/ 100

5 days ago

npm

DinanathDash/Envault

MCP server for Envault CLI operations

→ DinanathDash/Envault· npm: @dinanathdash/envault-mcp-server· listed on npm

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

npm

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Secret credentials may flow to a network call

1 flow detected: SUPABASE_SERVICE_ROLE_KEY. We can’t prove the destination matches the brand the credential belongs to.

⚠️

Known vulnerabilities in dependencies: 8 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 10 credentials: BREVO_API_KEY, CRON_SECRET, ENCRYPTION_KEY, ENVAULT_AGENT_SECRET, ENVAULT_GITHUB_WEBHOOK_SECRET, ENVAULT_SESSION_KEY_SECRET, ENVAULT_TOKEN, GOOGLE_GENERATIVE_AI_API_KEY, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

🔐 secretBREVO_API_KEY

🔐 secretCRON_SECRET

configEMAIL_DOMAIN

configEMAIL_PUBLIC_APP_URL

🔐 secretENCRYPTION_KEY— your-64-char-hex-key

configENVAULT_AGENT_ID

configENVAULT_AGENT_MODEL

🔐 secretENVAULT_AGENT_SECRET

configENVAULT_BASE_URL— For one-command envault run local app startup, prefer hosted API fetch-first behavior by not setting ENVAULT_CLI_URL/.

configENVAULT_GITHUB_APP_CLIENT_ID

🔐 secretENVAULT_GITHUB_WEBHOOK_SECRET

configENVAULT_SDK_MIN_SUPPORTED_VERSION

🔐 secretENVAULT_SESSION_KEY_SECRET

configENVAULT_TEST_AGENT_ID

configENVAULT_TEST_APPROVAL_URL

configENVAULT_TEST_ENVIRONMENT

configENVAULT_TEST_PLATFORM

configENVAULT_TEST_PROJECT_ID

🔐 secretENVAULT_TOKEN

🔐 secretGOOGLE_GENERATIVE_AI_API_KEY

configINIT_CWD

configNEXT_PUBLIC_API_SIGNATURE_SALT— your-secure-random-hmac-secret

configNEXT_PUBLIC_APP_URL

configNEXT_PUBLIC_GITHUB_APP_NAME

🔐 secretNEXT_PUBLIC_SUPABASE_ANON_KEY— your-anon-key

configNEXT_PUBLIC_SUPABASE_URL— your-project-url

configRELEASE_TARGET

🔐 secretSUPABASE_SERVICE_ROLE_KEY— your-service-role-key

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/dinanathdash-envault-mcp-server-a1tnyx)](https://m8ven.ai/mcp/dinanathdash-envault-mcp-server-a1tnyx)

commit: 4450183066243ec8b29978abcc36b5205e75670f

code hash: 67e38c99e03dbdc1b4d244c1a508c54c5bd39dba633a589b10faef880bf33522

verified: 6/16/2026, 12:41:51 PM

view raw JSON →