Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / AI-Agent-Config / agent-config-disclosure.yaml
agent-config-disclosure.yaml
 1  info:
 2    name: AI-Agent-Config
 3    cve: ""
 4    summary: AI agent config file publicly accessible — MCP server configuration and API keys exposed
 5    details: |
 6      AI agent tools (Claude Desktop, Cursor, Cline, Windsurf, Continue, etc.) store their
 7      MCP (Model Context Protocol) server configurations in well-known JSON/YAML config files.
 8      These files typically contain sensitive information including:
 9  
10      - MCP server URLs and endpoints
11      - API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY)
12      - Local command execution configurations (command, args fields)
13      - Internal service addresses and authentication credentials
14  
15      When a server misconfigures its web root to expose these files over HTTP, an attacker can:
16      1. Obtain AI service endpoints and credentials for unauthorized access
17      2. Enumerate the internal AI infrastructure deployment
18      3. Steal API keys leading to financial loss or data breach
19  
20      Common config file paths covered:
21      - claude_desktop_config.json (Claude Desktop)
22      - .claude.json / .mcp.json (Claude Code)
23      - .cursor/mcp.json (Cursor)
24      - .trae/mcp.json (Trae IDE, ByteDance)
25      - mcp_settings.json (CodeBuddy, Tencent Cloud Code Assistant)
26      - .continue/config.json (Continue)
27      - cline_mcp_settings.json (Cline / Roo-Cline VSCode extension)
28      - mcp_config.json (Windsurf)
29      - .vscode/mcp.json (VS Code Copilot MCP)
30      - .config/zed/settings.json (Zed)
31      - .config/goose/config.yaml (Goose)
32      - .env (environment variable files containing AI API keys)
33    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
34    severity: HIGH
35    security_advise: |
36      1. Ensure the web server does not serve the above config files from a publicly accessible path.
37      2. Configure deny rules in Nginx/Apache to block access to config file extensions:
38         Nginx: location ~* \.(json|yaml|env)$ { deny all; }
39      3. Store config files outside the web root directory.
40      4. Periodically audit which files are reachable via HTTP on your server.
41      5. Immediately rotate any API keys that may have been exposed (OPENAI_API_KEY, ANTHROPIC_API_KEY, DEEPSEEK_API_KEY, HUNYUAN_API_KEY, etc.).
42  references:
43    - https://modelcontextprotocol.io/quickstart/user
44    - https://github.com/Tencent/AI-Infra-Guard
45  rule: ""