Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
const response = await fetch(url, {Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
headers.authorization = `Bearer ${apiKey}`;Validate OAuth scopes on every endpoint. Check that the token has required permissions.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Updated server.json version to ${version}`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
"application/json": components["schemas"]["GetProjectAvailableRestoreVersionsResponse"];
Tool names mimicking built-in system tools (e.g., 'bash', 'shell', 'terminal') can trick the LLM into routing actions to a malicious handler.
# sender_name = "Admin"
Rename the tool to avoid colliding with system commands (bash, shell, exec, etc.).
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: biomejs/setup-biome@v2
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: actions/checkout@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: jdx/mise-action@v3
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: jdx/mise-action@v3
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: actions/checkout@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: jdx/mise-action@v3
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/upload-artifact@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: actions/checkout@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/download-artifact@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: coverallsapp/github-action@v2
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
'Converts SQL query to a PostgREST API request (method, path)',
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Building URLs by concatenating or interpolating user input without an allowlist check enables SSRF via host manipulation.
const url = new URL(`${apiUrl}${normalizedPath}`);Do not construct URLs from unvalidated user input. Use a URL allowlist or domain restriction.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
const response = await fetch(url, {Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
api_url = "http://127.0.0.1"
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
site_url = "http://127.0.0.1:3000"
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
additional_redirect_urls = ["https://127.0.0.1:3000"]
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
accessToken: string,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: `Bearer ${accessToken}`,Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: `Bearer ${accessToken}`,Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
'Unauthorized. Please provide a valid access token to the MCP server via the --access-token flag or SUPABASE_ACCESS_TOKEN.'
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
accessToken: string;
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
const { accessToken, apiUrl } = options;Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
accessToken
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
accessToken,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
['access-token']: cliAccessToken,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
const accessToken = cliAccessToken ?? process.env.SUPABASE_ACCESS_TOKEN;
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
const accessToken = cliAccessToken ?? process.env.SUPABASE_ACCESS_TOKEN;
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
const accessToken = cliAccessToken ?? process.env.SUPABASE_ACCESS_TOKEN;
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
if (!accessToken) {Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
'Please provide a personal access token (PAT) with the --access-token flag or set the SUPABASE_ACCESS_TOKEN environment variable'
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
accessToken,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# [auth.hook.custom_access_token]
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# Use an external OAuth provider. The full list of providers are: `apple`, `azure`, `bitbucket`,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead:
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
Detected catch blocks with empty bodies. Empty catch blocks silently swallow errors, making it impossible to diagnose failures, detect attacks, or audit security-relevant events.
} catch (error) {}Always handle or log errors in catch blocks. At minimum, log the error for debugging and auditing purposes.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(version);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
* console.log(result); // { key1: "value1", key2: "value2" }Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const accessToken = cliAccessToken ?? process.env.SUPABASE_ACCESS_TOKEN;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Tool names mimicking built-in system tools (e.g., 'bash', 'shell', 'terminal') can trick the LLM into routing actions to a malicious handler.
# sender_name = "Admin"
Rename the tool to avoid colliding with system commands (bash, shell, exec, etc.).