secrets-audit.txt•3.67 kB
# MCP Servers Secrets Audit - Checking Against "No Secrets Required"
## SERVERS THAT REQUIRE SECRETS (MUST REMOVE)
### Communication & Collaboration
❌ **slack** - Requires Slack API token/OAuth
❌ **discord** - Requires Discord bot token
❌ **notion** - Requires Notion API key
### Project Management
❌ **linear** - Requires Linear API key
❌ **jira** - Requires Atlassian API credentials
❌ **asana** - Requires Asana API key
### CRM & Sales
❌ **salesforce** - Requires Salesforce credentials/OAuth
❌ **hubspot** - Requires HubSpot API key
❌ **intercom** - Requires Intercom API key
### Cloud Storage & Productivity
❌ **google-drive** - Requires Google OAuth/service account
❌ **dropbox** - Requires Dropbox API key
❌ **gmail** - Requires Google OAuth/credentials
### Databases (Cloud)
❌ **postgresql** - Requires connection string with credentials
❌ **mongodb** - Requires MongoDB connection string/auth
❌ **redis** - Requires Redis connection details/auth
### Payments & E-commerce
❌ **stripe** - Requires Stripe API keys (secret key)
❌ **paypal** - Requires PayPal API credentials
❌ **shopify** - Requires Shopify API key
### AI & ML Services
❌ **openai** - Requires OpenAI API key
❌ **anthropic** - Requires Anthropic API key
### Analytics & Monitoring
❌ **google-analytics** - Requires Google Analytics credentials
❌ **sentry** - Requires Sentry API key/DSN
### Cloud Services
❌ **aws-lambda** - Requires AWS credentials/IAM
❌ **aws-s3** - Requires AWS credentials/IAM
### Social Media
❌ **twitter** - Requires Twitter API keys
❌ **reddit** - May require Reddit API credentials
❌ **hackernews** - Actually might be OK (public API)
## SERVERS THAT ARE OK (NO SECRETS)
### Development & Infrastructure
✅ **figma-dev** - May work locally without API (need to verify)
✅ **docker** - Local Docker daemon, no secrets
✅ **terraform** - File operations, no cloud credentials needed
✅ **kubernetes** - Local kubectl config, no additional secrets
✅ **git** - Local git operations, no remote auth needed
✅ **github** - Actually NO, requires GitHub token
✅ **filesystem** - Local file operations only
### Databases (Local)
✅ **sqlite** - Local database file, no auth
### Web & Content
✅ **web-search** - Uses public search without API keys
✅ **web-scraper** - Public web scraping
✅ **fetch** - HTTP requests to public URLs
✅ **hackernews** - Public API, no auth
### Data Processing
✅ **csv-processor** - Local file processing
✅ **json-tools** - Local data processing
✅ **excel-converter** - Local file conversion
✅ **markitdown** - Local document conversion
✅ **pandoc** - Local document conversion
✅ **pdf-processor** - Local PDF processing
### System Administration
✅ **ssh-tools** - Uses local SSH config, no additional secrets
✅ **terminal** - Local terminal access
✅ **system-monitor** - Local system info
### Testing & Automation
✅ **browser-automation** - Local browser control
✅ **python-sandbox** - Local code execution
✅ **javascript-sandbox** - Local code execution
### Productivity & AI
✅ **time** - Local time operations
✅ **memory** - Local memory storage
✅ **sequential-thinking** - Local AI reasoning
## REVISED COUNT: ~20 NO-SECRETS SERVERS
I need to drastically reduce the list to only servers that actually work without any API keys, tokens, or credentials.
## CATEGORIES TO FOCUS ON:
- Local development tools (Docker, Git, filesystem)
- Local data processing (CSV, JSON, PDF)
- Public APIs without auth (Hacker News, web scraping)
- Local system tools (terminal, browser automation)
- Local AI reasoning (sequential thinking, memory)