gap-sdk-testing-gemini
GithubuserX/gap-sdk-testing-geminiGoogle Gemini SDK-based testing script for GAP MCP server with structured data support
Warning — this looks like a fake "GitHub" account
This repo's owner "GithubuserX" is suspiciously similar to the verified publisher "github" (GitHub). This could be a typosquatting attack — someone impersonating a trusted brand to trick you into installing malicious code. Verify the owner carefully before installing.
What We Found(3 issues)
Each card explains what was found and what it means in plain English. Click "Technical details" for the full breakdown.
Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.GEMINI_API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.OPENAI_API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.GEMINI_API_KEYFinding Summary
0
Critical
3
High
0
Medium
0
Low
0
Info