get_native_quotes
on https://chainflip-broker.io/mcp
Severity
1 finding on this tool
- highsecret exposuref-r10-get_native_quotes
Tool `get_native_quotes` exposes secrets or credentials to the agent
`get_native_quotes` appears to read or return secrets, API keys, credentials, or environment variables (Get swap quotes for exchanging one crypto asset to another using native (smallest unit) amounts. Returns available quotes with exchange rates, fees, and estimated output amounts. Use this when you have amounts in native units (e.g., satoshis for BTC, wei for ETH). API key is optional.). Values surfaced in the model context are visible to any prompt with injection access; a compromised agent can relay them to an attacker-controlled server.
fix: Do not expose secrets to the agent: inject them server-side at call time rather than passing them through the model context. If a tool must return a credential, scope it with a capframe-bind time-limited caveat and log every issuance.
OWASP LLM06NIST MANAGE-2.2ATLAS T0040
About this tool
get_native_quotes is one of 6 tools exposed by Chainflip Broker MCP. The server scored 80/100 overall against the capframe rule engine (source: http). Last scanned 2026-06-26.
The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.