@agentsid/scanner 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +205 -0
- package/action/action.yml +42 -0
- package/action/index.mjs +179 -0
- package/docs/state-of-agent-security-2026.md +377 -0
- package/examples/security-scan.yml +57 -0
- package/package.json +37 -0
- package/reports/aashari-mcp-server-atlassian-confluence.json +110 -0
- package/reports/aashari-mcp-server-atlassian-jira.json +138 -0
- package/reports/aashari-mcp-server-aws-sso.json +122 -0
- package/reports/agentdeskai-browser-tools-mcp.json +361 -0
- package/reports/ahmetkca-mcp-server-postgres.json +43 -0
- package/reports/aiondadotcom-mcp-ssh.json +166 -0
- package/reports/apify-actors-mcp-server.json +43 -0
- package/reports/azure-mcp.json +43 -0
- package/reports/boilerplate-mcp-tool.json +43 -0
- package/reports/browserstack-mcp-server.json +43 -0
- package/reports/canvas-mcp-server.json +43 -0
- package/reports/canvas-mcp-tool.json +43 -0
- package/reports/chrome-devtools-mcp.json +300 -0
- package/reports/chrome-local-mcp.json +222 -0
- package/reports/claude-flow-mcp.json +43 -0
- package/reports/cloudflare-mcp-server.json +43 -0
- package/reports/code-canvas-server.json +43 -0
- package/reports/cognitionai-metabase-mcp-server.json +43 -0
- package/reports/composio-mcp.json +43 -0
- package/reports/contentful-mcp-server.json +43 -0
- package/reports/dbhub.json +43 -0
- package/reports/desktop-commander.json +43 -0
- package/reports/dynatrace-oss-dynatrace-mcp-server.json +43 -0
- package/reports/e2b-mcp-server.json +67 -0
- package/reports/eslint-mcp.json +51 -0
- package/reports/european-parliament-mcp-server.json +1467 -0
- package/reports/exa-mcp-server.json +74 -0
- package/reports/executeautomation-playwright-mcp-server.json +418 -0
- package/reports/fast-kit-spec-kit.json +43 -0
- package/reports/felores-airtable-mcp-server.json +43 -0
- package/reports/figma-mcp.json +103 -0
- package/reports/forestadmin-mcp-server.json +43 -0
- package/reports/fullrun-mcp.json +43 -0
- package/reports/gemini-mcp-tool.json +43 -0
- package/reports/gitlab-mcp-agent-server.json +186 -0
- package/reports/grackle-ai-mcp.json +43 -0
- package/reports/heroku-mcp-server.json +333 -0
- package/reports/hisma-server-puppeteer.json +93 -0
- package/reports/hubspot-mcp-server.json +43 -0
- package/reports/hyper-mcp-shell.json +59 -0
- package/reports/iflow-mcp-server-github.json +327 -0
- package/reports/jpisnice-shadcn-ui-mcp-server.json +149 -0
- package/reports/jsonresume-mcp.json +43 -0
- package/reports/mapbox-mcp-server.json +43 -0
- package/reports/mcp-framework.json +43 -0
- package/reports/mcp-from-openapi.json +43 -0
- package/reports/mcp-handler.json +43 -0
- package/reports/mcp-proxy.json +43 -0
- package/reports/mcp-server-docker.json +59 -0
- package/reports/mcp-server-github-gist.json +108 -0
- package/reports/mcp-server-google-calendar.json +43 -0
- package/reports/mcp-server-jira-cloud.json +43 -0
- package/reports/mcp-server-kubernetes.json +43 -0
- package/reports/mcp-server-slack.json +411 -0
- package/reports/mcp-server-sqlite-npx.json +43 -0
- package/reports/mcp-server.json +43 -0
- package/reports/mcp-starter.json +59 -0
- package/reports/mcp-tool-lint.json +43 -0
- package/reports/mcporter.json +43 -0
- package/reports/mcptoolshop-mcp-tool-registry.json +43 -0
- package/reports/microsoft-devbox-mcp.json +43 -0
- package/reports/mobilenext-mobile-mcp.json +214 -0
- package/reports/modelcontextprotocol-server-brave-search.json +43 -0
- package/reports/modelcontextprotocol-server-everything.json +165 -0
- package/reports/modelcontextprotocol-server-fetch.json +43 -0
- package/reports/modelcontextprotocol-server-filesystem.json +259 -0
