From 51d083fc1eafa7f1e5802711ede6cbe615662ca2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Mar 2026 13:45:51 +0000 Subject: [PATCH 1/7] Initial plan From 742dff0c44b24478fde19676c323448bd91ac254 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Mar 2026 13:46:53 +0000 Subject: [PATCH 2/7] chore: outline plan for security clarification update Co-authored-by: cablate <85614048+cablate@users.noreply.github.com> --- package-lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index eed94ce..e76e981 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@cablate/mcp-google-map", - "version": "0.0.18", + "version": "0.0.19", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@cablate/mcp-google-map", - "version": "0.0.18", + "version": "0.0.19", "license": "MIT", "dependencies": { "@googlemaps/google-maps-services-js": "^3.4.0", From f03c77a17fa1238ff7394e1db893d503bb816d94 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Mar 2026 13:47:59 +0000 Subject: [PATCH 3/7] docs: add enterprise security clarification matrix and hide API key in logs Co-authored-by: cablate <85614048+cablate@users.noreply.github.com> --- README.md | 30 ++++++++++++++++++++++++++++++ src/core/BaseMcpServer.ts | 2 +- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3441354..e61e79d 100644 --- a/README.md +++ b/README.md @@ -238,6 +238,36 @@ src/ - Input validation using Zod schemas - Error handling and logging +### Security Assessment Clarifications (2026-03) + +For enterprise security reviews, the current implementation can be summarized as follows: + +| # | Security check type | Clarification for this repository | +|---|---|---| +| 1 | Licensing & Legal Compliance | MIT License (commercial/internal/modification/distribution allowed under MIT terms). | +| 2 | Data Protection & Privacy Laws | The server is stateless for business data and only proxies user-provided query parameters to Google Maps APIs; no database or file persistence of prompt/result payloads is implemented. Operators remain responsible for legal basis, retention policy, and regional compliance in their own deployment. | +| 3 | Infrastructure & Deployment Security | Self-hosted Node.js service. API keys can be provided by header/CLI/env and should be restricted in Google Cloud (API scope + IP/referrer), rotated, and managed in a secret manager. | +| 4 | Long-Term Viability Risk | Open-source project with public commit/release history; users can pin versions/tags for controlled adoption. | +| 5 | Unexpected RCE / Code Attacks | No eval/plugin runtime/shell execution path from tool input. Inputs are validated and used as API request parameters only. | +| 6 | Tool Contamination Attacks | No persistent cache/storage for tool outputs. Session state is in-memory and contains transport/API-key context only. | +| 7 | Shadowing Attack | Tools are statically registered at server startup; no dynamic tool download or runtime override mechanism is provided by this repository. | +| 8 | Credential Theft | Secret in scope is mainly Google Maps API key. This project supports header/CLI/env injection and should be deployed with secret-manager storage, restricted keys, key rotation, and transport security (HTTPS via trusted proxy/ingress in production). | +| 9 | Verification of MCP Server Provider | Source code is publicly auditable in `cablate/mcp-google-map` with visible maintainership and issue/PR history. | +| 10 | Verification of Information Handled | Tool output is sourced from Google Maps Platform responses; the server does not persist or transform data beyond formatting responses. | +| 11 | Authentication methods and permissions | No internal user/role system