Hardcoded client secret in configuration
AI security governance · MCP security
Severity
critical
What it is
The OAuth client secret is hardcoded in the configuration file rather than referenced via an environment variable.
How Igris detects it
Igris's OAuth Configuration Checker flags this during MCP security scans of your configuration.
References
Related MCP security rules
Secure your AI estate with Igris