io.github.vola-trebla/env-secret-exposure-analyzer-mcp

MCPcommunity
v0.2.0io.github.vola-treblaUnknownUpdated 1mo agonpmGitHub

Scans projects for secret exposure: leaked API keys, unprotected .env files, and secrets in logs.

Your AI agent is one debug session away from leaking your secrets. MCP server that scans your project for secret exposure risks — hardcoded API keys, unprotected files, and calls that print credentials at runtime. Before your agent accidentally reads them out loud. You ask your AI agent to debug a config issue. It reads . Inside: The agent now has your database password in its context. It might…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
1mo agoLast update
Package
Authorio.github.vola-trebla
LicenseUnknown
Version0.2.0
Sourcemcp-registry
Trust Status
B
60/100Good
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance
Dependencies60 resolved+ · none vulnerable
Tool surface5 tools · none privileged
Security scan✓ Cleanv0.2.0 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Your AI agent is one debug session away from leaking your secrets. MCP server that scans your project for secret exposure risks — hardcoded API keys, unprotected files, and calls that print credentials at runtime. Before your agent accidentally reads them out loud. You ask your AI agent to debug a config issue. It reads . Inside: The agent now has your database password in its context. It might log it, include it in a summary, or pass it to another tool. And your isn't in , so the next will do…

Keywords
mcp