teleport
The easiest, and most secure way to access and protect all of your infrastructure.
0Tools
6Findings
20.1kStars
—Downloads
Mar 22, 2026Last Scanned
Findings6
2critical
2high
0medium
2low
0informational
criticalC5Hardcoded SecretsMCP07-insecure-config
Pattern "AC[a-z0-9]{32}" matched in source_code: "ac1456b6563eab4edf1d1faf3368d1191f" (at position 4575)
Move all secrets to environment variables. Use a secrets manager (Vault, AWS Secrets Manager, Doppler) in production. Rotate any exposed credentials immediately. Add a pre-commit hook (e.g. gitleaks, truffleHog) to prevent future leaks.
criticalP4TLS Certificate Validation BypassMCP07-insecure-configT1557
Pattern "NODE_TLS_REJECT_UNAUTHORIZED\s*[=:]\s*["']?0["']?" matched in source_code: "NODE_TLS_REJECT_UNAUTHORIZED=0" (at position 857)
Never disable TLS certificate validation in MCP server code or container configuration. For self-signed certificates in development, configure proper CA trust stores: set NODE_EXTRA_CA_CERTS for Node.js, REQUESTS_CA_BUNDLE for Python, or mount CA certificates into the container trust store. In Kubernetes, use cert-manager for automated TLS certificate management. Disabling TLS validation enables man-in-the-middle attacks on all MCP server communications including tool results and credential exchanges.
highD7Dependency Confusion Attack RiskMCP10-supply-chain
Dependency "@types/wicg-file-system-access@2023.10.7" has a suspiciously high version number — classic dependency confusion attack signature (Scoped package — verify no higher-versioned unscoped public counterpart exists)
Use npm/pip --registry flags to pin all installs to your private registry. Add a .npmrc with 'registry' pinned. For scoped packages, set scope-level registry configuration. Use Subresource Integrity (SRI) hashes in lockfiles. Publish placeholder packages to the public registry to block squatting.
highI15Transport Session SecurityMCP07-insecure-configAML.T0054
Pattern "allowInsecure|rejectUnauthorized\s*[:=]\s*false|NODE_TLS_REJECT_UNAUTHORIZED\s*[:=]\s*["']?0" matched in source_code: "NODE_TLS_REJECT_UNAUTHORIZED=0" (at position 857)
Use HTTPS for all MCP Streamable HTTP endpoints. Generate cryptographically random session IDs (min 128 bits entropy). Do not accept session IDs from user input (CVE-2025-6515). Validate TLS certificates — do not disable certificate verification.
lowD4Excessive Dependency CountMCP08-dependency-vuln
Server has 69 dependencies (threshold: 50)
Reduce the number of direct dependencies. Each dependency increases the attack surface. Consider whether lighter alternatives exist.
lowF4MCP Spec Non-ComplianceMCP07-insecure-config
Server fails MCP spec compliance checks: required:server_name; required:server_version; required:protocol_version; recommended:tool_descriptions; recommended:parameter_descriptions
Follow the MCP specification for server metadata. Include server name, version, and protocol version. Provide descriptions for all tools and parameters.
Tools
No tools exposed by this server.
Security Category Deep Dive
Sub-Category Tree · Remediation Roadmap · Attack Stories · Compliance Overlay · ATLAS Techniques · Maturity Model
Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
100%4 rules
Hidden instructions via external content and tool responses
100%2 rules
Context window saturation and prior-approval exploitation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
100%2 rules
Injection via prompt templates and runtime tool output