PkgRadar

PyPI · pypi.org

finops-mcp

Credential file access: matched "AWS_SECRET_ACCESS_KEY"

Why PkgRadar flagged 0.8.64

SeveritySignalEvidence
mediumCredential file accessmatched "AWS_SECRET_ACCESS_KEY" · finops_mcp-0.8.64/src/finops/doctor.py
mediumCredential file accessmatched "AWS_ACCESS_KEY" · finops_mcp-0.8.64/src/finops/server.py
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · finops_mcp-0.8.64/src/finops/connectors/gcp.py
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · finops_mcp-0.8.64/src/finops/security/oauth/gcp.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.8.64Review1002026-06-13
0.8.63Review1002026-06-13
0.8.62Review1002026-06-13
0.8.61Review1002026-06-12
0.8.60Review1002026-06-10
0.8.59Review1002026-06-10
0.8.58Review1002026-06-10
0.8.57Review1002026-06-10
0.8.56Review1002026-06-09
0.8.55Review1002026-06-08
0.8.54Review1002026-06-08
0.8.53Review1002026-06-07
0.8.52Review1002026-06-06
0.8.51Review1002026-06-06
0.8.50Review1002026-06-06
0.8.49Review1002026-06-06
0.8.48Review1002026-06-06
0.8.47Review1002026-06-06
0.8.46Review1002026-06-04
0.8.45Review1002026-06-04
0.8.44Review1002026-06-04
0.8.43Review1002026-06-04
0.8.42Review1002026-06-03
0.8.41Review1002026-06-03
0.8.40Review1002026-06-03
0.8.39Review1002026-06-03
0.8.38Review1002026-06-02
0.8.37Review1002026-06-02

Block this in CI

PkgRadar gates finops-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi finops-mcp==0.8.64
Start free — 25 scans / moView full evidence