ICUICU
critical

@mondaydotcomorg/monday-api-mcp

v1.16.1

MCP server for using the monday.com API

npmmonday-npm-publisherFirst seen Feb 22, 2026Source

2

Total

2

Critical

0

High

0

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    25:         if (argValue === undefined) {
    26:             const envVarName = `MONDAY_${config.name.toUpperCase()}`;
>>> 27:             if (process.env[envVarName]) {
    28:                 argValue = process.env[envVarName];
    29:             }
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    26:             const envVarName = `MONDAY_${config.name.toUpperCase()}`;
    27:             if (process.env[envVarName]) {
>>> 28:                 argValue = process.env[envVarName];
    29:             }
    30:         }
Report false positive

Scan History

DateRiskFindings
Feb 25, 2026critical2
Feb 23, 2026critical2
Feb 22, 2026critical2