Drift inferred · capture-to-capture
No drift recorded — single capability capture; advisories appear once its surface changes.
transport stdio · http counts 0 tools · 0 res
· 0 prompts
permission surface via code analysis
no tools enumerated yet for this server.
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed commit 7be8113 · analyzer v18 · 9h ago
danger signals1
- credential in logscredential in lograkeshgangwar-strava-mcp-server-7be8113/get-strava-token.js:62
console.log(`Access Token: ${access_token}`);
evidence-backed
findings quoted directly from the published source artifact — not inferred
network 2
- net rakeshgangwar-strava-mcp-server-7be8113/get-strava-token.js :3
import axios from 'axios'; - net rakeshgangwar-strava-mcp-server-7be8113/src/index.ts :10
import axios from 'axios';
secrets 1
- secrets rakeshgangwar-strava-mcp-server-7be8113/src/index.ts :14
const STRAVA_CLIENT_SECRET = process.env.STRAVA_CLIENT_SECRET;
declared dependencies 6
- @modelcontextprotocol/sdk@^1.6.1
- @types/node@^22.13.10
- axios@^1.8.2
- express@^5.0.1
- open@^10.1.0
- typescript@^5.8.2