@moralisweb3/api-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

>>> 1: // Load environment variables from .env file
    2: import dotenv from 'dotenv';
    3: dotenv.config();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5:     evm: {
    6:         prefix: 'evm_',
>>> 7:         baseUrl: process.env.API_BASE_URL || 'https://deep-index.moralis.io/api/v2.2',
    8:         specUrl: process.env.API_SPEC_URL ||
    9:             'https://deep-index.moralis.io/api-docs-2.2/v2.2/swagger.json',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6:         prefix: 'evm_',
    7:         baseUrl: process.env.API_BASE_URL || 'https://deep-index.moralis.io/api/v2.2',
>>> 8:         specUrl: process.env.API_SPEC_URL ||
    9:             'https://deep-index.moralis.io/api-docs-2.2/v2.2/swagger.json',
    10:     },

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11:     solana: {
    12:         prefix: 'solana_',
>>> 13:         baseUrl: process.env.SOLANA_BASE_URL || 'https://solana-gateway.moralis.io',
    14:         specUrl: process.env.SOLANA_SPEC_URL ||
    15:             'https://solana-gateway.moralis.io/api-json',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:         prefix: 'solana_',
    13:         baseUrl: process.env.SOLANA_BASE_URL || 'https://solana-gateway.moralis.io',
>>> 14:         specUrl: process.env.SOLANA_SPEC_URL ||
    15:             'https://solana-gateway.moralis.io/api-json',
    16:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    20:  */
    21: export class Config {
>>> 22:     static SERVER_NAME = process.env.SERVER_NAME || 'Moralis MCP';
    23:     static SERVER_VERSION = process.env.SERVER_VERSION || '1.0.0';
    24:     static SERVER_CONFIG = configs[process.env.SERVER_CONFIG || ''];

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    21: export class Config {
    22:     static SERVER_NAME = process.env.SERVER_NAME || 'Moralis MCP';
>>> 23:     static SERVER_VERSION = process.env.SERVER_VERSION || '1.0.0';
    24:     static SERVER_CONFIG = configs[process.env.SERVER_CONFIG || ''];
    25:     static MORALIS_API_KEY = process.env.MORALIS_API_KEY;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    22:     static SERVER_NAME = process.env.SERVER_NAME || 'Moralis MCP';
    23:     static SERVER_VERSION = process.env.SERVER_VERSION || '1.0.0';
>>> 24:     static SERVER_CONFIG = configs[process.env.SERVER_CONFIG || ''];
    25:     static MORALIS_API_KEY = process.env.MORALIS_API_KEY;
    26:     static EVM_CONFIG = configs.evm;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    23:     static SERVER_VERSION = process.env.SERVER_VERSION || '1.0.0';
    24:     static SERVER_CONFIG = configs[process.env.SERVER_CONFIG || ''];
>>> 25:     static MORALIS_API_KEY = process.env.MORALIS_API_KEY;
    26:     static EVM_CONFIG = configs.evm;
    27:     static SOL_CONFIG = configs.solana;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    70: process.on('SIGTERM', cleanup);
    71: // accepts an optional argument --transport to specify the transport type
>>> 72: let transport = process.env.MCP_TRANSPORT || TransportType.STDIO;
    73: const args = process.argv.slice(2);
    74: if (args.length > 0) {

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    243:     try {
    244:         const zodSchemaString = jsonSchemaToZod(jsonSchema);
>>> 245:         const zodSchema = eval(zodSchemaString);
    246:         if (typeof zodSchema?.parse !== 'function') {
    247:             throw new Error('Eval did not produce a valid Zod schema.');

Decoded base64 content: ��.�+rEꮊ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��.�+rEꮊ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��.�+rEꮊ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    84:     const params = [];
    85:     let match;
>>> 86:     while ((match = paramRegex.exec(urlTemplate)) !== null) {
    87:         params.push(match[1]);
    88:     }

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.