1password-mcp-server

The server has critical security flaws that undermine its stated 'enterprise-grade security hardening' and 'P1 security hardening' claims. Specifically: 1. **Credential Bypass in Secure Memory Protection (C-1)**: The `SecureString` wrapper, intended for memory protection, is immediately bypassed by calling `.get_value()` within its own context. This extracts the plaintext password and places it into a standard dictionary before returning, rendering the `SecureString` ineffective for the *returned* credential's memory lifecycle, creating a false sense of security. 2. **No Authentication or Authorization for MCP Tools (C-2)**: The server fundamentally lacks an authentication or authorization layer for incoming MCP tool requests. Any process that can connect to the server (e.g., locally via stdio) can request *any* accessible 1Password credential, bypassing the principle of least privilege and user accountability. 3. **Service Account Token Stored in Plaintext Memory (C-3)**: The critical 1Password service account token, which grants broad access to vaults, is loaded as a plaintext Python string and remains unprotected in memory throughout the server's operation. This exposes the token to memory dumps, debuggers, and other memory inspection techniques. These issues represent fundamental vulnerabilities that contradict the project's security assertions, making it highly unsafe for sensitive data in any environment.