File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- scripts/init-mcporter-oauth.sh:77
Security audit
Maverick Confluence Mcp
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed Confluence connector that stores Atlassian OAuth credentials locally and uses them to access Confluence through Atlassian's hosted MCP service.
Install only if you want an agent to access Confluence using your Atlassian permissions. Keep the OAuth values private, review any create, update, publish, or comment actions before they run, and revoke the Atlassian OAuth grant when you no longer need this skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
Detected: suspicious.exposed_secret_literal