Security Scan Report

Automated Analysis Pipeline

Generated
2026-03-20 19:25:43

Security Score

91
Pipeline Health

Vulnerabilities

Scanners Run

Bandit (SAST)
5 Issues
Safety (Deps)
0 Issues
NPM Audit
0 Issues

Code Analysis Findings

MEDIUM Possible binding to all interfaces.
./src/chaimcp/main.py:54

Confidence: MEDIUM

53     transport_security=transport_security,
54     host="0.0.0.0" # Bind to all interfaces to receive Ingress traffic
55 )
LOW Possible hardcoded password: 'chaimcp_secret'
./src/chaimcp/main.py:300

Confidence: MEDIUM

299         "client_id": "chaimcp_client",
300         "client_secret": "chaimcp_secret",
301         "client_id_issued_at": 1700000000,
302         "token_endpoint_auth_method": "client_secret_basic"
303     }, status_code=201)
304 
305 @mcp.custom_route("/token", methods=["POST"])
306 async def oauth_token(request):
LOW Possible hardcoded password: 'client_secret_basic'
./src/chaimcp/main.py:302

Confidence: MEDIUM

301         "client_id_issued_at": 1700000000,
302         "token_endpoint_auth_method": "client_secret_basic"
303     }, status_code=201)
304 
305 @mcp.custom_route("/token", methods=["POST"])
306 async def oauth_token(request):
307     token = os.environ.get("MCP_AUTH_TOKEN", "mock_token")
308     return JSONResponse({
LOW Possible hardcoded password: 'Bearer'
./src/chaimcp/main.py:310

Confidence: MEDIUM

309         "access_token": token,
310         "token_type": "Bearer",
311         "expires_in": 3600
312     })
313 
314 def main():
315     """Entry point for the application script."""
MEDIUM Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
./test_requests.py:4

Confidence: HIGH

3     req = urllib.request.Request("http://127.0.0.1:8889/.well-known/oauth-authorization-server")
4     with urllib.request.urlopen(req) as response:
5         print("STATUS:", response.status)

Dependency Findings

No dependency vulnerabilities found. 🎉