start_dca_swap
on https://chainflip-broker.io/mcp
Severity
1 finding on this tool
- highsecret exposuref-r10-start_dca_swap
Tool `start_dca_swap` exposes secrets or credentials to the agent
`start_dca_swap` appears to read or return secrets, API keys, credentials, or environment variables (Start a DCA (Dollar Cost Averaging) cross-chain swap that splits into multiple sub-swaps over time. Returns the deposit address. API key is optional.). Values surfaced in the model context are visible to any prompt with injection access; a compromised agent can relay them to an attacker-controlled server.
fix: Do not expose secrets to the agent: inject them server-side at call time rather than passing them through the model context. If a tool must return a credential, scope it with a capframe-bind time-limited caveat and log every issuance.
OWASP LLM06NIST MANAGE-2.2ATLAS T0040
About this tool
start_dca_swap is one of 6 tools exposed by Chainflip Broker MCP. The server scored 80/100 overall against the capframe rule engine (source: http). Last scanned 2026-06-26.
The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.