- package/reports/modelcontextprotocol-server-github.json +391 -0
- package/reports/modelcontextprotocol-server-memory.json +117 -0
- package/reports/modelcontextprotocol-server-postgres.json +43 -0
- package/reports/modelcontextprotocol-server-puppeteer.json +101 -0
- package/reports/modelcontextprotocol-server-sequential-thinking.json +67 -0
- package/reports/mongodb-mcp-server.json +43 -0
- package/reports/mseep-linear-mcp-server.json +43 -0
- package/reports/mseep-mcp-server-sqlite-npx.json +43 -0
- package/reports/n8n-mcp.json +123 -0
- package/reports/notepost-mcp.json +43 -0
- package/reports/notionhq-notion-mcp-server.json +220 -0
- package/reports/nx-mcp.json +59 -0
- package/reports/obsidian-mcp-server.json +43 -0
- package/reports/opengraph-io-mcp.json +130 -0
- package/reports/payloadcms-plugin-mcp.json +43 -0
- package/reports/peac-mappings-mcp.json +43 -0
- package/reports/playwright-mcp.json +236 -0
- package/reports/puppeteer-mcp-server.json +43 -0
- package/reports/railway-mcp-server.json +194 -0
- package/reports/razorpay-blade-mcp.json +182 -0
- package/reports/rekog-mcp-nest.json +43 -0
- package/reports/remotion-mcp.json +51 -0
- package/reports/rollbar-mcp-server.json +43 -0
- package/reports/sap-ux-fiori-mcp-server.json +80 -0
- package/reports/sentry-mcp-server.json +43 -0
- package/reports/server-filesystem.json +43 -0
- package/reports/server-memory.json +43 -0
- package/reports/shortcut-mcp.json +43 -0
- package/reports/supabase-mcp-server-supabase.json +43 -0
- package/reports/tavily-mcp.json +79 -0
- package/reports/thelord-mcp-server-docker-npx.json +43 -0
- package/reports/tyk-technologies-api-to-mcp.json +43 -0
- package/reports/tyk-technologies-tyk-dashboard-mcp.json +43 -0
- package/reports/ui5-mcp-server.json +157 -0
- package/reports/upstash-context7-mcp.json +82 -0
- package/reports/vantasdk-vanta-mcp-server.json +43 -0
- package/reports/winor30-mcp-server-datadog.json +43 -0
- package/reports/wonderwhy-er-desktop-commander.json +43 -0
- package/reports/xzxzzx-bilibili-mcp.json +58 -0
- package/src/grader.mjs +66 -0
- package/src/index.mjs +108 -0
- package/src/reporter.mjs +158 -0
- package/src/rules.mjs +363 -0
- package/src/scanner.mjs +208 -0
|
@@ -0,0 +1,259 @@
|
|
|
1
|
+
{
|
|
2
|
+
"scanner": {
|
|
3
|
+
"name": "agentsid-scanner",
|
|
4
|
+
"version": "0.1.0"
|
|
5
|
+
},
|
|
6
|
+
"scannedAt": "2026-03-29T19:39:07.375Z",
|
|
7
|
+
"server": {
|
|
8
|
+
"name": "secure-filesystem-server",
|
|
9
|
+
"version": "0.2.0"
|
|
10
|
+
},
|
|
11
|
+
"toolCount": 14,
|
|
12
|
+
"grade": {
|
|
13
|
+
"overall": "F",
|
|
14
|
+
"score": 0,
|
|
15
|
+
"categories": {
|
|
16
|
+
"injection": "A",
|
|
17
|
+
"permissions": "B",
|
|
18
|
+
"validation": "F",
|
|
19
|
+
"auth": "B",
|
|
20
|
+
"output": "C",
|
|
21
|
+
"hallucination": "D"
|
|
22
|
+
}
|
|
23
|
+
},
|
|
24
|
+
"summary": {
|
|
25
|
+
"CRITICAL": 0,
|
|
26
|
+
"HIGH": 3,
|
|
27
|
+
"MEDIUM": 18,
|
|
28
|
+
"LOW": 10,
|
|
29
|
+
"INFO": 0
|
|
30
|
+
},
|
|
31
|
+
"riskProfile": {
|
|
32
|
+
"read_only": 9,
|
|
33
|
+
"mutation": 2,
|
|
34
|
+
"destructive": 0,
|
|
35
|
+
"execution": 0,
|
|
36
|
+
"privilege": 0,
|
|
37
|
+
"financial": 0
|
|
38
|
+
},
|
|
39
|
+
"findings": [
|
|
40
|
+
{
|
|
41
|
+
"category": "injection",
|
|
42
|
+
"severity": "MEDIUM",
|
|
43
|
+
"tool": "read_media_file",
|
|
44
|
+
"rule": "encoded_payload",
|
|
45
|
+
"detail": "Tool description contains potential prompt injection pattern: \"encoded_payload\"",
|
|
46
|
+
"evidence": "Read an image or audio file. Returns the base64 encoded data and MIME type. Only works within allowed directories."
