Severity: LOW
Location
.github/ (no dependabot.yml), src/server/tools.ts:121-138
Summary
Two small hardening items:
- No Dependabot for
github-actions. Third-party actions are correctly SHA-pinned, but there is no .github/dependabot.yml with package-ecosystem: github-actions, so pins are unmonitored and can silently go stale/unpatched. (A package-ecosystem: npm entry is also worth adding.)
- Loose Zod tool schemas. MCP tool inputs use bare, unbounded
z.string() for name/client and the objects aren't .strict(), so unknown keys are silently dropped and length is unbounded. Runtime checks (validateMcpServerName, CLIENT_IDS) currently carry the load; the Zod layer should be the declarative enforcement point.
Recommended fix
- Add
.github/dependabot.yml for github-actions (and npm).
- Add
.max(256) to name fields, .strict() to the tool input objects, and z.enum(CLIENT_IDS) for client.
Acceptance criteria
Filed from a repo security review.
https://claude.ai/code/session_01XX9sT7kYs1ctQyY2SBg87t
Severity: LOW
Location
.github/(nodependabot.yml),src/server/tools.ts:121-138Summary
Two small hardening items:
github-actions. Third-party actions are correctly SHA-pinned, but there is no.github/dependabot.ymlwithpackage-ecosystem: github-actions, so pins are unmonitored and can silently go stale/unpatched. (Apackage-ecosystem: npmentry is also worth adding.)z.string()forname/clientand the objects aren't.strict(), so unknown keys are silently dropped and length is unbounded. Runtime checks (validateMcpServerName,CLIENT_IDS) currently carry the load; the Zod layer should be the declarative enforcement point.Recommended fix
.github/dependabot.ymlforgithub-actions(andnpm)..max(256)to name fields,.strict()to the tool input objects, andz.enum(CLIENT_IDS)forclient.Acceptance criteria
.strict()with bounded strings and enum client.Filed from a repo security review.
https://claude.ai/code/session_01XX9sT7kYs1ctQyY2SBg87t