sysdig-mcp-server

The server offers an option (`SYSDIG_MCP_API_SKIP_TLS_VERIFICATION=true`) to skip TLS verification, which, while useful for self-signed certificates in specific deployments (e.g., on-prem), introduces a significant security risk for Man-in-the-Middle (MITM) attacks if used improperly in production environments. The `generate_sysql` tool has a known limitation where it does not work with Service Account tokens and returns a 500 error, requiring a regular user API token instead. Tools dynamically filter based on user permissions, which is a strong positive security control. Direct SysQL execution is possible via `run_sysql`, and while SysQL is designed for secure querying, a robust prompt engineering or validation layer is crucial on the LLM side to prevent unintended data exposure or resource strain. No obvious hardcoded secrets or malicious patterns were found in the provided code snippet; API tokens are loaded from environment variables or HTTP headers, which is good practice.