Skip to content

Restrict MCP env var injection to safe subset #652

New issue
New issue
Closed
#670
Closed
Restrict MCP env var injection to safe subset#652
#670
Labels
P2Nice-to-have prioritymcpMCP client/serversecuritySecurity hardeningsize/S
@bug-ops

Description

@bug-ops
bug-ops
opened on Feb 19, 2026

Parent: #623

MCP config allows arbitrary env vars to be injected into child processes. Restrict to known-safe subset or warn on suspicious env vars.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Nice-to-have prioritymcpMCP client/serversecuritySecurity hardeningsize/S

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions