get-env
on npm:@modelcontextprotocol/server-everything@2026.1.26
Severity
1 finding on this tool
- highsecret exposuref-r10-get_env
Tool `get-env` exposes secrets or credentials to the agent
`get-env` appears to read or return secrets, API keys, credentials, or environment variables (Returns all environment variables, helpful for debugging MCP server configuration). Values surfaced in the model context are visible to any prompt with injection access; a compromised agent can relay them to an attacker-controlled server.
fix: Do not expose secrets to the agent: inject them server-side at call time rather than passing them through the model context. If a tool must return a credential, scope it with a capframe-bind time-limited caveat and log every issuance.
OWASP LLM06NIST MANAGE-2.2ATLAS T0040
About this tool
get-env is one of 13 tools exposed by server-everything. The server scored 86/100 overall against the capframe rule engine (source: sandbox). Last scanned 2026-06-26.
The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.