Back to MCP PR Review Pipeline
Security Report
MCP PR Review Pipeline
Pass
Version v1.0.2 Scanned 11 May 2026 at 06:31 Scanner v2.8.0
Summary
Detected
- Services:
- Permissions: filesystem:read
- Data Handling:
Undeclared
All items declared
Warnings
No warnings
Findings (2)
Credentials
info
credential-env-var env:GITHUB_TOKEN undeclared services/github-mcp.md:45
"{GITHUB_TOKEN}"
This file references the environment variable GITHUB_TOKEN. If this is a credential (API key, token, secret), declare it in requires.data_handling.
Permissions
info
mcp-file-read filesystem:read declared services/github-mcp.md:57
"get_file_contents"
This content references filesystem read access. If intentional, declare filesystem:read in requires.permissions.