exists in this MCP server. Access control should be enforced at deployment boundary (network policy, reverse proxy auth, API gateway) and by Google API key restrictions. | +| 12 | AI Agent Execution Environment Verification | Repository does not ship hard-coded credentials; `.env.example` contains placeholders only. | +| 13 | MCP Server Settings / Version Verification | Use pinned package versions/tags/commit SHAs in your deployment pipeline for controlled upgrades. | +| 14 | Verify connected MCP servers during prompt input | This is controlled by the MCP client/host application, not by this server. This repository exposes one MCP endpoint (`/mcp`) and does not manage other connected servers. | +| 15 | Account/DB/container/SQL management | Not applicable: this server does not include DB connectors or SQL execution features. | +| 16 | Logging, Monitoring, Log Query | Basic stdout/stderr logging is provided. Centralized log retention/query/alerting is not built in and should be implemented by the host platform (for example, container logs + SIEM). | +| 17 | Post-Approval Malicious Update Risk | Mitigate by pinning exact package versions, reviewing changelogs/commits before upgrade, and using internal artifact approval/signing workflows. | +| 18 | Outdated Dependencies | Dependencies are managed in `package.json`/`package-lock.json`. Operators should run routine dependency scanning (for example, `npm audit`, SCA in CI) and patch regularly. | +| 19 | Environmental Damage due to Auto-Approval | Current tools call Google Maps APIs and do not provide local file/system mutation operations; risk mainly depends on client-side auto-approval policy and surrounding toolchain composition. | +| 20 | Intent/Objective Tampering | No autonomous goal-modification logic exists in this repository; behavior is bounded by MCP tool schemas and request handlers. | +| 21 | Human Operation Risk | Main risks are deployment misconfiguration (unrestricted API keys, exposed endpoint, missing TLS, over-broad network access). Use change control + least privilege. | +| 22 | Lag Pull Attack | The server returns real-time API responses per request and does not cache historical outputs; stale-decision risk is primarily on client orchestration and human review timing. | +| 23 | Cost-related information | Open-source, self-hosted server code (free). Google Maps Platform usage may incur API charges based on your Google Cloud billing plan. | + ## License MIT diff --git a/src/core/BaseMcpServer.ts b/src/core/BaseMcpServer.ts index a73e9bb..3d00120 100644 --- a/src/core/BaseMcpServer.ts +++ b/src/core/BaseMcpServer.ts @@ -82,7 +82,7 @@ export class BaseMcpServer { const apiKeyManager = ApiKeyManager.getInstance(); const requestApiKey = apiKeyManager.getApiKey(req); - Logger.log(`${this.serverName} Get API KEY: ${requestApiKey}`) + Logger.log(`${this.serverName} API key received from request context`); if (sessionId && this.sessions[sessionId]) { // Reuse existing session From 9b64c44ba60a9a7a2e3e424c094ea6446ecef739 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Mar 2026 13:52:43 +0000 Subject: [PATCH 4/7] docs: move 23 security clarifications to standalone Chinese document Co-authored-by: cablate <85614048+cablate@users.noreply.github.com> --- README.md | 30 +++--------------------------- SECURITY_ASSESSMENT_ZH.md | 31 +++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 27 deletions(-) create mode 100644 SECURITY_ASSESSMENT_ZH.md diff --git a/README.md b/README.md index e61e79d..8688301 100644 --- a/README.md +++ b/README.md @@ -240,33 +240,9 @@ src/ ### Security Assessment Clarifications (2026-03) -For enterprise security