh:manutej_luxor-claude-marketplace__fastapi-microservices-development

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 3

Findings (3)

LOW

Docker environment credentials CRED_017

credential-leak L975

Detects Docker or docker-compose commands passing credentials via environment variables

environment:
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=

FIX

Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.

FP?

Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L1304

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "http://example.com/support"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L1309

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://www.apache.org/licenses/LICENSE-2.0.html"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).