Nano Currency

Lightweight server for sending Nano cryptocurrency, enabling direct blockchain transactions with robust validation and error handling.

ai-ml
GitHub
0Tools
11Findings
9Stars
Downloads
Mar 22, 2026Last Scanned

Findings11

4critical
4high
2medium
1low
0informational
criticalC1Command InjectionMCP03-command-injectionAML.T0054
Pattern "`[^`]+`" matched in source_code: "`NANO_PRIVATE_KEY is required`" (at position 2179)
Replace exec()/execSync() with execFile() and pass arguments as an array, never as a string. Validate all inputs against an allowlist before use in any shell context. For subprocess.run, always pass a list and shell=False.
criticalL9CI/CD Secret Exfiltration PatternsMCP07-insecure-configAML.T0057
Pattern "(?:fetch|axios|request|http\.post|urllib|requests\.post).*(?:process\.env|os\.environ|env\[)" matched in source_code: "fetch(process.env[" (at position 3454)
Never print, log, or transmit CI environment variables containing secrets. Use GitHub Actions '::add-mask::' to prevent accidental secret exposure in logs. Audit all third-party Actions for secret access patterns. Use OIDC tokens instead of long-lived secrets where possible. Restrict secret access to specific workflow jobs and steps. Monitor CI logs for base64-encoded strings.
criticalO5Environment Variable HarvestingMCP04-data-exfiltrationAML.T0057
Pattern "(?:fetch|axios|request|http|https|got|superagent|urllib|httpx).*(?:process\.env|os\.environ|getenv)" matched in source_code: "fetch(process.env" (at position 3454)
Never enumerate the entire process environment. Read only the specific environment variables your tool needs by name (e.g., process.env.DATABASE_URL, not process.env). Never return environment variable values in tool responses. Never send environment variable values in outbound HTTP requests. Use a secret management system (HashiCorp Vault, AWS Secrets Manager) instead of environment variables for credentials.
criticalQ13MCP Bridge Package Supply Chain AttackMCP10-supply-chainAML.T0054
Pattern "["']@modelcontextprotocol/sdk["']\s*:\s*["'](?:\^|~|\*|latest)" matched in source_code: ""@modelcontextprotocol/sdk": "^" (at position 17412)
MCP bridge packages (mcp-remote, mcp-proxy, @modelcontextprotocol/sdk, fastmcp) are high-value supply chain targets — CVE-2025-6514 (CVSS 9.6) in mcp-remote affected 437,000+ installs. Always pin exact versions (no ^ or ~ ranges). Use lockfiles (package-lock.json, pnpm-lock.yaml, uv.lock). Never run `npx mcp-remote` without version pinning. Verify package integrity with `npm audit` or `pip-audit` before deployment. Reference: CVE-2025-6514, OWASP ASI04.
highO8Timing-Based Covert ChannelMCP04-data-exfiltrationAML.T0057
Pattern "(?:delay|sleep|timeout|interval)\s*[:=]\s*(?:[^;]*(?:secret|token|password|credential|key|env))" matched in source_code: "timeout = ONE_MINUTE) { const controller = new AbortController() const timer = setTimeout(() => controller.abort(), timeout) try { const res = await fetch(process.env[envUrl], { ...FETCH_COMMON, signal: controller.signal, body: JSON.stringify({ action, ...payload }), }) if (!res.ok) throw new Error(`HTTP ${res.status}: ${await res.text()}`) const json = await res.json() if (json.error) throw new Error(`RPC Error: ${json.error}`) return json } catch (error) { throw new Error(`[${envUrl}] ${error.message}`) } finally { clearTimeout(timer) } } // ----- function createTextResponse(text) { return { content: [ { type: "text", text }, ], metadata: { server: SERVER_NAME, version: VERSION } } } // ----- function createErrorResponse(error) { return { content: [ { type: 'text', text: `Error: ${error instanceof Error ? error.message : String(error)}` }, ], isError: true, errorCode: error instanceof McpError ? error.code : ErrorCode.INTERNAL_ERROR } } // ----- function convertRawToNano(amount) { return N.convert(String(amount), {from: 'raw', to: 'Nano'}) } // ----- function convertNanoToRaw(amount) { return N.convert(String(amount), {from: 'Nano', to: 'raw'}) } // ----- function getAccount () { return N.deriveAddress(N.derivePublicKey(process.env.NANO_PRIVATE_KEY), { useNanoPrefix: true }) } // ----- function friendlyAmount (balance) { return `${convertRawToNano(balance)} in nano units or ${balance} in raw units` } // ----- const server = new McpServer( { name: SERVER_NAME, version: VERSION } ) // ----- async function getAccountInfo(account) { return ( await rpcCall( NANO_RPC_URL_KEY" (at position 3295)
