Skip to main content
Glama
x0base

mcp-security-toolkit

by x0base
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

sensitive_files_list

Identify sensitive file paths for any tech stack (PHP, WordPress, .NET, Java, Node, Python, K8s, Docker, CI). No network required.

Instructions

Return curated sensitive-path lists for a given tech stack.

Args: stack: Comma-separated stack hints. Supported keys: common, php, wordpress, dotnet, java, node, python, k8s, docker, ci. include_common: If True (default), always include the common set.

Returns: FilesReport with paths (each {path, why}). No network is performed.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
stackNocommon
include_commonNo

Implementation Reference

  • src/mcp_security_toolkit/tools/sensitive_files_list.py:118-146 (handler)
    The main handler function 'sensitive_files_list' that takes a stack string (comma-separated) and include_common flag, looks up sensitive file paths from the PATHS dictionary, deduplicates them, and returns a FilesReport dict. This is the core logic of the tool.
    def sensitive_files_list(stack: str = "common", include_common: bool = True) -> dict:
    """Return curated sensitive-path lists for a given tech stack.

    Args:
        stack: Comma-separated stack hints. Supported keys:
            common, php, wordpress, dotnet, java, node, python, k8s, docker, ci.
        include_common: If True (default), always include the `common` set.

    Returns:
        FilesReport with `paths` (each {path, why}). No network is performed.
    """
    if not isinstance(stack, str):
        return {"error": "stack must be a string"}

    requested = [s.strip().lower() for s in stack.split(",") if s.strip()]
    if not requested:
        requested = ["common"]
    if include_common and "common" not in requested:
        requested = ["common", *requested]

    seen: set[str] = set()
    out: list[FileEntry] = []
    for s in requested:
        for entry in PATHS.get(s, []):
            if entry["path"] not in seen:
                seen.add(entry["path"])
                out.append(FileEntry(**entry))

    return FilesReport(stacks_requested=requested, paths=out).model_dump()
  • src/mcp_security_toolkit/server.py:30-30 (registration)
    Registers sensitive_files_list as an MCP tool via mcp.tool()(sensitive_files_list.sensitive_files_list).
    mcp.tool()(sensitive_files_list.sensitive_files_list)
  • src/mcp_security_toolkit/tools/sensitive_files_list.py:103-115 (schema)
    Pydantic models FileEntry (path + why) and FilesReport (stacks_requested, paths, note) that define the schema for the tool's output.
    class FileEntry(BaseModel):
    path: str
    why: str