reviews, the current implementation can be summarized as follows: - -| # | Security check type | Clarification for this repository | -|---|---|---| -| 1 | Licensing & Legal Compliance | MIT License (commercial/internal/modification/distribution allowed under MIT terms). | -| 2 | Data Protection & Privacy Laws | The server is stateless for business data and only proxies user-provided query parameters to Google Maps APIs; no database or file persistence of prompt/result payloads is implemented. Operators remain responsible for legal basis, retention policy, and regional compliance in their own deployment. | -| 3 | Infrastructure & Deployment Security | Self-hosted Node.js service. API keys can be provided by header/CLI/env and should be restricted in Google Cloud (API scope + IP/referrer), rotated, and managed in a secret manager. | -| 4 | Long-Term Viability Risk | Open-source project with public commit/release history; users can pin versions/tags for controlled adoption. | -| 5 | Unexpected RCE / Code Attacks | No eval/plugin runtime/shell execution path from tool input. Inputs are validated and used as API request parameters only. | -| 6 | Tool Contamination Attacks | No persistent cache/storage for tool outputs. Session state is in-memory and contains transport/API-key context only. | -| 7 | Shadowing Attack | Tools are statically registered at server startup; no dynamic tool download or runtime override mechanism is provided by this repository. | -| 8 | Credential Theft | Secret in scope is mainly Google Maps API key. This project supports header/CLI/env injection and should be deployed with secret-manager storage, restricted keys, key rotation, and transport security (HTTPS via trusted proxy/ingress in production). | -| 9 | Verification of MCP Server Provider | Source code is publicly auditable in `cablate/mcp-google-map` with visible maintainership and issue/PR history. | -| 10 | Verification of Information Handled | Tool output is sourced from Google Maps Platform responses; the server does not persist or transform data beyond formatting responses. | -| 11 | Authentication methods and permissions | No internal user/role system exists in this MCP server. Access control should be enforced at deployment boundary (network policy, reverse proxy auth, API gateway) and by Google API key restrictions. | -| 12 | AI Agent Execution Environment Verification | Repository does not ship hard-coded credentials; `.env.example` contains placeholders only. | -| 13 | MCP Server Settings / Version Verification | Use pinned package versions/tags/commit SHAs in your deployment pipeline for controlled upgrades. | -| 14 | Verify connected MCP servers during prompt input | This is controlled by the MCP client/host application, not by this server. This repository exposes one MCP endpoint (`/mcp`) and does not manage other connected servers. | -| 15 | Account/DB/container/SQL management | Not applicable: this server does not include DB connectors or SQL execution features. | -| 16 | Logging, Monitoring, Log Query | Basic stdout/stderr logging is provided. Centralized log retention/query/alerting is not built in and should be implemented by the host platform (for example, container logs + SIEM). | -| 17 | Post-Approval Malicious Update Risk | Mitigate by pinning exact package versions, reviewing changelogs/commits before upgrade, and using internal artifact approval/signing workflows. | -| 18 | Outdated Dependencies | Dependencies are managed in `package.json`/`package-lock.json`. Operators should run routine dependency scanning (for example, `npm audit`, SCA in CI) and patch regularly. | -| 19 | Environmental Damage due to