app.tradeit/mcp

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    22: 
    23: # Environment variables
>>> 24: .env
    25: .env.local
    26: .env.*.local

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    23: # Environment variables
    24: .env
>>> 25: .env.local
    26: .env.*.local
    27: *.env

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    24: .env
    25: .env.local
>>> 26: .env.*.local
    27: *.env
    28: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    25: .env.local
    26: .env.*.local
>>> 27: *.env
    28: 
    29: # Secrets

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    24:       - name: Install mcp-publisher
    25:         run: |
>>> 26:           curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
    27:           chmod +x mcp-publisher
    28: 

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.