mcp_servers

The server securely handles Yandex Wiki OAuth tokens and Organization IDs exclusively via environment variables, with explicit validation and error handling for missing credentials. No hardcoded secrets are present in the provided source code. It utilizes a robust HTTP client with retry mechanisms and error mapping for API interactions. Dependency auditing (Socket.dev, Gitleaks) is integrated into the build process, indicating a focus on supply-chain security. The CLI components handle client configuration files securely by only persisting 'safe' fields and not sensitive tokens. While tools inherently interact with external APIs, and potential prompt injection leading to unintended API calls is a general LLM risk, sensitive write operations in tool metadata are flagged with `requiresExplicitUserConsent: true` to indicate they are dangerous and should prompt user confirmation in a capable client.