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"category": "permissions",
|
|
50
|
+
"severity": "MEDIUM",
|
|
51
|
+
"tool": "write_file",
|
|
52
|
+
"rule": "dangerous_tool_mutation",
|
|
53
|
+
"detail": "Tool \"write_file\" classified as mutation — requires permission controls"
|
|
54
|
+
},
|
|
55
|
+
{
|
|
56
|
+
"category": "permissions",
|
|
57
|
+
"severity": "MEDIUM",
|
|
58
|
+
"tool": "create_directory",
|
|
59
|
+
"rule": "dangerous_tool_mutation",
|
|
60
|
+
"detail": "Tool \"create_directory\" classified as mutation — requires permission controls"
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
"category": "validation",
|
|
64
|
+
"severity": "MEDIUM",
|
|
65
|
+
"tool": "read_file",
|
|
66
|
+
"rule": "unbounded_strings",
|
|
67
|
+
"detail": "String parameters without length limits or pattern validation in tool \"read_file\""
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
"category": "validation",
|
|
71
|
+
"severity": "MEDIUM",
|
|
72
|
+
"tool": "read_text_file",
|
|
73
|
+
"rule": "unbounded_strings",
|
|
74
|
+
"detail": "String parameters without length limits or pattern validation in tool \"read_text_file\""
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
"category": "validation",
|
|
78
|
+
"severity": "MEDIUM",
|
|
79
|
+
"tool": "read_media_file",
|
|
80
|
+
"rule": "unbounded_strings",
|
|
81
|
+
"detail": "String parameters without length limits or pattern validation in tool \"read_media_file\""
|
|
82
|
+
},
|
|
83
|
+
{
|
|
84
|
+
"category": "validation",
|
|
85
|
+
"severity": "MEDIUM",
|
|
86
|
+
"tool": "write_file",
|
|
87
|
+
"rule": "unbounded_strings",
|
|
88
|
+
"detail": "String parameters without length limits or pattern validation in tool \"write_file\""
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
"category": "validation",
|
|
92
|
+
"severity": "MEDIUM",
|
|
93
|
+
"tool": "edit_file",
|
|
94
|
+
"rule": "unbounded_strings",
|
|
95
|
+
"detail": "String parameters without length limits or pattern validation in tool \"edit_file\""
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"category": "validation",
|
|
99
|
+
"severity": "MEDIUM",
|
|
100
|
+
"tool": "create_directory",
|
|
101
|
+
"rule": "unbounded_strings",
|
|
102
|
+
"detail": "String parameters without length limits or pattern validation in tool \"create_directory\""
|
|
103
|
+
},
|
|
104
|
+
{
|
|
105
|
+
"category": "validation",
|
|
106
|
+
"severity": "MEDIUM",
|
|
107
|
+
"tool": "list_directory",
|
|
108
|
+
"rule": "unbounded_strings",
|
|
109
|
+
"detail": "String parameters without length limits or pattern validation in tool \"list_directory\""
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
"category": "validation",
|
|
113
|
+
"severity": "MEDIUM",
|
|
114
|
+
"tool": "list_directory_with_sizes",
|
|
115
|
+
"rule": "unbounded_strings",
|
|
116
|
+
"detail": "String parameters without length limits or pattern validation in tool \"list_directory_with_sizes\""
|
|
117
|
+
},
|
|
118
|
+
{
|
|
119
|
+
"category": "validation",
|
|
120
|
+
"severity": "MEDIUM",
|
|
121
|
+
"tool": "directory_tree",
|
|
122
|
+
"rule": "unbounded_strings",
|
|
123
|
+
"detail": "String parameters without length limits or pattern validation in tool \"directory_tree\""
|
|
124
|
+
},
|
|
125
|
+
{
|
|
126
|
+
"category": "validation",
|
|
127
|
+
"severity": "MEDIUM",
|
|
128
|
+
"tool": "move_file",
|
|
129
|
+
"rule": "unbounded_strings",
|
|
130
|
+
"detail": "String parameters without length limits or pattern validation in tool \"move_file\""
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
"category": "validation",
|
|
134
|
+
"severity": "MEDIUM",
|
|
135
|
+
"tool": "search_files",
|
|
136
|
+
"rule": "unbounded_strings",
|
|
137
|
+
"detail": "String parameters without length limits or pattern validation in tool \"search_files\""
|
|
138
|
+
},
|
|
139
|
+
{
|
|
140
|
+
"category": "validation",
|
|
141
|
+
"severity": "MEDIUM",
|
|
142
|
+
"tool": "get_file_info",
|
|
143
|
+
"rule": "unbounded_strings",
|
|
144
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_file_info\""
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"category": "validation",
|
|
148
|
+
"severity": "MEDIUM",
|
|
149
|
+
"tool": "list_allowed_directories",
|
|
150
|
+
"rule": "empty_schema",
|
|
151
|
+
"detail": "Schema defined but no properties specified in tool \"list_allowed_directories\""
|
|
152
|
+
},
|
|
153
|
+
{
|
|
154
|
+
"category": "validation",
|
|
155
|
+
"severity": "LOW",
