@resourcexjs/mcp-server
v2.15.0ResourceX MCP Server for AI Agents
6
Total
5
Critical
0
High
1
Medium
Findings
unknownEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
28: try {
29: const rxHome =
>>> 30: process.env.RESOURCEX_HOME ||
31: process.env.RX_HOME ||
32: join(homedir(), ".deepractice", "resourcex");Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
29: const rxHome =
30: process.env.RESOURCEX_HOME ||
>>> 31: process.env.RX_HOME ||
32: join(homedir(), ".deepractice", "resourcex");
33: const configPath = join(rxHome, "config.json");Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
53:
54: // Environment variables take precedence over shared config
>>> 55: const registry = process.env.RESOURCEX_REGISTRY ?? sharedConfig.registry;
56: const storagePath = process.env.RESOURCEX_PATH ?? sharedConfig.path;
57: Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
54: // Environment variables take precedence over shared config
55: const registry = process.env.RESOURCEX_REGISTRY ?? sharedConfig.registry;
>>> 56: const storagePath = process.env.RESOURCEX_PATH ?? sharedConfig.path;
57:
58: // Initialize ResourceX clientEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
49: // but keep the same storage path
50: if (registry && registry !== defaultRegistry) {
>>> 51: const storagePath = process.env.RESOURCEX_PATH;
52: const client = createResourceX({ registry, path: storagePath });
53: await client.push(locator);High-entropy string (4.7 bits/char) — possible encoded payload
Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.
Report false positive