class FilesReport(BaseModel):
    stacks_requested: list[str]
    paths: list[FileEntry] = Field(default_factory=list)
    note: str = (
        "Paths only. This tool does not probe the target. "
        "For authorized testing only — fetching these against systems you do not own "
        "may be unlawful."
    )
  • src/mcp_security_toolkit/tools/sensitive_files_list.py:13-100 (helper)
    The PATHS dictionary containing all sensitive file path data organized by tech stack (common, php, wordpress, dotnet, java, node, python, k8s, docker, ci), each with a path and a 'why' explanation.
    PATHS: dict[str, list[dict[str, str]]] = {
    "common": [
        {"path": "/.env", "why": "12-factor config leak (DB creds, API keys)"},
        {"path": "/.env.local", "why": "12-factor local override"},
        {"path": "/.env.production", "why": "12-factor prod config"},
        {"path": "/.git/config", "why": "exposed git repo"},
        {"path": "/.git/HEAD", "why": "exposed git repo (alternate probe)"},
        {"path": "/.svn/entries", "why": "exposed svn repo"},
        {"path": "/.DS_Store", "why": "macOS directory listing leak"},
        {"path": "/robots.txt", "why": "disclosed paths"},
        {"path": "/sitemap.xml", "why": "endpoint inventory"},
        {"path": "/crossdomain.xml", "why": "flash CORS policy"},
        {"path": "/clientaccesspolicy.xml", "why": "silverlight CORS policy"},
        {"path": "/security.txt", "why": "RFC 9116 contact"},
        {"path": "/.well-known/security.txt", "why": "RFC 9116 contact"},
        {"path": "/server-status", "why": "Apache mod_status info disclosure"},
        {"path": "/server-info", "why": "Apache mod_info"},
        {"path": "/backup.zip", "why": "common backup leak name"},
        {"path": "/backup.tar.gz", "why": "common backup leak name"},
        {"path": "/db.sql", "why": "common DB dump leak name"},
    ],
    "php": [
        {"path": "/phpinfo.php", "why": "info disclosure"},
        {"path": "/info.php", "why": "info disclosure"},
        {"path": "/test.php", "why": "leftover test endpoint"},
        {"path": "/config.php.bak", "why": "editor backup leak"},
        {"path": "/wp-config.php.bak", "why": "WordPress config backup"},
        {"path": "/composer.json", "why": "dependency inventory"},
        {"path": "/composer.lock", "why": "exact dependency versions"},
        {"path": "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "why": "CVE-2017-9841 PHPUnit RCE"},
    ],
    "wordpress": [
        {"path": "/wp-admin/", "why": "admin UI exposure"},
        {"path": "/wp-login.php", "why": "login endpoint"},
        {"path": "/xmlrpc.php", "why": "XML-RPC enabled (brute / pingback abuse)"},
        {"path": "/wp-json/wp/v2/users", "why": "user enumeration via REST API"},
        {"path": "/wp-content/debug.log", "why": "WP debug log leak"},
        {"path": "/wp-config.php", "why": "WP config (often blocked, sometimes leaked via .bak)"},
        {"path": "/readme.html", "why": "WordPress version fingerprint"},
    ],
    "dotnet": [
        {"path": "/web.config", "why": ".NET config"},
        {"path": "/web.config.bak", "why": "editor backup leak"},
        {"path": "/Trace.axd", "why": "ASP.NET trace handler"},
        {"path": "/elmah.axd", "why": "ELMAH error log handler"},
        {"path": "/_vti_pvt/service.cnf", "why": "FrontPage extensions"},
    ],
    "java": [
        {"path": "/WEB-INF/web.xml", "why": "Java web app descriptor"},
        {"path": "/WEB-INF/classes/application.properties", "why": "Spring properties"},
        {"path": "/actuator", "why": "Spring Boot actuator index"},
        {"path": "/actuator/env", "why": "Spring env (CVE-2018-1273-family)"},
        {"path": "/actuator/heapdump", "why": "memory dump (full credentials)"},
        {"path": "/actuator/health", "why": "actuator presence probe"},
        {"path": "/actuator/mappings", "why": "endpoint inventory"},
        {"path": "/manager/html", "why": "Tomcat manager UI"},
        {"path": "/host-manager/html", "why": "Tomcat host-manager UI"},
    ],
    "node": [
        {"path": "/package.json", "why": "dep inventory"},
        {"path": "/package-lock.json", "why": "exact dep versions"},
        {"path": "/yarn.lock", "why": "exact dep versions"},
        {"path": "/.npmrc", "why": "npm registry / token leak"},
        {"path": "/server.js", "why": "exposed source"},
    ],
    "python": [
        {"path": "/requirements.txt", "why": "dep inventory"},
        {"path": "/Pipfile.lock", "why": "exact dep versions"},
        {"path": "/poetry.lock", "why": "exact dep versions"},
        {"path": "/settings.py", "why": "django settings leak"},
        {"path": "/manage.py", "why": "django entry"},
        {"path": "/console", "why": "Werkzeug debug console (Flask)"},
    ],
    "k8s": [
        {"path": "/metrics", "why": "Prometheus metrics often unauthed"},
        {"path": "/healthz", "why": "k8s health probe"},
        {"path": "/api/v1/namespaces/default/pods", "why": "kube-apiserver if exposed"},
    ],
    "docker": [
        {"path": "/v2/", "why": "Docker registry index"},
        {"path": "/v2/_catalog", "why": "Docker registry image enumeration"},
    ],
    "ci": [
        {"path": "/.github/workflows/", "why": "exposed CI configs"},
        {"path": "/.gitlab-ci.yml", "why": "exposed CI configs"},
        {"path": "/jenkins/script", "why": "Jenkins script console"},
    ],
}
  • src/mcp_security_toolkit/server.py:14-16 (registration)
    Import of the sensitive_files_list module at the top of server.py.
        sensitive_files_list,
    wordlist_gen,
)

Tool Definition Quality

A4.8/5.0
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description fully covers behavioral traits. It explicitly states 'No network is performed', indicating a safe, read-only operation, and describes the return format (FilesReport with paths). No contradictions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a well-structured docstring with parameter explanations and return info. Every sentence adds value, no fluff. Front-loaded with purpose.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no output schema, the description explains the return structure (FilesReport with paths and why). All parameters are documented, and the tool's simplicity is fully covered. No gaps.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, but the description adds significant meaning: it explains that 'stack' is comma-separated with supported keys listed, and 'include_common' defaults to True and always includes the 'common' set. This compensates fully.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it returns curated sensitive-path lists for a given tech stack. The verb 'Return' and resource 'sensitive-path lists' are specific, and the purpose is well-defined, distinguishing it from siblings like risk_audit or default_creds_lookup.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implicitly conveys use for discovering sensitive files per stack, but lacks explicit guidance on when to use this over alternatives or when not to use it. However, given the distinct purpose, it is clear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/x0base/mcp-security-toolkit'

If you have feedback or need assistance with the MCP directory API, please join our Discord server