zd-mcp-server
v0.5.0Zendesk MCP Server - Model Context Protocol server for Zendesk Support integration
5
Total
4
Critical
0
High
1
Medium
Findings
unknownEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
68: }
69: const client = zendesk.createClient({
>>> 70: username: process.env.ZENDESK_EMAIL,
71: token: process.env.ZENDESK_TOKEN,
72: remoteUri: `https://${process.env.ZENDESK_SUBDOMAIN}.zendesk.com/api/v2`,Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
69: const client = zendesk.createClient({
70: username: process.env.ZENDESK_EMAIL,
>>> 71: token: process.env.ZENDESK_TOKEN,
72: remoteUri: `https://${process.env.ZENDESK_SUBDOMAIN}.zendesk.com/api/v2`,
73: });Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
70: username: process.env.ZENDESK_EMAIL,
71: token: process.env.ZENDESK_TOKEN,
>>> 72: remoteUri: `https://${process.env.ZENDESK_SUBDOMAIN}.zendesk.com/api/v2`,
73: });
74: export function zenDeskTools(server) {Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
64: }
65: // Environment-based client for backward compatibility
>>> 66: if (!process.env.ZENDESK_EMAIL || !process.env.ZENDESK_TOKEN || !process.env.ZENDESK_SUBDOMAIN) {
67: throw new Error('Missing required environment variables: ZENDESK_EMAIL, ZENDESK_TOKEN, ZENDESK_SUBDOMAIN');
68: }High-entropy string (4.8 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positiveScan History
| Date | Risk | Findings | Files | Duration |
|---|---|---|---|---|
| Feb 25, 2026 | critical | 5 | 6 | 0.00s |
| Feb 23, 2026 | critical | 5 | 6 | 0.00s |
| Feb 22, 2026 | critical | 5 | 6 | 0.00s |