@openbnb/mcp-server-airbnb

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19:     }
    20:     catch (error) {
>>> 21:         return process.env.MCP_SERVER_VERSION || "unknown";
    22:     }
    23: }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:     try {
    17:         const packageJson = JSON.parse(readFileSync(join(__dirname, '../package.json'), 'utf8'));
>>> 18:         return process.env.MCP_SERVER_VERSION || packageJson.version || "unknown";
    19:     }
    20:     catch (error) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    132: const BASE_URL = "https://www.airbnb.com";
    133: // Configuration from environment variables (set by DXT host)
>>> 134: const IGNORE_ROBOTS_TXT = process.env.IGNORE_ROBOTS_TXT === "true" || process.argv.slice(2).includes("--ignore-robots-txt");
    135: const robotsErrorMessage = "This path is disallowed by Airbnb's robots.txt to this User-agent. You may or may not want to run the server with '--ignore-robots-txt' args";
    136: let robotsTxtContent = "";

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����^��'��m��-��%�ǫ���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    146:         const controller = new AbortController();
    147:         const timeoutId = setTimeout(() => controller.abort(), 10000); // 10 second timeout
>>> 148:         const response = await fetch(`${BASE_URL}/robots.txt`, {
    149:             headers: {
    150:                 "User-Agent": USER_AGENT,

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    190:     const timeoutId = setTimeout(() => controller.abort(), timeout);
    191:     try {
>>> 192:         const response = await fetch(url, {
    193:             headers: {
    194:                 "User-Agent": USER_AGENT,

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    138: async function fetchRobotsTxt() {
    139:     if (IGNORE_ROBOTS_TXT) {
>>> 140:         log('info', 'Skipping robots.txt fetch (ignored by configuration)');
    141:         return;
    142:     }