ai.smithery/arjunkmrm-brave-search-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    61:       '--transport <stdio|http>',
    62:       'transport type',
>>> 63:       process.env.BRAVE_MCP_TRANSPORT ?? 'stdio'
    64:     )
    65:     .option(

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    57:   const program = new Command()
    58:     .option('--brave-api-key <string>', 'Brave API key', process.env.BRAVE_API_KEY ?? '')
>>> 59:     .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
    60:     .option(
    61:       '--transport <stdio|http>',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    81:       '--host <string>',
    82:       'desired host for HTTP transport',
>>> 83:       process.env.BRAVE_MCP_HOST ?? '0.0.0.0'
    84:     )
    85:     .allowUnknownOption()

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    66:       '--enabled-tools <names...>',
    67:       'tools to enable',
>>> 68:       process.env.BRAVE_MCP_ENABLED_TOOLS?.split(' ') ?? []
    69:     )
    70:     .option(

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    76:       '--port <number>',
    77:       'desired port for HTTP transport',
>>> 78:       process.env.BRAVE_MCP_PORT ?? '8080'
    79:     )
    80:     .option(

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    71:       '--disabled-tools <names...>',
    72:       'tools to disable',
>>> 73:       process.env.BRAVE_MCP_DISABLED_TOOLS?.split(' ') ?? []
    74:     )
    75:     .option(

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    56: export function getOptions(): Configuration | false {
    57:   const program = new Command()
>>> 58:     .option('--brave-api-key <string>', 'Brave API key', process.env.BRAVE_API_KEY ?? '')
    59:     .option('--logging-level <string>', 'Logging level', process.env.BRAVE_MCP_LOG_LEVEL ?? 'info')
    60:     .option(

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1: /node_modules
    2: /dist
>>> 3: .env
    4: .smithery

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    41:   port: 8080,
    42:   host: '0.0.0.0',
>>> 43:   braveApiKey: process.env.BRAVE_API_KEY ?? '',
    44:   loggingLevel: 'info',
    45:   ready: false,

Decoded base64 content: ����N^��붶��;}�^����m���o��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��{q�u�]�s^�s~��������9sG�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: kM���|�5wW}}��y���Ƹk�[k�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��nZ ��(�֢����)���nr)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��t�oy�^�m<w�|���s�5�ݼ�:�v

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {��׽Z�׶ק���y�7iֶN�վ�w��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ۭ�ߝ��ݵoǺ�W5�v}�}���ٮ���7

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ۭ�ߝ��ݵoǺ�W5�v}�}���ٮ���7

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ӭ������}�;��s�[sM��Z��9oN�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��:�M�w�4}׽�F���<�m�u����}Ӷ�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: kO9�͸�:۷���_۟Zm��oWu�}׎8

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��s�u}�׷_k���u�{wν�|���{}wsg7��v�}]�^��<

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��s�u}�׷_k���u�{wν�|���{}wsg7��v�}]�^��<

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Cy����^�笴w�u��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Cy����^�笴w�u��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

>>> 1: FROM node:alpine@sha256:77f3c4d1f33c17dfa4af4b0add57d86957187873e313c2c37f52831d117645c8 AS builder
    2: 
    3: RUN apk add --no-cache openssl=3.5.4-r0

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    124:       - name: Install MCP Publisher
    125:         run: |
>>> 126:           curl -L "https://github.com/modelcontextprotocol/registry/releases/download/v1.2.3/mcp-publisher_1.2.3_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
    127: 
    128:       - name: Login to MCP Registry

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    15: RUN npm run build
    16: 
>>> 17: FROM node:alpine@sha256:77f3c4d1f33c17dfa4af4b0add57d86957187873e313c2c37f52831d117645c8 AS release
    18: 
    19: RUN apk add --no-cache openssl=3.5.4-r0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    92:   const urlWithParams = url.toString() + '?' + queryParams.toString();
    93:   const headers = { ...getDefaultRequestHeaders(), ...requestHeaders } as Headers;
>>> 94:   const response = await fetch(urlWithParams, { headers });
    95: 
    96:   // Handle Error