Auto-Approval | Current tools call Google Maps APIs and do not provide local file/system mutation operations; risk mainly depends on client-side auto-approval policy and surrounding toolchain composition. | -| 20 | Intent/Objective Tampering | No autonomous goal-modification logic exists in this repository; behavior is bounded by MCP tool schemas and request handlers. | -| 21 | Human Operation Risk | Main risks are deployment misconfiguration (unrestricted API keys, exposed endpoint, missing TLS, over-broad network access). Use change control + least privilege. | -| 22 | Lag Pull Attack | The server returns real-time API responses per request and does not cache historical outputs; stale-decision risk is primarily on client orchestration and human review timing. | -| 23 | Cost-related information | Open-source, self-hosted server code (free). Google Maps Platform usage may incur API charges based on your Google Cloud billing plan. | +For enterprise security reviews, see the standalone document: + +- [Security Assessment Clarifications(中文,23 項)](./SECURITY_ASSESSMENT_ZH.md) ## License diff --git a/SECURITY_ASSESSMENT_ZH.md b/SECURITY_ASSESSMENT_ZH.md new file mode 100644 index 0000000..ab7c0d2 --- /dev/null +++ b/SECURITY_ASSESSMENT_ZH.md @@ -0,0 +1,31 @@ +# Security Assessment Clarifications(中文) + +> 更新日期:2026-03 + +以下內容用於企業安全審查,對應 23 項安全檢查類型,並以目前 `cablate/mcp-google-map` 實作為準。 + +| # | 安全檢查類型 | 說明(本專案) | +|---|---|---| +| 1 | Licensing & Legal Compliance | 採用 MIT License,允許商業使用、內部使用、修改與再散佈(需保留授權聲明)。 | +| 2 | Data Protection & Privacy Laws | 伺服器本身不做資料庫/檔案持久化,主要將請求參數轉送至 Google Maps API;實際法遵(個資、跨境、保存政策)由部署方負責。 | +| 3 | Infrastructure & Deployment Security | 為自託管 Node.js 服務;API Key 可由 header/CLI/env 提供,建議在 GCP 做來源與 API 範圍限制、定期輪替並使用祕密管理。 | +| 4 | Long-Term Viability Risk | 專案為公開維護,具公開 commit/release 歷史;使用方可採版本鎖定策略降低風險。 | +| 5 | Unexpected RCE and Code Attacks | 無 eval、無外掛執行引擎、無 shell 執行路徑;輸入僅作為 API 參數。 | +| 6 | Tool Contamination Attacks | 無持久化快取或內建儲存;不會跨重啟保留工具結果。 | +| 7 | Shadowing Attack | 工具於啟動時靜態註冊;無動態下載/覆寫工具機制。 | +| 8 | Credential Theft | 主要敏感資訊為 Google Maps API Key;應使用祕密管理、最小權限限制、金鑰輪替與 HTTPS/受信任入口。 | +| 9 | Verification of MCP Server Providers | 原始碼公開可稽核,維護者與社群互動可追蹤,非匿名來源。 | +| 10 | Verification of Information Handled | 輸出主要來自 Google Maps Platform;本伺服器不做資料庫落地與長期再利用。 | +| 11 | Authentication methods and permissions | 本專案無內建使用者/角色模型;存取控制需由反向代理、API Gateway、網路策略等外部機制提供。 | +| 12 | Verification of AI Agent Execution Environment | 倉庫未內嵌真實憑證;`.env.example` 僅為範例佔位。 | +| 13 | Configure MCP Server Settings (Version Verification/Fixing) | 建議在部署流程固定版本(package version/tag/commit SHA),並在升級前做審核。 | +| 14 | Verify MCP Server Connection Status During Prompt Input | 是否連到哪些 MCP server 屬客戶端/主控平台責任;本服務僅提供單一 `/mcp` 端點。 | +| 15 | Listing and managing accounts/DBs/containers, SQL queries | 不適用:本專案無 DB 連線、無 SQL 查詢執行能力。 | +| 16 | Logging, Monitoring, and Log Query Capabilities | 提供基本 stdout/stderr 記錄;集中化查詢、保留、告警需由部署平台(如 SIEM)實作。 | +| 17 | Post-Approval Malicious Update Risk | 建議固定依賴版本、審核更新內容、採內部 artifact 核准/簽章流程。 | +| 18 | Outdated Dependencies | 依賴由 `package.json`/`package-lock.json` 管理;建議定期執行 SCA/`npm audit` 與修補流程。 | +| 19 | Environmental Damage due to Auto-Approval | 目前工具主要呼叫 Google Maps API,無本地檔案/系統破壞型工具;風險主要取決於客戶端自動核准策略。 | +| 20 | Intent/Objective Tampering | 無自主改寫目標的機制;行為受 MCP tool schema 與 handler 約束。 | +| 21 | Human Operation | 主要人為風險為錯誤配置(未限制金鑰、端點暴露、無 TLS、網路權限過大);需落實最小權限與變更控管。 | +| 22 | Lag Pull Attack | 本服務即時向上游 API 取資料且不做持久化快取;延遲/過時決策風險多在客戶端流程與人工審核。 | +| 23 | Cost-related information | 本 MCP server 程式碼為開源自託管(免費);Google Maps API 依 GCP 計費方案可能產生費用。 | From 33ba80169e1a5398ce4a19ea3b8c6c74aa766851 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Mar 2026 13:56:43 +0000 Subject: [PATCH 5/7] docs: keep standalone security clarification file in English Co-authored-by: cablate <85614048+cablate@users.noreply.github.com> --- README.md | 2 +- SECURITY_ASSESSMENT_ZH.md | 54 +++++++++++++++++++-------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 8688301..553e8ee 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,7 @@ src/ For enterprise security reviews, see the standalone document: -- [Security Assessment Clarifications(中文,23 項)](./SECURITY_ASSESSMENT_ZH.md) +- [Security Assessment Clarifications (23 items)](./SECURITY_ASSESSMENT_ZH.md) ## License diff --git a/SECURITY_ASSESSMENT_ZH.md b/SECURITY_ASSESSMENT_ZH.md index ab7c0d2..be1e753 100644 --- a/SECURITY_ASSESSMENT_ZH.md +++ b/SECURITY_ASSESSMENT_ZH.md @@ -1,31 +1,31 @@ -# Security Assessment Clarifications(中文) +# Security Assessment Clarifications -> 更新日期:2026-03 +> Updated: 2026-03 -以下內容用於企業安全審查,對應 23 項安全檢查類型,並以目前 `cablate/mcp-google-map` 實作為準。 +For enterprise security reviews, the current implementation can be summarized as follows: -| # | 安全檢查類型 | 說明(本專案) | +| # | Security check type | Clarification for this repository | |---|---|---| -| 1 | Licensing & Legal Compliance | 採用 MIT License,允許商業使用、內部使用、修改與再散佈(需保留授權聲明)。 | -| 2 | Data Protection & Privacy Laws | 伺服器本身不做資料庫/檔案持久化,主要將請求參數轉送至 Google Maps API;實際法遵(個資、跨境、保存政策)由部署方負責。 | -| 3 | Infrastructure & Deployment Security | 為自託管 Node.js 服務;API Key 可由 header/CLI/env 提供,建議在 GCP 做來源與 API 範圍限制、定期輪替並使用祕密管理。 | -| 4 | Long-Term Viability Risk | 專案為公開維護,具公開 commit/release 歷史;使用方可採版本鎖定策略降低風險。 | -| 5 | Unexpected RCE and Code Attacks | 無 eval、無外掛執行引擎、無 shell 執行路徑;輸入僅作為 API 參數。 | -| 6 | Tool Contamination Attacks | 無持久化快取或內建儲存;不會跨重啟保留工具結果。 | -| 7 | Shadowing Attack | 工具於啟動時靜態註冊;無動態下載/覆寫工具機制。 | -| 8 | Credential Theft | 主要敏感資訊為 Google Maps API Key;應使用祕密管理、最小權限限制、金鑰輪替與 HTTPS/受信任入口。 | -| 9 | Verification of MCP Server Providers | 原始碼公開可稽核,維護者與社群互動可追蹤,非匿名來源。 | -| 10 | Verification of Information Handled | 輸出主要來自 Google Maps Platform;本伺服器不做資料庫落地與長期再利用。 | -| 11 | Authentication methods and permissions | 本專案無內建使用者/角色模型;存取控制需由反向代理、API Gateway、網路策略等外部機制提供。 | -| 12 | Verification of AI Agent Execution Environment | 倉庫未內嵌真實憑證;`.env.example` 僅為範例佔位。 | -| 13 | Configure MCP Server Settings (Version Verification/Fixing) | 建議在部署流程固定版本(package version/tag/commit SHA),並在升級前做審核。 | -| 14 | Verify MCP Server Connection Status During Prompt Input | 是否連到哪些 MCP server 屬客戶端/主控平台責任;本服務僅提供單一 `/mcp` 端點。 | -| 15 | Listing and managing accounts/DBs/containers, SQL queries | 不適用:本專案無 DB 連線、無 SQL 查詢執行能力。 | -| 16 | Logging, Monitoring, and Log Query Capabilities | 提供基本 stdout/stderr 記錄;集中化查詢、保留、告警需由部署平台(如 SIEM)實作。 | -| 17 | Post-Approval Malicious Update Risk | 建議固定依賴版本、審核更新內容、採內部 artifact 核准/簽章流程。 | -| 18 | Outdated Dependencies | 依賴由 `package.json`/`package-lock.json` 管理;建議定期執行 SCA/`npm audit` 與修補流程。 | -| 19 | Environmental Damage due to Auto-Approval | 目前工具主要呼叫 Google Maps API,無本地檔案/系統破壞型工具;風險主要取決於客戶端自動核准策略。 | -| 20 | Intent/Objective Tampering | 無自主改寫目標的機制;行為受 MCP tool schema 與 handler 約束。 | -| 21 | Human Operation | 主要人為風險為錯誤配置(未限制金鑰、端點暴露、無 TLS、網路權限過大);需落實最小權限與變更控管。 | -| 22 | Lag Pull Attack | 本服務即時向上游 API 取資料且不做持久化快取;延遲/過時決策風險多在客戶端流程與人工審核。 | -| 23 | Cost-related information | 本 MCP server 程式碼為開源自託管(免費);Google Maps API 依 GCP 計費方案可能產生費用。 | +| 1 | Licensing & Legal Compliance | MIT License (commercial/internal/modification/distribution allowed under MIT terms). | +| 2 | Data Protection & Privacy Laws | The server is stateless for business data and only proxies user-provided query parameters to Google Maps APIs; no database or file persistence of prompt/result payloads is implemented. Operators remain responsible for legal basis, retention policy, and regional compliance in their own deployment. | +| 3 | Infrastructure & Deployment Security | Self-hosted Node.js service. API keys can be provided by header/CLI/env and should be restricted in Google Cloud (API scope + IP/referrer), rotated, and managed in a secret manager. | +| 4 | Long-Term Viability Risk | Open-source project with public commit/release history; users can pin versions/tags for controlled adoption. | +| 5 | Unexpected RCE / Code Attacks | No eval/plugin runtime/shell execution path from tool input. Inputs are validated and used as API request parameters only. | +| 6 | Tool Contamination Attacks | No persistent cache/storage for tool outputs. Session state is in-memory and contains transport/API-key context only. | +| 7 | Shadowing Attack | Tools are statically registered at server startup; no dynamic tool download or runtime override mechanism is provided by this repository. | +| 8 | Credential Theft | Secret in scope is mainly Google Maps API key. This project supports header/CLI/env injection and should be deployed with secret-manager storage, restricted keys, key rotation, and transport security (HTTPS via trusted proxy/ingress in production). | +| 9 | Verification of MCP Server Provider | Source code is publicly auditable in `cablate/mcp-google-map` with visible maintainership and issue/PR history. | +| 10 | Verification of Information Handled | Tool output is sourced from Google Maps Platform responses; the server does not persist or transform data beyond formatting responses. | +| 11 | Authentication methods and permissions | No internal user/role system exists in this MCP server. Access control should be enforced at deployment boundary (network policy, reverse proxy auth, API gateway) and by Google API key restrictions. | +| 12 | AI Agent Execution Environment Verification | Repository does not ship hard-coded credentials; `.env.example` contains placeholders only. | +| 13 | MCP Server Settings / Version Verification | Use pinned package versions/tags/commit SHAs in your deployment pipeline for controlled upgrades. | +| 14 | Verify connected MCP servers during prompt input | This is controlled by the MCP client/host application, not by this server. This repository exposes one MCP endpoint (`/mcp`) and does not manage other connected servers. | +| 15 | Account/DB/container/SQL management | Not applicable: this server does not include DB connectors or SQL execution features. | +| 16 | Logging, Monitoring, Log Query | Basic stdout/stderr logging is provided. Centralized log retention/query/alerting is not built in and should be implemented by the host platform (for example, container logs + SIEM). | +| 17 | Post-Approval Malicious Update Risk | Mitigate by pinning exact package versions, reviewing changelogs/commits before upgrade, and using internal artifact approval/signing workflows. | +| 18 | Outdated Dependencies | Dependencies are managed in `package.json`/`package-lock.json`. Operators should run routine dependency scanning (for example, `npm audit`, SCA in CI) and patch regularly. | +| 19 | Environmental Damage due to Auto-Approval | Current tools call Google Maps APIs and do not provide local file/system mutation operations; risk mainly depends on client-side auto-approval policy and surrounding toolchain composition. | +| 20 | Intent/Objective Tampering | No autonomous goal-modification logic exists in this repository; behavior is bounded by MCP tool schemas and request handlers. | +| 21 | Human Operation Risk | Main risks are deployment misconfiguration (unrestricted API keys, exposed endpoint, missing TLS, over-broad network access). Use change control + least privilege. | +| 22 | Lag Pull Attack | The server returns real-time API responses per request and does not cache historical outputs; stale-decision risk is primarily on client orchestration and human review timing. | +| 23 | Cost-related information | Open-source, self-hosted server code (free). Google Maps Platform usage may incur API charges based on your Google Cloud billing plan. | From 5c38917e5133a28c0295fc3e84efb6858e39b643 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Mar 2026 13:57:15 +0000 Subject: [PATCH 6/7] docs: fix minor wording in standalone security document Co-authored-by: cablate <85614048+cablate@users.noreply.github.com> --- SECURITY_ASSESSMENT_ZH.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY_ASSESSMENT_ZH.md b/SECURITY_ASSESSMENT_ZH.md index be1e753..0707d7b 100644 --- a/SECURITY_ASSESSMENT_ZH.md +++ b/SECURITY_ASSESSMENT_ZH.md @@ -21,7 +21,7 @@ For enterprise security reviews, the current implementation can be summarized as | 13 | MCP Server Settings / Version Verification | Use pinned package versions/tags/commit SHAs in your deployment pipeline for controlled upgrades. | | 14 | Verify connected MCP servers during prompt input | This is controlled by the MCP client/host application, not by this server. This repository exposes one MCP endpoint (`/mcp`) and does not manage other connected servers. | | 15 | Account/DB/container/SQL management | Not applicable: this server does not include DB connectors or SQL execution features. | -| 16 | Logging, Monitoring, Log Query | Basic stdout/stderr logging is provided. Centralized log retention/query/alerting is not built in and should be implemented by the host platform (for example, container logs + SIEM). | +| 16 | Logging, Monitoring, Log Query | Basic stdout/stderr logging is provided. Centralized log retention/query/alerting is not built-in and should be implemented by the host platform (for example, container logs + SIEM). | | 17 | Post-Approval Malicious Update Risk | Mitigate by pinning exact package versions, reviewing changelogs/commits before upgrade, and using internal artifact approval/signing workflows. | | 18 | Outdated Dependencies | Dependencies are managed in `package.json`/`package-lock.json`. Operators should run routine dependency scanning (for example, `npm audit`, SCA in CI) and patch regularly. | | 19 | Environmental Damage due to Auto-Approval | Current tools call Google Maps APIs and do not provide local file/system mutation operations; risk mainly depends on client-side auto-approval policy and surrounding toolchain composition. | From 5889baff04cadafccc6979d9b65e988b49283be4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Mar 2026 14:25:20 +0000 Subject: [PATCH 7/7] docs: rename standalone security file to english filename Co-authored-by: cablate <85614048+cablate@users.noreply.github.com> --- README.md | 2 +- SECURITY_ASSESSMENT_ZH.md => SECURITY_ASSESSMENT.md | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename SECURITY_ASSESSMENT_ZH.md => SECURITY_ASSESSMENT.md (100%) diff --git a/README.md b/README.md index 553e8ee..646ef39 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,7 @@ src/ For enterprise security reviews, see the standalone document: -- [Security Assessment Clarifications (23 items)](./SECURITY_ASSESSMENT_ZH.md) +- [Security Assessment Clarifications (23 items)](./SECURITY_ASSESSMENT.md) ## License diff --git a/SECURITY_ASSESSMENT_ZH.md b/SECURITY_ASSESSMENT.md similarity index 100% rename from SECURITY_ASSESSMENT_ZH.md rename to SECURITY_ASSESSMENT.md