MCP server for interacting with MySQL databases with write operations support
Drift inferred · capture-to-capture
- HIGH code analysis flagged committed secret in @benborla29/mcp-server-mysql
transport stdio · streamable-http · http counts 0 tools · 0 res
· 0 prompts
permission surface via code analysis
no tools enumerated yet for this server.
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed v2.0.8 · analyzer v17 · 2d ago
danger signals1
- committed secretcommitted .envpackage/dist/.env:1
env file shipped with populated values
evidence-backed
findings quoted directly from the published source artifact — not inferred
filesystem 1
- fs package/dist/index.js :12
import { realpathSync } from 'fs';
secrets 1
- secrets package/dist/src/config/index.js :21
export const REMOTE_SECRET_KEY = process.env.REMOTE_SECRET_KEY || "";
declared dependencies 21
- @ai-sdk/openai@^1.3.22
- @modelcontextprotocol/sdk@1.15.1
- dotenv@^16.5.0
- express@^5.1.0
- mcp-evals@^1.0.18
- mysql2@^3.14.1
- node-sql-parser@^5.3.9
- zod@^3.25.67
- @types/express@^5.0.3
- @types/jest@^29.5.14
- @types/node@^20.17.50
- @typescript-eslint/eslint-plugin@^8.35.0
- @typescript-eslint/parser@^8.35.0
- eslint@^9.27.0
- markdownlint-cli@^0.45.0
- shx@^0.3.4
- ts-node@^10.9.2
- tslib@^2.8.1
- tsx@^4.19.4
- typescript@^5.8.3
- vitest@^1.6.1