qontak-mcp

The server demonstrates a strong security posture with extensive use of Pydantic for input validation (including 'forbid extra fields' and custom regex for injection prevention). It implements robust multi-tenant isolation via user_id validation and structured security logging with sensitive data redaction. Authentication uses lazy token refresh with tiered token storage options (environment for local dev, Redis for dev/staging, and Vault for production-grade security with encryption/auditing). The HTTP client explicitly verifies SSL certificates. All hardcoded API endpoints are for the known Qontak service. Explicit warnings are provided for non-production token storage solutions. No 'eval' or similar dangerous patterns were found. A score of 9 is given due to the explicit warnings about plain-text token storage in Redis for staging environments, which is a deployment-level risk if misused without proper network security, although the code itself responsibly highlights this.