|
|
156
|
+
"tool": "list_allowed_directories",
|
|
157
|
+
"rule": "no_required_fields",
|
|
158
|
+
"detail": "No required fields — all input is optional in tool \"list_allowed_directories\""
|
|
159
|
+
},
|
|
160
|
+
{
|
|
161
|
+
"category": "auth",
|
|
162
|
+
"severity": "HIGH",
|
|
163
|
+
"tool": "*",
|
|
164
|
+
"rule": "no_auth_tools",
|
|
165
|
+
"detail": "Server exposes no authentication-related tools — may accept unauthenticated connections"
|
|
166
|
+
},
|
|
167
|
+
{
|
|
168
|
+
"category": "output",
|
|
169
|
+
"severity": "LOW",
|
|
170
|
+
"tool": "read_file",
|
|
171
|
+
"rule": "unfiltered_file_output",
|
|
172
|
+
"detail": "File reading tool \"read_file\" may output sensitive file contents without filtering"
|
|
173
|
+
},
|
|
174
|
+
{
|
|
175
|
+
"category": "output",
|
|
176
|
+
"severity": "LOW",
|
|
177
|
+
"tool": "read_text_file",
|
|
178
|
+
"rule": "unfiltered_file_output",
|
|
179
|
+
"detail": "File reading tool \"read_text_file\" may output sensitive file contents without filtering"
|
|
180
|
+
},
|
|
181
|
+
{
|
|
182
|
+
"category": "output",
|
|
183
|
+
"severity": "LOW",
|
|
184
|
+
"tool": "read_media_file",
|
|
185
|
+
"rule": "unfiltered_file_output",
|
|
186
|
+
"detail": "File reading tool \"read_media_file\" may output sensitive file contents without filtering"
|
|
187
|
+
},
|
|
188
|
+
{
|
|
189
|
+
"category": "output",
|
|
190
|
+
"severity": "LOW",
|
|
191
|
+
"tool": "read_multiple_files",
|
|
192
|
+
"rule": "unfiltered_file_output",
|
|
193
|
+
"detail": "File reading tool \"read_multiple_files\" may output sensitive file contents without filtering"
|
|
194
|
+
},
|
|
195
|
+
{
|
|
196
|
+
"category": "output",
|
|
197
|
+
"severity": "LOW",
|
|
198
|
+
"tool": "write_file",
|
|
199
|
+
"rule": "unfiltered_file_output",
|
|
200
|
+
"detail": "File reading tool \"write_file\" may output sensitive file contents without filtering"
|
|
201
|
+
},
|
|
202
|
+
{
|
|
203
|
+
"category": "output",
|
|
204
|
+
"severity": "LOW",
|
|
205
|
+
"tool": "edit_file",
|
|
206
|
+
"rule": "unfiltered_file_output",
|
|
207
|
+
"detail": "File reading tool \"edit_file\" may output sensitive file contents without filtering"
|
|
208
|
+
},
|
|
209
|
+
{
|
|
210
|
+
"category": "output",
|
|
211
|
+
"severity": "LOW",
|
|
212
|
+
"tool": "move_file",
|
|
213
|
+
"rule": "unfiltered_file_output",
|
|
214
|
+
"detail": "File reading tool \"move_file\" may output sensitive file contents without filtering"
|
|
215
|
+
},
|
|
216
|
+
{
|
|
217
|
+
"category": "output",
|
|
218
|
+
"severity": "LOW",
|
|
219
|
+
"tool": "search_files",
|
|
220
|
+
"rule": "unfiltered_file_output",
|
|
221
|
+
"detail": "File reading tool \"search_files\" may output sensitive file contents without filtering"
|
|
222
|
+
},
|
|
223
|
+
{
|
|
224
|
+
"category": "output",
|
|
225
|
+
"severity": "LOW",
|
|
226
|
+
"tool": "get_file_info",
|
|
227
|
+
"rule": "unfiltered_file_output",
|
|
228
|
+
"detail": "File reading tool \"get_file_info\" may output sensitive file contents without filtering"
|
|
229
|
+
},
|
|
230
|
+
{
|
|
231
|
+
"category": "hallucination",
|
|
232
|
+
"severity": "MEDIUM",
|
|
233
|
+
"tool": "read_file",
|
|
234
|
+
"rule": "missing_scope_boundary",
|
|
235
|
+
"detail": "Tool \"read_file\" references file without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
236
|
+
},
|
|
237
|
+
{
|
|
238
|
+
"category": "hallucination",
|
|
239
|
+
"severity": "HIGH",
|
|
240
|
+
"tool": "edit_file",
|
|
241
|
+
"rule": "vague_description_over_privilege",
|
|
242
|
+
"detail": "Tool \"edit_file\" uses vague action words (change) without specific operations. LLMs will interpret this as the broadest possible action on sensitive resources (file)."
|
|
243
|
+
},
|
|
244
|
+
{
|
|
245
|
+
"category": "hallucination",
|
|
246
|
+
"severity": "HIGH",
|
|
247
|
+
"tool": "move_file",
|
|
248
|
+
"rule": "vague_description_over_privilege",
|
|
249
|
+
"detail": "Tool \"move_file\" uses vague action words (use) without specific operations. LLMs will interpret this as the broadest possible action on sensitive resources (file)."
|
|
250
|
+
},
|
|
251
|
+
{
|
|
252
|
+
"category": "hallucination",
|
|
253
|
+
"severity": "MEDIUM",
|
|
254
|
+
"tool": "list_directory + list_directory_with_sizes",
|
|
255
|
+
"rule": "conflicting_tool_descriptions",
|
|
256
|
+
"detail": "Tools \"list_directory\" and \"list_directory_with_sizes\" have 92% description overlap. LLM may choose between them unpredictably."
|
|
257
|
+
}
|
|
258
|
+
]
|
|
259
|
+
}
|
|
@@ -0,0 +1,391 @@
|
|
|
1
|
+
{
|
|
2
|
+
"scanner": {
|
|
3
|
+
"name": "agentsid-scanner",
|
|
4
|
+
"version": "0.1.0"
|
|
5
|
+
},
|
|
6
|
+
"scannedAt": "2026-03-29T20:21:19.580Z",
|
|
7
|
+
"server": {
|
|
8
|
+
"name": "github-mcp-server",
|
|
9
|
+
"version": "0.6.2"
|
|
10
|
+
},
|
|
11
|
+
"toolCount": 26,
|
|
12
|
+
"grade": {
|
|
13
|
+
"overall": "F",
|
|
14
|
+
"score": 0,
|
|
15
|
+
"categories": {
|
|
16
|
+
"permissions": "F",
|
|
17
|
+
"validation": "F",
|
|
18
|
+
"auth": "B",
|
|
19
|
+
"output": "B",
|
|
20
|
+
"hallucination": "F"
|
|
21
|
+
}
|
|
22
|
+
},
|
|
23
|
+
"summary": {
|
|
24
|
+
"CRITICAL": 0,
|
|
25
|
+
"HIGH": 2,
|
|
26
|
+
"MEDIUM": 44,
|
|
27
|
+
"LOW": 4,
|
|
28
|
+
"INFO": 0
|
|
29
|
+
},
|
|
30
|
+
"riskProfile": {
|
|
31
|
+
"read_only": 14,
|
|
32
|
+
"mutation": 8,
|
|
33
|
+
"destructive": 0,
|
|
34
|
+
"execution": 0,
|
|
35
|
+
"privilege": 0,
|
|
36
|
+
"financial": 0,
|
|
37
|
+
"deployment": 1
|
|
38
|
+
},
|
|
39
|
+
"findings": [
|
|
40
|
+
{
|
|
41
|
+
"category": "permissions",
|
|
42
|
+
"severity": "MEDIUM",
|
|
43
|
+
"tool": "create_or_update_file",
|
|
44
|
+
"rule": "dangerous_tool_mutation",
|
|
45
|
+
"detail": "Tool \"create_or_update_file\" classified as mutation — requires permission controls"
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
"category": "permissions",
|
|
49
|
+
"severity": "MEDIUM",
|
|
50
|
+
"tool": "create_repository",
|
|
51
|
+
"rule": "dangerous_tool_mutation",
|
|
52
|
+
"detail": "Tool \"create_repository\" classified as mutation — requires permission controls"
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
"category": "permissions",
|
|
56
|
+
"severity": "HIGH",
|
|
57
|
+
"tool": "push_files",
|
|
58
|
+
"rule": "dangerous_tool_deployment",
|
|
59
|
+
"detail": "Tool \"push_files\" classified as deployment — requires permission controls"
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
"category": "permissions",
|
|
63
|
+
"severity": "MEDIUM",
|
|
64
|
+
"tool": "create_issue",
|
|
65
|
+
"rule": "dangerous_tool_mutation",
|
|
66
|
+
"detail": "Tool \"create_issue\" classified as mutation — requires permission controls"
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
"category": "permissions",
|
|
70
|
+
"severity": "MEDIUM",
|
|
71
|
+
"tool": "create_pull_request",
|
|
72
|
+
"rule": "dangerous_tool_mutation",
|
|
73
|
+
"detail": "Tool \"create_pull_request\" classified as mutation — requires permission controls"
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
"category": "permissions",
|
|
77
|
+
"severity": "MEDIUM",
|
|
78
|
+
"tool": "create_branch",
|
|
79
|
+
"rule": "dangerous_tool_mutation",
|
|
80
|
+
"detail": "Tool \"create_branch\" classified as mutation — requires permission controls"
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"category": "permissions",
|
|
84
|
+
"severity": "MEDIUM",
|
|
85
|
+
"tool": "update_issue",
|
|
86
|
+
"rule": "dangerous_tool_mutation",
|
|
87
|
+
"detail": "Tool \"update_issue\" classified as mutation — requires permission controls"
|
|
88
|
+
},
|
|
89
|
+
{
|
|
90
|
+
"category": "permissions",
|
|
91
|
+
"severity": "MEDIUM",
|
|
92
|
+
"tool": "create_pull_request_review",
|
|
93
|
+
"rule": "dangerous_tool_mutation",
|
|
94
|
+
"detail": "Tool \"create_pull_request_review\" classified as mutation — requires permission controls"
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
"category": "permissions",
|
|
98
|
+
"severity": "MEDIUM",
|
|
99
|
+
"tool": "update_pull_request_branch",
|
|
100
|
+
"rule": "dangerous_tool_mutation",
|
|
101
|
+
"detail": "Tool \"update_pull_request_branch\" classified as mutation — requires permission controls"
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
"category": "validation",
|
|
105
|
+
"severity": "MEDIUM",
|
|
106
|
+
"tool": "create_or_update_file",
|
|
107
|
+
"rule": "unbounded_strings",
|
|
108
|
+
"detail": "String parameters without length limits or pattern validation in tool \"create_or_update_file\""
