Skip to content

New rule: mcp-env-mismatch #6

Description

@proluct

Danger family: mcp-env-mismatch

An MCP server whose manifest declares one set of environment variables but whose code reads more than it declares, or sweeps the whole environment. The manifest is the user's consent surface; undeclared reads bypass it.

Example pattern: a server manifest declaring a single API key while the server code enumerates the entire process environment or reads unrelated token variables.

To add this rule: one markdown file at skills/skanna/references/rules/mcp-env-mismatch.md (severity floor, signals, why it is dangerous, where it hides, benign look-alikes) plus an inert fixture under examples/ that triggers it. See CONTRIBUTING.md for the template and the verify-by-scan step. This is also a README roadmap item (deeper MCP manifest checks); this rule is the first concrete piece of it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomersnew-ruleA proposed or in-progress detection rule family

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions