@z_ai/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    99:     // - Otherwise use user home directory: ~/.zai/zai-mcp-YYYY-MM-DD.log (Windows/macOS/Linux)
    100:     const resolveLogFilePath = () => {
>>> 101:         const envPath = process.env.ZAI_MCP_LOG_PATH;
    102:         if (envPath && envPath.trim().length > 0) {
    103:             return path.resolve(envPath);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    26:     }
    27:     /**
>>> 28:      * Load environment configuration from process.env
    29:      */
    30:     loadEnvironmentConfig() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    29:      */
    30:     loadEnvironmentConfig() {
>>> 31:         const envConfig = { ...process.env };
    32:         if (!envConfig.Z_AI_BASE_URL) {
    33:             // for z.ai paas is https://api.z.ai/api/paas/v4/

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15: When extracting terminal or console output, maintain the temporal structure. If there are timestamps, preserve them exactly. If there are log levels (INFO, WARN, ERROR), keep them aligned as they appear. Command-line prompts (like $ or >) should be preserved to distinguish commands from their output. The spacing and alignment in terminal output often carry meaning—error messages might be indented, or output might be in columns.
    16: 
>>> 17: For configuration files (JSON, YAML, XML, .env files, etc.), the structure is paramount. In YAML, indentation defines hierarchy. In JSON, brace matching is critical. In .env files, the exact format of key=value pairs matters. Transcribe these with extreme precision, as a single misalignment or misplaced character can make the configuration invalid.
    18: 
    19: When extracting documentation or prose text, preserve the formatting that conveys structure and emphasis. If there are headings, note their hierarchy. If there are bullet points or numbered lists, maintain that structure. If certain words or phrases appear bold, italic, or in a different font (like \`code spans\` in markdown), indicate this in your transcription.

Decoded base64 content: r�ߊ�jب�'��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�jب�'��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�jب�'��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�jب�'��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    48:         const timeoutId = setTimeout(() => controller.abort(), apiConfig.timeout);
    49:         try {
>>> 50:             const response = await fetch(url, {
    51:                 method: 'POST',
    52:                 headers: {