DinanathDash/Envault

MCP server for Envault CLI operations

→ DinanathDash/Envault· npm: @dinanathdash/envault-mcp-server· listed on npm

Install from

npm

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Secret credentials may flow to a network call

1 flow detected: SUPABASE_SERVICE_ROLE_KEY. We can’t prove the destination matches the brand the credential belongs to.

⚠️

Known vulnerabilities in dependencies: 1 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 9 credentials: CRON_SECRET, ENVAULT_AGENT_SECRET, ENVAULT_GITHUB_WEBHOOK_SECRET, ENVAULT_SESSION_KEY_SECRET, ENVAULT_TOKEN, GOOGLE_GENERATIVE_AI_API_KEY, NEXT_PUBLIC_SUPABASE_ANON_KEY, RESEND_API_KEY, SUPABASE_SERVICE_ROLE_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

🔐 secretCRON_SECRET

configEMAIL_DOMAIN

configENVAULT_AGENT_MODEL

🔐 secretENVAULT_AGENT_SECRET

configENVAULT_BASE_URL

configENVAULT_GITHUB_APP_CLIENT_ID

🔐 secretENVAULT_GITHUB_WEBHOOK_SECRET

configENVAULT_SDK_MIN_SUPPORTED_VERSION

🔐 secretENVAULT_SESSION_KEY_SECRET

configENVAULT_TEST_AGENT_ID

configENVAULT_TEST_APPROVAL_URL

configENVAULT_TEST_ENVIRONMENT

configENVAULT_TEST_PLATFORM

configENVAULT_TEST_PROJECT_ID

🔐 secretENVAULT_TOKEN

🔐 secretGOOGLE_GENERATIVE_AI_API_KEY

configINIT_CWD

configNEXT_PUBLIC_API_SIGNATURE_SALT— your-secure-random-hmac-secret

configNEXT_PUBLIC_APP_URL

configNEXT_PUBLIC_GITHUB_APP_NAME

🔐 secretNEXT_PUBLIC_SUPABASE_ANON_KEY— your-anon-key

configNEXT_PUBLIC_SUPABASE_URL— your-project-url

configRELEASE_TARGET

🔐 secretRESEND_API_KEY

🔐 secretSUPABASE_SERVICE_ROLE_KEY— your-service-role-key

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/dinanathdash-envault-mcp-server-a1tnyx)](https://m8ven.ai/mcp/dinanathdash-envault-mcp-server-a1tnyx)

commit: 18a2970589fca9f544de63cc2f594cabdeb3b383

code hash: 1d6cffb305843e2140e4f6a543ed8b0c0d2c1cc83be41d12319be114bef72b47

verified: 4/18/2026, 4:08:35 PM

view raw JSON →