splunk-mcp

CRITICAL: The `scripts/setup-splunk-user.sh` script assigns the 'admin' role to the 'dd' user, whose authentication token is then used for MCP operations by Claude Desktop. This means the MCP token, intended for limited use, effectively grants full administrative access to the Splunk instance. If this token is compromised, the entire Splunk deployment is at risk. Additionally, for local development, SSL verification is explicitly disabled (`-k` for curl, `NODE_TLS_REJECT_UNAUTHORIZED=0` for Node.js), and self-signed certificates are used. While this is explicitly documented as 'Development Only' and necessary for the PoC setup, it represents a significant security vulnerability if used in any non-local or production context. Environment variables are used for secrets, which is better than hardcoding but still exposes them to `docker inspect`. Token expiry is set to 15 days, which is a good practice for limiting exposure.