Remove all code that calculates sleep/delay durations from application data, secrets, or any variable-length content. Tool response times should be constant or determined only by legitimate processing time. If rate limiting is needed, use fixed intervals not derived from data values. Monitor for anomalous response time patterns that could indicate timing-based exfiltration.
highK18Cross-Trust-Boundary Data Flow in Tool ResponseMCP04-data-exfiltrationAML.T0054
Pattern "(?:process\.env|os\.environ|config|settings).*(?:fetch|axios|http|post|send|webhook)" matched in source_code: "process.env.NANO_MAX_SEND_AMOUNT || NANO_MAX_SEND" (at position 2504)
Implement data flow taint tracking: tag data from sensitive sources (databases, credentials, files) and prevent it from flowing to external sinks (HTTP, webhooks, email) without explicit sanitization/redaction. Apply data classification and enforce boundary controls per trust level. Required by ISO 27001 A.5.14 and CoSAI MCP-T5.
highK16Unbounded Recursion / Missing Depth LimitsMCP07-insecure-configAML.T0054
Pattern "function\s+(\w+).*\{[^}]*\1\s*\((?!.*(?:depth|level|limit|max|count|recursi))" matched in source_code: "function rpcCall(envUrl, action, payload, timeout = ONE_MINUTE) { const controller = new AbortController(" (at position 3253)
Add explicit depth/recursion limits to all recursive operations. Use iterative approaches where possible. Set maximum depth for directory walking (max_depth=10), tree traversal (max_level=20), and agent re-invocation (max_calls=5). Implement circuit breakers that halt after N iterations. Required by EU AI Act Art. 15 (robustness) and OWASP ASI08.
highK11Missing Server Integrity VerificationMCP10-supply-chainAML.T0054
Pattern "(connect|load|register|add)[_\s-]?(mcp|server|tool)(?!.*(?:verify|validate|checksum|hash|sign|cert|fingerprint|pin))" matched in source_code: "registerTool" (at position 7347)
Implement cryptographic verification for MCP server connections: (1) Pin server TLS certificates or public keys, (2) Verify server tool definition checksums against a known-good manifest, (3) Use package manager integrity checks (npm integrity, pip --require-hashes). The MCP spec recommends but doesn't yet mandate server signing — implement it proactively. Required by ISO 27001 A.8.24 and CoSAI MCP-T6.
mediumK17Missing Timeout or Circuit BreakerMCP07-insecure-configAML.T0054
Pattern "(?:fetch|axios|got|request|urllib|httpx|http\.get|http\.post)\s*\((?!.*(?:timeout|signal|AbortSignal|deadline|cancel))" matched in source_code: "fetch(" (at position 3454)
Add timeouts to ALL external calls: HTTP requests (30s), database queries (10s), subprocess execution (60s), and MCP tool calls (30s). Implement circuit breakers that open after N consecutive failures (e.g., opossum, cockatiel). Use AbortSignal for cancellable operations. Required by EU AI Act Art. 15 and OWASP ASI08.
mediumC6Error LeakageMCP09-logging-monitoring
Pattern "catch\s*\([^)]*\)\s*\{[^}]*(?:throw|return).*(?:err|error)\.(?:message|stack)" matched in source_code: "catch (error) { throw new Error(`[${envUrl}] ${error.message" (at position 3792)
Return generic error messages to clients. Log detailed errors server-side. Never expose stack traces, file paths, or internal error details in responses.
lowF4MCP Spec Non-ComplianceMCP07-insecure-config
Server fails MCP spec compliance checks: required:server_name; required:server_version; required:protocol_version; recommended:tool_descriptions; recommended:parameter_descriptions
Follow the MCP specification for server metadata. Include server name, version, and protocol version. Provide descriptions for all tools and parameters.

Tools

No tools exposed by this server.

Security Category Deep Dive

Sub-Category Tree · Remediation Roadmap · Attack Stories · Compliance Overlay · ATLAS Techniques · Maturity Model

Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
PI-DIRDirect Input Injection
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
PI-INDIndirect / Gateway Injection
100%4 rules
Hidden instructions via external content and tool responses
PI-CTXContext Manipulation
100%2 rules
Context window saturation and prior-approval exploitation
PI-ENCEncoding & Obfuscation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
PI-TPLTemplate & Output Poisoning
100%2 rules
Injection via prompt templates and runtime tool output
Framework Coverage
OWASP MCP Top 1014/14
MITRE ATLAS14/14
CoSAI MCP2/14
OWASP Agentic Top 1012/14
Kill Chain Phases
0Initial Access
0Defense Evasion
0Execution
0Persistence