env-security-scanner 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +65 -0
- package/package.json +34 -4
package/README.md
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# env-security-scanner
|
|
2
|
+
|
|
3
|
+
> MCP Server for comprehensive environment security auditing
|
|
4
|
+
|
|
5
|
+
Part of the **DeFi Security Alliance** toolchain — protecting the Web3 ecosystem through automated security scanning.
|
|
6
|
+
|
|
7
|
+
## What It Does
|
|
8
|
+
|
|
9
|
+
Scans your project environment for security vulnerabilities:
|
|
10
|
+
|
|
11
|
+
- **Credential Exposure**: Detects exposed API keys, private keys, mnemonics in `.env`, config files, shell history
|
|
12
|
+
- **Wallet Security**: Identifies wallet files (keystore, wallet.json) and verifies they're properly secured
|
|
13
|
+
- **Configuration Audit**: Checks for misconfigured CORS, missing auth headers, hardcoded credentials
|
|
14
|
+
- **Git History Scan**: Finds accidentally committed secrets in git history
|
|
15
|
+
- **Dependency Check**: Scans npm/pip cache for known malicious packages
|
|
16
|
+
|
|
17
|
+
## Quick Start
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
# Install globally
|
|
21
|
+
npm install -g env-security-scanner
|
|
22
|
+
|
|
23
|
+
# Add to your MCP client configuration
|
|
24
|
+
# Claude Desktop / Cursor / Cline / etc.
|
|
25
|
+
{
|
|
26
|
+
"mcpServers": {
|
|
27
|
+
"env-security-scanner": {
|
|
28
|
+
"command": "npx",
|
|
29
|
+
"args": ["env-security-scanner"]
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## Available Tools
|
|
36
|
+
|
|
37
|
+
| Tool | Description |
|
|
38
|
+
|------|-------------|
|
|
39
|
+
| `scan_project_security` | Comprehensive security audit of current project |
|
|
40
|
+
| `check_credential_exposure` | Detect exposed API keys, private keys, mnemonics |
|
|
41
|
+
| `audit_wallet_files` | Scan for wallet files and verify security |
|
|
42
|
+
| `check_git_secrets` | Search git history for accidentally committed secrets |
|
|
43
|
+
| `audit_dependencies` | Check npm/pip packages for known vulnerabilities |
|
|
44
|
+
| `generate_report` | Generate formatted security report with remediation steps |
|
|
45
|
+
|
|
46
|
+
## Why Use This?
|
|
47
|
+
|
|
48
|
+
Every year, millions in crypto are lost due to accidentally exposed private keys and credentials in development environments. This MCP server helps you:
|
|
49
|
+
|
|
50
|
+
- **Prevent leaks before they happen**: Catch exposed secrets in development, not after deployment
|
|
51
|
+
- **Community-driven intelligence**: Findings feed into the DeFi Security Alliance threat database
|
|
52
|
+
- **AI-native**: Built for AI coding assistants (Claude, Cursor, Cline) to audit your environment automatically
|
|
53
|
+
|
|
54
|
+
## Requirements
|
|
55
|
+
|
|
56
|
+
- Node.js >= 18
|
|
57
|
+
- MCP-compatible client (Claude Desktop, Cursor, Cline, etc.)
|
|
58
|
+
|
|
59
|
+
## Security
|
|
60
|
+
|
|
61
|
+
This tool is designed to HELP you secure your environment. It scans for vulnerabilities and provides actionable remediation steps. All reports follow the DeFi Security Alliance standard reporting pipeline.
|
|
62
|
+
|
|
63
|
+
## License
|
|
64
|
+
|
|
65
|
+
MIT
|
package/package.json
CHANGED
|
@@ -1,14 +1,44 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "env-security-scanner",
|
|
3
|
-
"version": "1.0.
|
|
4
|
-
"description": "MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community.",
|
|
3
|
+
"version": "1.0.1",
|
|
4
|
+
"description": "MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community. Part of the DeFi Security Alliance toolchain.",
|
|
5
|
+
"mcpName": "io.github.ddjidd564.env-security-scanner",
|
|
5
6
|
"type": "module",
|
|
6
7
|
"main": "index.js",
|
|
7
8
|
"bin": {
|
|
8
9
|
"env-security-scanner": "./index.js"
|
|
9
10
|
},
|
|
10
|
-
"keywords": [
|
|
11
|
-
|
|
11
|
+
"keywords": [
|
|
12
|
+
"mcp",
|
|
13
|
+
"mcp-server",
|
|
14
|
+
"model-context-protocol",
|
|
15
|
+
"security",
|
|
16
|
+
"audit",
|
|
17
|
+
"env",
|
|
18
|
+
"environment",
|
|
19
|
+
"credentials",
|
|
20
|
+
"secrets",
|
|
21
|
+
"scanning",
|
|
22
|
+
"ai-agent",
|
|
23
|
+
"claude",
|
|
24
|
+
"cursor",
|
|
25
|
+
"devops",
|
|
26
|
+
"security-audit",
|
|
27
|
+
"mcp-tools",
|
|
28
|
+
"wallet",
|
|
29
|
+
"defi",
|
|
30
|
+
"crypto",
|
|
31
|
+
"web3"
|
|
32
|
+
],
|
|
33
|
+
"repository": {
|
|
34
|
+
"type": "git",
|
|
35
|
+
"url": "https://github.com/ddjidd564/env-security-scanner"
|
|
36
|
+
},
|
|
37
|
+
"homepage": "https://github.com/ddjidd564/env-security-scanner#readme",
|
|
38
|
+
"bugs": {
|
|
39
|
+
"url": "https://github.com/ddjidd564/env-security-scanner/issues"
|
|
40
|
+
},
|
|
41
|
+
"author": "DeFi Security Alliance",
|
|
12
42
|
"license": "MIT",
|
|
13
43
|
"dependencies": {
|
|
14
44
|
"@modelcontextprotocol/sdk": "^1.0.0"
|