teamflect-mcp-server
v1.0.13MCP server for Teamflect API integration
15
Total
5
Critical
5
High
5
Medium
Findings
unknownEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
6: * including goals, feedback, recognitions, reviews, tasks, and user management.
7: */
>>> 8: // Load environment variables from .env file
9: import "dotenv/config";
10: import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
64: await transport.handleRequest(req, res, req.body);
65: });
>>> 66: const port = parseInt(process.env.PORT || "3000", 10);
67: app.listen(port, () => {
68: console.error(`Teamflect MCP server running on http://localhost:${port}/mcp`);Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
70: }
71: // Choose transport based on environment variable
>>> 72: const transport = process.env.TRANSPORT || "stdio";
73: if (transport === "http") {
74: runHTTP().catch((error) => {Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
84: */
85: export function createApiClient() {
>>> 86: const apiKey = process.env.TEAMFLECT_API_KEY;
87: if (!apiKey) {
88: throw new Error("TEAMFLECT_API_KEY environment variable is required");Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
59: "dist",
60: "README.md",
>>> 61: ".env.example"
62: ]
63: }Decoded base64 content: J�b�'���ӭ�즊�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��^��'��m��-��%��d
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: J�b�'���ӭ�즊�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��"�E�(�x���Ӣ�l
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��"�E�(�x���Ӣ�l
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveHigh-entropy string (4.6 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positiveHigh-entropy string (4.6 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positiveHigh-entropy string (4.6 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positiveHigh-entropy string (4.5 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positiveHigh-entropy string (4.5 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positiveScan History
| Date | Risk | Findings | Files | Duration |
|---|---|---|---|---|
| Feb 25, 2026 | critical | 15 | 48 | 0.00s |
| Feb 23, 2026 | critical | 15 | 48 | 0.00s |
| Feb 22, 2026 | critical | 15 | 48 | 0.00s |