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
"category": "validation",
|
|
112
|
+
"severity": "MEDIUM",
|
|
113
|
+
"tool": "search_repositories",
|
|
114
|
+
"rule": "unbounded_strings",
|
|
115
|
+
"detail": "String parameters without length limits or pattern validation in tool \"search_repositories\""
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
"category": "validation",
|
|
119
|
+
"severity": "MEDIUM",
|
|
120
|
+
"tool": "create_repository",
|
|
121
|
+
"rule": "unbounded_strings",
|
|
122
|
+
"detail": "String parameters without length limits or pattern validation in tool \"create_repository\""
|
|
123
|
+
},
|
|
124
|
+
{
|
|
125
|
+
"category": "validation",
|
|
126
|
+
"severity": "MEDIUM",
|
|
127
|
+
"tool": "get_file_contents",
|
|
128
|
+
"rule": "unbounded_strings",
|
|
129
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_file_contents\""
|
|
130
|
+
},
|
|
131
|
+
{
|
|
132
|
+
"category": "validation",
|
|
133
|
+
"severity": "MEDIUM",
|
|
134
|
+
"tool": "push_files",
|
|
135
|
+
"rule": "unbounded_strings",
|
|
136
|
+
"detail": "String parameters without length limits or pattern validation in tool \"push_files\""
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
"category": "validation",
|
|
140
|
+
"severity": "MEDIUM",
|
|
141
|
+
"tool": "create_issue",
|
|
142
|
+
"rule": "unbounded_strings",
|
|
143
|
+
"detail": "String parameters without length limits or pattern validation in tool \"create_issue\""
|
|
144
|
+
},
|
|
145
|
+
{
|
|
146
|
+
"category": "validation",
|
|
147
|
+
"severity": "MEDIUM",
|
|
148
|
+
"tool": "create_pull_request",
|
|
149
|
+
"rule": "unbounded_strings",
|
|
150
|
+
"detail": "String parameters without length limits or pattern validation in tool \"create_pull_request\""
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
"category": "validation",
|
|
154
|
+
"severity": "MEDIUM",
|
|
155
|
+
"tool": "fork_repository",
|
|
156
|
+
"rule": "unbounded_strings",
|
|
157
|
+
"detail": "String parameters without length limits or pattern validation in tool \"fork_repository\""
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
"category": "validation",
|
|
161
|
+
"severity": "MEDIUM",
|
|
162
|
+
"tool": "create_branch",
|
|
163
|
+
"rule": "unbounded_strings",
|
|
164
|
+
"detail": "String parameters without length limits or pattern validation in tool \"create_branch\""
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
"category": "validation",
|
|
168
|
+
"severity": "MEDIUM",
|
|
169
|
+
"tool": "list_commits",
|
|
170
|
+
"rule": "unbounded_strings",
|
|
171
|
+
"detail": "String parameters without length limits or pattern validation in tool \"list_commits\""
|
|
172
|
+
},
|
|
173
|
+
{
|
|
174
|
+
"category": "validation",
|
|
175
|
+
"severity": "MEDIUM",
|
|
176
|
+
"tool": "list_issues",
|
|
177
|
+
"rule": "unbounded_strings",
|
|
178
|
+
"detail": "String parameters without length limits or pattern validation in tool \"list_issues\""
|
|
179
|
+
},
|
|
180
|
+
{
|
|
181
|
+
"category": "validation",
|
|
182
|
+
"severity": "MEDIUM",
|
|
183
|
+
"tool": "update_issue",
|
|
184
|
+
"rule": "unbounded_strings",
|
|
185
|
+
"detail": "String parameters without length limits or pattern validation in tool \"update_issue\""
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
"category": "validation",
|
|
189
|
+
"severity": "MEDIUM",
|
|
190
|
+
"tool": "add_issue_comment",
|
|
191
|
+
"rule": "unbounded_strings",
|
|
192
|
+
"detail": "String parameters without length limits or pattern validation in tool \"add_issue_comment\""
|
|
193
|
+
},
|
|
194
|
+
{
|
|
195
|
+
"category": "validation",
|
|
196
|
+
"severity": "MEDIUM",
|
|
197
|
+
"tool": "search_code",
|
|
198
|
+
"rule": "unbounded_strings",
|
|
199
|
+
"detail": "String parameters without length limits or pattern validation in tool \"search_code\""
|
|
200
|
+
},
|
|
201
|
+
{
|
|
202
|
+
"category": "validation",
|
|
203
|
+
"severity": "MEDIUM",
|
|
204
|
+
"tool": "search_issues",
|
|
205
|
+
"rule": "unbounded_strings",
|
|
206
|
+
"detail": "String parameters without length limits or pattern validation in tool \"search_issues\""
|
|
207
|
+
},
|
|
208
|
+
{
|
|
209
|
+
"category": "validation",
|
|
210
|
+
"severity": "MEDIUM",
|
|
211
|
+
"tool": "search_users",
|
|
212
|
+
"rule": "unbounded_strings",
|
|
213
|
+
"detail": "String parameters without length limits or pattern validation in tool \"search_users\""
|
|
214
|
+
},
|
|
215
|
+
{
|
|
216
|
+
"category": "validation",
|
|
217
|
+
"severity": "MEDIUM",
|
|
218
|
+
"tool": "get_issue",
|
|
219
|
+
"rule": "unbounded_strings",
|
|
220
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_issue\""
|
|
221
|
+
},
|
|
222
|
+
{
|
|
223
|
+
"category": "validation",
|
|
224
|
+
"severity": "MEDIUM",
|
|
225
|
+
"tool": "get_pull_request",
|
|
226
|
+
"rule": "unbounded_strings",
|
|
227
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_pull_request\""
|
|
228
|
+
},
|
|
229
|
+
{
|
|
230
|
+
"category": "validation",
|
|
231
|
+
"severity": "MEDIUM",
|
|
232
|
+
"tool": "list_pull_requests",
|
|
233
|
+
"rule": "unbounded_strings",
|
|
234
|
+
"detail": "String parameters without length limits or pattern validation in tool \"list_pull_requests\""
|
|
235
|
+
},
|
|
236
|
+
{
|
|
237
|
+
"category": "validation",
|
|
238
|
+
"severity": "MEDIUM",
|
|
239
|
+
"tool": "create_pull_request_review",
|
|
240
|
+
"rule": "unbounded_strings",
|
|
241
|
+
"detail": "String parameters without length limits or pattern validation in tool \"create_pull_request_review\""
|
|
242
|
+
},
|
|
243
|
+
{
|
|
244
|
+
"category": "validation",
|
|
245
|
+
"severity": "MEDIUM",
|
|
246
|
+
"tool": "merge_pull_request",
|
|
247
|
+
"rule": "unbounded_strings",
|
|
248
|
+
"detail": "String parameters without length limits or pattern validation in tool \"merge_pull_request\""
|
|
249
|
+
},
|
|
250
|
+
{
|
|
251
|
+
"category": "validation",
|
|
252
|
+
"severity": "MEDIUM",
|
|
253
|
+
"tool": "get_pull_request_files",
|
|
254
|
+
"rule": "unbounded_strings",
|
|
255
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_pull_request_files\""
|
|
256
|
+
},
|
|
257
|
+
{
|
|
258
|
+
"category": "validation",
|
|
259
|
+
"severity": "MEDIUM",
|
|
260
|
+
"tool": "get_pull_request_status",
|
|
261
|
+
"rule": "unbounded_strings",
|
|
262
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_pull_request_status\""
|
|
263
|
+
},
|
|
264
|
+
{
|
|
265
|
+
"category": "validation",
|
|
266
|
+
"severity": "MEDIUM",
|
|
267
|
+
"tool": "update_pull_request_branch",
|
|
268
|
+
"rule": "unbounded_strings",
|
|
269
|
+
"detail": "String parameters without length limits or pattern validation in tool \"update_pull_request_branch\""
|
|
270
|
+
},
|
|
271
|
+
{
|
|
272
|
+
"category": "validation",
|
|
273
|
+
"severity": "MEDIUM",
|
|
274
|
+
"tool": "get_pull_request_comments",
|
|
275
|
+
"rule": "unbounded_strings",
|
|
276
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_pull_request_comments\""
|
|
277
|
+
},
|
|
278
|
+
{
|
|
279
|
+
"category": "validation",
|
|
280
|
+
"severity": "MEDIUM",
|
|
281
|
+
"tool": "get_pull_request_reviews",
|
|
282
|
+
"rule": "unbounded_strings",
|
|
283
|
+
"detail": "String parameters without length limits or pattern validation in tool \"get_pull_request_reviews\""
|
|
284
|
+
},
|
|
285
|
+
{
|
|
286
|
+
"category": "auth",
|
|
287
|
+
"severity": "HIGH",
|
|
288
|
+
"tool": "*",
|
|
289
|
+
"rule": "no_auth_tools",
|
|
290
|
+
"detail": "Server exposes no authentication-related tools — may accept unauthenticated connections"
|
|
291
|
+
},
|
|
292
|
+
{
|
|
293
|
+
"category": "permissions",
|
|
294
|
+
"severity": "MEDIUM",
|
|
295
|
+
"tool": "*",
|
|
296
|
+
"rule": "large_tool_surface",
|
|
297
|
+
"detail": "Server exposes 26 tools — large attack surface without per-tool permission controls"
|
|
298
|
+
},
|
|
299
|
+
{
|
|
300
|
+
"category": "output",
|
|
301
|
+
"severity": "LOW",
|
|
302
|
+
"tool": "create_or_update_file",
|
|
303
|
+
"rule": "unfiltered_file_output",
|
|
