ICUICU
critical

@brave/brave-search-mcp-server

v2.0.72

Brave Search MCP Server: web results, images, videos, rich results, AI summaries, and more.

npmbrave.comFirst seen Feb 22, 2026

13

Total

10

Critical

2

High

1

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    64:         .option('--port <number>', 'desired port for HTTP transport', process.env.BRAVE_MCP_PORT ?? '8080')
    65:         .option('--host <string>', 'desired host for HTTP transport', process.env.BRAVE_MCP_HOST ?? '0.0.0.0')
>>> 66:         .option('--stateless <boolean>', 'whether the server should be stateless', process.env.BRAVE_MCP_STATELESS === 'true' ? true : false)
    67:         .allowUnknownOption()
    68:         .parse(process.argv);
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10:         .string()
    11:         .describe('Your API key')
>>> 12:         .default(process.env.BRAVE_API_KEY ?? ''),
    13:     enabledTools: z
    14:         .array(z.string())
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    43:     port: 8080,
    44:     host: '0.0.0.0',
>>> 45:     braveApiKey: process.env.BRAVE_API_KEY ?? '',
    46:     loggingLevel: 'info',
    47:     ready: false,
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    57: export function getOptions() {
    58:     const program = new Command()
>>> 59:         .option('--brave-api-key <string>', 'Brave API key', process.env.BRAVE_API_KEY ?? '')
    60:         .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
    61:         .option('--transport <stdio|http>', 'transport type', process.env.BRAVE_MCP_TRANSPORT ?? 'stdio')
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    58:     const program = new Command()
    59:         .option('--brave-api-key <string>', 'Brave API key', process.env.BRAVE_API_KEY ?? '')
>>> 60:         .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
    61:         .option('--transport <stdio|http>', 'transport type', process.env.BRAVE_MCP_TRANSPORT ?? 'stdio')
    62:         .option('--enabled-tools <names...>', 'tools to enable', process.env.BRAVE_MCP_ENABLED_TOOLS?.trim().split(' ') ?? [])
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    59:         .option('--brave-api-key <string>', 'Brave API key', process.env.BRAVE_API_KEY ?? '')
    60:         .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
>>> 61:         .option('--transport <stdio|http>', 'transport type', process.env.BRAVE_MCP_TRANSPORT ?? 'stdio')
    62:         .option('--enabled-tools <names...>', 'tools to enable', process.env.BRAVE_MCP_ENABLED_TOOLS?.trim().split(' ') ?? [])
    63:         .option('--disabled-tools <names...>', 'tools to disable', process.env.BRAVE_MCP_DISABLED_TOOLS?.trim().split(' ') ?? [])
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    60:         .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
    61:         .option('--transport <stdio|http>', 'transport type', process.env.BRAVE_MCP_TRANSPORT ?? 'stdio')
>>> 62:         .option('--enabled-tools <names...>', 'tools to enable', process.env.BRAVE_MCP_ENABLED_TOOLS?.trim().split(' ') ?? [])
    63:         .option('--disabled-tools <names...>', 'tools to disable', process.env.BRAVE_MCP_DISABLED_TOOLS?.trim().split(' ') ?? [])
    64:         .option('--port <number>', 'desired port for HTTP transport', process.env.BRAVE_MCP_PORT ?? '8080')
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    61:         .option('--transport <stdio|http>', 'transport type', process.env.BRAVE_MCP_TRANSPORT ?? 'stdio')
    62:         .option('--enabled-tools <names...>', 'tools to enable', process.env.BRAVE_MCP_ENABLED_TOOLS?.trim().split(' ') ?? [])
>>> 63:         .option('--disabled-tools <names...>', 'tools to disable', process.env.BRAVE_MCP_DISABLED_TOOLS?.trim().split(' ') ?? [])
    64:         .option('--port <number>', 'desired port for HTTP transport', process.env.BRAVE_MCP_PORT ?? '8080')
    65:         .option('--host <string>', 'desired host for HTTP transport', process.env.BRAVE_MCP_HOST ?? '0.0.0.0')
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    62:         .option('--enabled-tools <names...>', 'tools to enable', process.env.BRAVE_MCP_ENABLED_TOOLS?.trim().split(' ') ?? [])
    63:         .option('--disabled-tools <names...>', 'tools to disable', process.env.BRAVE_MCP_DISABLED_TOOLS?.trim().split(' ') ?? [])
>>> 64:         .option('--port <number>', 'desired port for HTTP transport', process.env.BRAVE_MCP_PORT ?? '8080')
    65:         .option('--host <string>', 'desired host for HTTP transport', process.env.BRAVE_MCP_HOST ?? '0.0.0.0')
    66:         .option('--stateless <boolean>', 'whether the server should be stateless', process.env.BRAVE_MCP_STATELESS === 'true' ? true : false)
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    63:         .option('--disabled-tools <names...>', 'tools to disable', process.env.BRAVE_MCP_DISABLED_TOOLS?.trim().split(' ') ?? [])
    64:         .option('--port <number>', 'desired port for HTTP transport', process.env.BRAVE_MCP_PORT ?? '8080')
>>> 65:         .option('--host <string>', 'desired host for HTTP transport', process.env.BRAVE_MCP_HOST ?? '0.0.0.0')
    66:         .option('--stateless <boolean>', 'whether the server should be stateless', process.env.BRAVE_MCP_STATELESS === 'true' ? true : false)
    67:         .allowUnknownOption()
Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cy����^�笴w�u��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cy����^�笴w�u��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    80:     const urlWithParams = url.toString() + '?' + queryParams.toString();
    81:     const headers = { ...getDefaultRequestHeaders(), ...requestHeaders };
>>> 82:     const response = await fetch(urlWithParams, { headers });
    83:     // Handle Error
    84:     if (!response.ok) {
Report false positive

Scan History

DateRiskFindings
Feb 25, 2026critical13
Feb 23, 2026critical13
Feb 22, 2026critical13