envshield-mcp
Verified Safeby dvalley56
Overview
Securely expose environment variables to AI coding assistants by acting as a Model Context Protocol (MCP) server, preventing direct access to sensitive data while enabling execution of commands with injected secrets.
Installation
npx envshield-mcpSecurity Notes
The server employs robust scrubbing of secrets from command output, includes pre-defined and custom regex patterns for detection, and validates custom regexes against ReDoS attacks. Dangerous commands like 'rm -rf' and 'sudo' are blocked by default, using word-boundary-aware matching. A rate limiter helps prevent command flooding, protecting against abuse. The core functionality involves `child_process.spawn` with `shell: true`, which is an inherent risk vector when executing arbitrary commands, but this is mitigated by the command blocking list and the design's focus on containing AI access. A security warning is logged if scrubbing is detected to be ineffective. Overall, it implements a strong set of controls for its stated purpose.
Similar Servers
wcgw
Empowering chat applications to code, build, and run on your local machine by providing tightly integrated shell and code editing tools.
tfmcp
A CLI tool and MCP server that enables LLMs to analyze, manage, and operate Terraform configurations and infrastructure environments.
dev-kit-mcp-server
A Model Context Protocol (MCP) server targeted for agent development tools, providing scoped authorized operations in the root project directory.
mcp-safe-run
Securely launches Model Context Protocol (MCP) servers by dynamically resolving and injecting sensitive credentials (secrets) from various sources (environment, files, OS keychain) into the server's environment.