io.github.Chill-AI-Space/vault

MCPcommunity
v0.2.1io.github.Chill-AI-SpaceUnknownUpdated 4mo agonpmGitHub

MCP server for credential isolation — bots use passwords and API keys without seeing them

MCP server for credential isolation in LLM agents. Your bot uses passwords and API keys — but never sees them. AI agents are getting real access to real systems. They log into websites, call APIs, manage infrastructure. The standard pattern is dangerous: That API key is now in the LLM's context window, conversation logs, provider's training pipeline (maybe), and any tool that reads the…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
4mo agoLast update
Package
Authorio.github.Chill-AI-Space
LicenseUnknown
Version0.2.1
Sourcemcp-registry
Trust Status
B
60/100Good
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance
Dependencies60 resolved+ · none vulnerable
Tool surface10 tools · 1 privileged
Security scan✓ Cleanv0.2.1 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

MCP server for credential isolation in LLM agents. Your bot uses passwords and API keys — but never sees them. AI agents are getting real access to real systems. They log into websites, call APIs, manage infrastructure. The standard pattern is dangerous: That API key is now in the LLM's context window, conversation logs, provider's training pipeline (maybe), and any tool that reads the conversation. One leaked prompt — and your credentials are exposed. Vault MCP solves this with a simple…

Keywords
mcp