✓ Security: Safe · 100 100/100 · grade A scanned 38m ago
✓ no compromise signals 16 risk-surface · 5/20 OWASP controls flagged
Only compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score. Dangerous-by-capability traits are risk surface , expected for some capabilities. Every finding is mapped to the OWASP control it belongs to below.
What this capability can do · med confidence (static)
⚑ network ⚑ secrets
egress → discuss.hashicorp.com., support.hashicorp.com, discuss.hashicorp.com, docs.github.com, modelcontextprotocol.io, www.docker.com, app.terraform.io, code.visualstudio.com +28
Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10 . Expand any flagged control for the exact findings — compromise reduces the score; expected /risk-surface do not.
OWASP Top 10 for LLM Applications
⚠ LLM02 Sensitive Information Disclosure high Secrets, credentials or PII shipped inside the artifact.
• Embedded credentials — found: hardcoded credential · hashicorp-terraform-mcp-server-d020979/pkg/client/middleware_test.go (CWE-798)expected
• Embedded credentials — found: private key · hashicorp-terraform-mcp-server-d020979/pkg/client/tls_test.go (CWE-798)expected
⚠ LLM06 Excessive Agency high Over-broad tool/permission surface or unrestricted egress.
• External endpoints declared — 1 distinct host(s) · hashicorp-terraform-mcp-server-d020979/.github/ISSUE_TEMPLATE/bug_report.md expected
• External endpoints declared — 2 distinct host(s) · hashicorp-terraform-mcp-server-d020979/.github/ISSUE_TEMPLATE/config.yml expected
• External endpoints declared — 4 distinct host(s) · hashicorp-terraform-mcp-server-d020979/.release/oss-release-metadata.hcl expected
• Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege · hashicorp-terraform-mcp-server-d020979/README.md (CWE-272)risk surface
• External endpoints declared — 19 distinct host(s) · hashicorp-terraform-mcp-server-d020979/README.md expected
• Egress to a private/loopback host — 127.0.0.1, [::1] · hashicorp-terraform-mcp-server-d020979/e2e/cors_e2e_test.go (CWE-918)expected
• External endpoints declared — 7 distinct host(s) · hashicorp-terraform-mcp-server-d020979/e2e/cors_e2e_test.go expected
• External endpoints declared — 3 distinct host(s) · hashicorp-terraform-mcp-server-d020979/pkg/client/middleware.go expected
• External endpoints declared — 15 distinct host(s) · hashicorp-terraform-mcp-server-d020979/pkg/client/middleware_test.go expected
⚠ LLM07 System Prompt Leakage high Secrets, internal hosts or proprietary logic exposed in shipped prompts.
• Internal host / private infrastructure reference — shipped content references a private IP range or internal-only host · hashicorp-terraform-mcp-server-d020979/cmd/terraform-mcp-server/config_test.go (CWE-200)expected
• Embedded credentials — found: hardcoded credential · hashicorp-terraform-mcp-server-d020979/pkg/client/middleware_test.go (CWE-798)expected
• Embedded credentials — found: private key · hashicorp-terraform-mcp-server-d020979/pkg/client/tls_test.go (CWE-798)expected
⚠ LLM05 Improper Output Handling medium Code that pipes model/user output into shell, eval, SQL or paths unsafely.
• Path traversal sequences — '../' present in content or name · hashicorp-terraform-mcp-server-d020979/instructions/example-AGENTS.md (CWE-22)expected
§ LLM09 Misinformation Governance Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
◷ LLM10 Unbounded Consumption Runtime-enforced Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
✓ LLM01 Prompt Injection Passed
✓ LLM03 Supply Chain Passed
✓ LLM04 Data and Model Poisoning Passed Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
✓ LLM08 Vector and Embedding Weaknesses Passed PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
OWASP Machine Learning Security Top 10
⚠ ML09 Output Integrity medium Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
• Path traversal sequences — '../' present in content or name · hashicorp-terraform-mcp-server-d020979/instructions/example-AGENTS.md (CWE-22)expected
§ ML01 Input Manipulation (Adversarial) Governance Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
§ ML03 Model Inversion Governance Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ ML04 Membership Inference Governance Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
§ ML08 Model Skewing Governance Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
✓ ML02 Data Poisoning Passed Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
✓ ML05 Model Theft Passed Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
✓ ML06 AI Supply Chain Passed
✓ ML07 Transfer Learning Attack Passed Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
✓ ML10 Model Poisoning (Weights) Passed Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.
Other findings (9) · hygiene / uncategorized • Unrecognized file type — '.hcl' is not on the allowlist · hashicorp-terraform-mcp-server-d020979/.copywrite.hcl risk surface
• Unrecognized file type — '.gitignore' is not on the allowlist · hashicorp-terraform-mcp-server-d020979/.gitignore risk surface
• Unrecognized file type — '.go-version' is not on the allowlist · hashicorp-terraform-mcp-server-d020979/.go-version risk surface
• Unrecognized file type — '.?' is not on the allowlist · hashicorp-terraform-mcp-server-d020979/CODEOWNERS risk surface
• Suspicious network references — raw IP URL (15 URLs) · hashicorp-terraform-mcp-server-d020979/e2e/cors_e2e_test.go expected
• Unrecognized file type — '.mod' is not on the allowlist · hashicorp-terraform-mcp-server-d020979/go.mod risk surface
• Unrecognized file type — '.sum' is not on the allowlist · hashicorp-terraform-mcp-server-d020979/go.sum risk surface
• Suspicious network references — raw IP URL (6 URLs) · hashicorp-terraform-mcp-server-d020979/pkg/client/middleware.go expected
• Suspicious network references — raw IP URL (67 URLs) · hashicorp-terraform-mcp-server-d020979/pkg/client/middleware_test.go expected
✔ verified source · pinned hashicorp-terraform-mcp-server-d020979 · changed since last scan (+42 pts) · +egress discuss.hashicorp.com., support.hashicorp.com, discuss.hashicorp.com, docs.github.com, modelcontextprotocol.io, www.docker.com, code.visualstudio.com, img.shields.io, vscode.dev, insiders.vscode.dev, cursor.com, docs.aws.amazon.com, kiro.dev, docs.claude.com, bob.ibm.com, developer.hashicorp.com, tfe.company.com, ide.company.com, www.hashicorp.com, hashicorp.atlassian.net, static.modelcontextprotocol.io
Check against a policy
The same gate an agent runs before installing (POST /api/v1/trust/terraform-mcp-server/check). Click a policy:
No shell/exec No unknown egress Grade B or better No secrets access No install hooks Strict (B+ · no shell · no egress)