MCPSafe.io
RegistryThreatsMethodologyDocsPricingScanSign in
MCPSafe.io

Security checks for MCP servers — public packages and private repos, fast or deep.

Legal

Privacy PolicyCookie PolicyTerms of ServiceSecurity disclosure

Resources

State of MCP SecuritySupportSystem statusMade in Germany 🇩🇪

© 2026 MCPSafe. All rights reserved.

GDPR — Privacy Policy
← Threat Catalog

Configuration & Environment

Envfile plaintext secret

HIGHCWE: CWE-798Rule: MCP-210

Hardcoded credentials in .env files expose API keys, tokens, and passwords in plaintext, creating a high-severity risk of credential theft and unauthorized access. Scoped to `.env`-shaped files only; secrets baked into source code are covered by MCP-030.

What it is

This rule detects .env files containing real credential values assigned to sensitive variable names such as API_KEY, TOKEN, SECRET, PASSWORD, PRIVATE_KEY, or BEARER. When actual secrets are committed to version control or leaked via misconfigured file serving, attackers gain direct access to protected systems and services.

Why it matters for MCP

MCP servers frequently integrate with external APIs and services, requiring credentials to authenticate requests. Developers often store these secrets in .env files during development and accidentally commit them or bundle them with server deployments. An exposed MCP server .env file grants attackers full control over every connected service, potentially enabling data exfiltration, privilege escalation, or lateral movement across integrated platforms.

Vulnerable example

example.js
1
// .env file committed to repo or bundled with MCP server
2
OPENAI_API_KEY=sk-proj-aZ7bQ2cD8eF9gH0iJ1kL2mN3oP4qR5sT6uV7wX8yZ9aBcD0eF
3
ANTHROPIC_API_KEY=sk-ant-realkey123abc
4
DB_PASSWORD=Sup3rS3cr3tP@ssw0rd!
5
STRIPE_SECRET_KEY=sk_live_abcdef1234567890
6
NODE_ENV=production

Secure example

example.js
1
// .env.example committed to repo (safe placeholder values only)
2
OPENAI_API_KEY=your-openai-api-key
3
ANTHROPIC_API_KEY=your-anthropic-key
4
DB_PASSWORD=your-database-password
5
STRIPE_SECRET_KEY=your-stripe-secret-key
6
NODE_ENV=production
7
// Real .env added to .gitignore; secrets managed via vault or CI secrets

How MCPSafe detects this

Scan .env files using regex patterns targeting variable names matching API_KEY|TOKEN|SECRET|PASSWORD|PRIVATE_KEY|BEARER followed by an assignment operator and a non-placeholder value (i.e., values that are not wrapped in angle brackets, do not contain 'your-', 'example', or 'placeholder', and have sufficient entropy or match known key formats such as sk-, pk-, or bearer token structures). Flag any match as HIGH severity and block commits via pre-commit hooks or CI pipeline secret scanning tools such as truffleHog, gitleaks, or detect-secrets.

See the full threat catalog for every documented detection.

Further reading

  • CWE-798: Use of Hard-coded Credentials
  • OWASP: Sensitive Data Exposure
  • GitGuardian: Secrets in .env Files
  • gitleaks: Secret Scanner for Git Repos
  • truffleHog: Credential Scanning Tool
  • 12-Factor App: Config and Environment Variables

Scan an MCP server for this issue

MCPSafe runs this check — and every other rule in the catalog — on any MCP server you paste in.

Scan now