@bitwarden/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5: export const API_BASE_URL = process.env['BW_API_BASE_URL'] || 'https://api.bitwarden.com';
    6: export const IDENTITY_URL = process.env['BW_IDENTITY_URL'] || 'https://identity.bitwarden.com';
>>> 7: export const CLIENT_ID = process.env['BW_CLIENT_ID'];
    8: export const CLIENT_SECRET = process.env['BW_CLIENT_SECRET'];
    9: //# sourceMappingURL=config.js.map

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    239:         const resolvedPath = path.resolve(normalizedPath);
    240:         // Step 9: Get allowed directories from environment variable
>>> 241:         const allowedDirsEnv = process.env['BW_ALLOWED_DIRECTORIES'];
    242:         let allowedDirectories;
    243:         if (allowedDirsEnv && allowedDirsEnv.trim()) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    4: // API Configuration
    5: export const API_BASE_URL = process.env['BW_API_BASE_URL'] || 'https://api.bitwarden.com';
>>> 6: export const IDENTITY_URL = process.env['BW_IDENTITY_URL'] || 'https://identity.bitwarden.com';
    7: export const CLIENT_ID = process.env['BW_CLIENT_ID'];
    8: export const CLIENT_SECRET = process.env['BW_CLIENT_SECRET'];

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    3:  */
    4: // API Configuration
>>> 5: export const API_BASE_URL = process.env['BW_API_BASE_URL'] || 'https://api.bitwarden.com';
    6: export const IDENTITY_URL = process.env['BW_IDENTITY_URL'] || 'https://identity.bitwarden.com';
    7: export const CLIENT_ID = process.env['BW_CLIENT_ID'];

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    24:         return new Promise((resolve) => {
    25:             const child = spawn('bw', [command, ...args], {
>>> 26:                 env: process.env,
    27:                 shell: false, // Explicitly disable shell to prevent injection
    28:             });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6: export const IDENTITY_URL = process.env['BW_IDENTITY_URL'] || 'https://identity.bitwarden.com';
    7: export const CLIENT_ID = process.env['BW_CLIENT_ID'];
>>> 8: export const CLIENT_SECRET = process.env['BW_CLIENT_SECRET'];
    9: //# sourceMappingURL=config.js.map

Decoded base64 content: ���jX�y�%��t8�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    264: ### Best Practices
    265: 
>>> 266: - Store credentials securely (use system keychains or environment managers)
    267: - Rotate session tokens regularly
    268: - Review audit logs periodically for suspicious activity

Decoded base64 content: ������� i�'�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    2:  * CLI command execution utilities
    3:  */
>>> 4: import { spawn } from 'child_process';
    5: import { buildSafeCommand, isValidBitwardenCommand } from './security.js';
    6: /**

Decoded base64 content: �&{��z�ݣ 塧l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���jX�y�%��t8�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���jX�y�%��t8�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    20:     }
    21:     try {
>>> 22:         const response = await fetch(`${IDENTITY_URL}/connect/token`, {
    23:             method: 'POST',
    24:             headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    78:         const requestConfig = await buildSafeApiRequest(endpoint, method, data);
    79:         const url = `${API_BASE_URL}${endpoint}`;
>>> 80:         const response = await fetch(url, requestConfig);
    81:         let responseData;
    82:         const contentType = response.headers.get('content-type');

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.