304
|
+
"detail": "File reading tool \"create_or_update_file\" may output sensitive file contents without filtering"
|
|
305
|
+
},
|
|
306
|
+
{
|
|
307
|
+
"category": "output",
|
|
308
|
+
"severity": "LOW",
|
|
309
|
+
"tool": "get_file_contents",
|
|
310
|
+
"rule": "unfiltered_file_output",
|
|
311
|
+
"detail": "File reading tool \"get_file_contents\" may output sensitive file contents without filtering"
|
|
312
|
+
},
|
|
313
|
+
{
|
|
314
|
+
"category": "output",
|
|
315
|
+
"severity": "LOW",
|
|
316
|
+
"tool": "push_files",
|
|
317
|
+
"rule": "unfiltered_file_output",
|
|
318
|
+
"detail": "File reading tool \"push_files\" may output sensitive file contents without filtering"
|
|
319
|
+
},
|
|
320
|
+
{
|
|
321
|
+
"category": "output",
|
|
322
|
+
"severity": "LOW",
|
|
323
|
+
"tool": "get_pull_request_files",
|
|
324
|
+
"rule": "unfiltered_file_output",
|
|
325
|
+
"detail": "File reading tool \"get_pull_request_files\" may output sensitive file contents without filtering"
|
|
326
|
+
},
|
|
327
|
+
{
|
|
328
|
+
"category": "hallucination",
|
|
329
|
+
"severity": "MEDIUM",
|
|
330
|
+
"tool": "create_or_update_file",
|
|
331
|
+
"rule": "missing_scope_boundary",
|
|
332
|
+
"detail": "Tool \"create_or_update_file\" references file without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
333
|
+
},
|
|
334
|
+
{
|
|
335
|
+
"category": "hallucination",
|
|
336
|
+
"severity": "MEDIUM",
|
|
337
|
+
"tool": "create_repository",
|
|
338
|
+
"rule": "missing_scope_boundary",
|
|
339
|
+
"detail": "Tool \"create_repository\" references account without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
340
|
+
},
|
|
341
|
+
{
|
|
342
|
+
"category": "hallucination",
|
|
343
|
+
"severity": "MEDIUM",
|
|
344
|
+
"tool": "get_file_contents",
|
|
345
|
+
"rule": "missing_scope_boundary",
|
|
346
|
+
"detail": "Tool \"get_file_contents\" references file without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
347
|
+
},
|
|
348
|
+
{
|
|
349
|
+
"category": "hallucination",
|
|
350
|
+
"severity": "MEDIUM",
|
|
351
|
+
"tool": "push_files",
|
|
352
|
+
"rule": "missing_scope_boundary",
|
|
353
|
+
"detail": "Tool \"push_files\" references file without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
354
|
+
},
|
|
355
|
+
{
|
|
356
|
+
"category": "hallucination",
|
|
357
|
+
"severity": "MEDIUM",
|
|
358
|
+
"tool": "fork_repository",
|
|
359
|
+
"rule": "missing_scope_boundary",
|
|
360
|
+
"detail": "Tool \"fork_repository\" references account without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
361
|
+
},
|
|
362
|
+
{
|
|
363
|
+
"category": "hallucination",
|
|
364
|
+
"severity": "MEDIUM",
|
|
365
|
+
"tool": "update_issue",
|
|
366
|
+
"rule": "vague_description_over_privilege",
|
|
367
|
+
"detail": "Tool \"update_issue\" uses vague action words (update) without specific operations. LLMs will interpret this as the broadest possible action."
|
|
368
|
+
},
|
|
369
|
+
{
|
|
370
|
+
"category": "hallucination",
|
|
371
|
+
"severity": "MEDIUM",
|
|
372
|
+
"tool": "search_users",
|
|
373
|
+
"rule": "missing_scope_boundary",
|
|
374
|
+
"detail": "Tool \"search_users\" references user without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
375
|
+
},
|
|
376
|
+
{
|
|
377
|
+
"category": "hallucination",
|
|
378
|
+
"severity": "MEDIUM",
|
|
379
|
+
"tool": "get_pull_request_files",
|
|
380
|
+
"rule": "missing_scope_boundary",
|
|
381
|
+
"detail": "Tool \"get_pull_request_files\" references file without specifying scope boundaries. LLM will attempt to access the broadest possible scope."
|
|
382
|
+
},
|
|
383
|
+
{
|
|
384
|
+
"category": "hallucination",
|
|
385
|
+
"severity": "MEDIUM",
|
|
386
|
+
"tool": "update_pull_request_branch",
|
|
387
|
+
"rule": "vague_description_over_privilege",
|
|
388
|
+
"detail": "Tool \"update_pull_request_branch\" uses vague action words (change, update) without specific operations. LLMs will interpret this as the broadest possible action."
|
|
389
|
+
}
|
|
390
|
+
]
|
|
391
|
+
}
|