ai.smithery/arjunkmrm-brave-search-mcp-server
v2.0.25Search the web, images, videos, news, and local businesses with robust filters, freshness controls…
29
Total
9
Critical
15
High
5
Medium
Findings
unknownEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
61: '--transport <stdio|http>',
62: 'transport type',
>>> 63: process.env.BRAVE_MCP_TRANSPORT ?? 'stdio'
64: )
65: .option(Report false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
57: const program = new Command()
58: .option('--brave-api-key <string>', 'Brave API key', process.env.BRAVE_API_KEY ?? '')
>>> 59: .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
60: .option(
61: '--transport <stdio|http>',Report false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
81: '--host <string>',
82: 'desired host for HTTP transport',
>>> 83: process.env.BRAVE_MCP_HOST ?? '0.0.0.0'
84: )
85: .allowUnknownOption()Report false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
66: '--enabled-tools <names...>',
67: 'tools to enable',
>>> 68: process.env.BRAVE_MCP_ENABLED_TOOLS?.split(' ') ?? []
69: )
70: .option(Report false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
76: '--port <number>',
77: 'desired port for HTTP transport',
>>> 78: process.env.BRAVE_MCP_PORT ?? '8080'
79: )
80: .option(Report false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
71: '--disabled-tools <names...>',
72: 'tools to disable',
>>> 73: process.env.BRAVE_MCP_DISABLED_TOOLS?.split(' ') ?? []
74: )
75: .option(Report false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
56: export function getOptions(): Configuration | false {
57: const program = new Command()
>>> 58: .option('--brave-api-key <string>', 'Brave API key', process.env.BRAVE_API_KEY ?? '')
59: .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
60: .option(Report false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
1: /node_modules
2: /dist
>>> 3: .env
4: .smitheryReport false positiveEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
41: port: 8080,
42: host: '0.0.0.0',
>>> 43: braveApiKey: process.env.BRAVE_API_KEY ?? '',
44: loggingLevel: 'info',
45: ready: false,Report false positiveDecoded base64 content: ����N^��붶��;}�^����m���o��
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��{q�u�]�s^�s~��������9sG�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: kM���|�5wW}}��y���Ƹk�[k�����
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: r��nZ ��(�֢����)���nr)�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��t�oy�^�m<w�|���s�5�ݼ�:�v
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: {��Z�ק���y�7iֶN�վ�w��
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ۭ�ߝ��ݵoǺ�W5�v}�}���ٮ���7
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ۭ�ߝ��ݵoǺ�W5�v}�}���ٮ���7
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ӭ������}�;��s�[sM��Z��9oN�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��:�M�w�4}�F���<�m�u����}Ӷ�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: kO9��:۷���_۟Zm��oWu�}8
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��s�u}�_k���u�{wν�|���{}wsg7��v�}]�^��<
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��s�u}�_k���u�{wν�|���{}wsg7��v�}]�^��<
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��Cy����^�笴w�u��
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��Cy����^�笴w�u��
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positivePossible Base64-encoded payload (long encoded string)
Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.
>>> 1: FROM node:alpine@sha256:77f3c4d1f33c17dfa4af4b0add57d86957187873e313c2c37f52831d117645c8 AS builder
2:
3: RUN apk add --no-cache openssl=3.5.4-r0Report false positiveHigh-entropy string (5.0 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positivePossible Base64-encoded payload (long encoded string)
Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.
124: - name: Install MCP Publisher
125: run: |
>>> 126: curl -L "https://github.com/modelcontextprotocol/registry/releases/download/v1.2.3/mcp-publisher_1.2.3_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
127:
128: - name: Login to MCP RegistryReport false positivePossible Base64-encoded payload (long encoded string)
Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.
15: RUN npm run build
16:
>>> 17: FROM node:alpine@sha256:77f3c4d1f33c17dfa4af4b0add57d86957187873e313c2c37f52831d117645c8 AS release
18:
19: RUN apk add --no-cache openssl=3.5.4-r0Report false positiveJavaScript fetch() call
Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.
92: const urlWithParams = url.toString() + '?' + queryParams.toString();
93: const headers = { ...getDefaultRequestHeaders(), ...requestHeaders } as Headers;
>>> 94: const response = await fetch(urlWithParams, { headers });
95:
96: // Handle ErrorReport false positiveScan History
| Date | Risk | Findings | Files | Duration |
|---|---|---|---|---|
| Feb 26, 2026 | critical | 29 | 47 | 0.00s |
| Feb 24, 2026 | critical | 29 | 47 | 0.00s |