critical

@modelcontextprotocol/server-sequential-thinking

v2025.12.18

MCP server for sequential thinking and problem solving

npmpcarletonFirst seen Feb 22, 2026

Total

Critical

High

Medium

Findings

unknown

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5:     disableThoughtLogging;
    6:     constructor() {
>>> 7:         this.disableThoughtLogging = (process.env.DISABLE_THOUGHT_LOGGING || "").toLowerCase() === "true";
    8:     }
    9:     formatThought(thoughtData) {

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: I�z{bjT�y"��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �.�G��h�"ޞa

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

Scan History

Date	Risk	Findings	Files	Duration
Feb 25, 2026	critical	3	5	0.00s
Feb 23, 2026	critical	3	5	0.00s
Feb 22, 2026	critical	3	5	0.00s