npm · registry.npmjs.org

mcp-server-kubernetes

Credential file access: matched "KUBECONFIG"

Why PkgRadar flagged 3.6.2

Severity	Signal	Evidence
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/exec_in_pod.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/helm-operations.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-apply.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-context.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-create.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-delete.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-describe.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-generic.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-get.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-logs.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-operations.js
high	Credential file access	matched "KUBECONFIG" · package/dist/tools/kubectl-patch.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.6.2`	Review	18	2026-06-09
`3.7.0`	Review	18	2026-06-09
`3.8.0`	Review	18	2026-06-09
`3.9.0`	Review	3	2026-06-09
`3.6.1`	Review	18	2026-06-09

Block this in CI

PkgRadar gates mcp-server-kubernetes (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]