Skip to content

Commit 3273b9d

Browse files
committed
fix: address password security review for x402_fetch
1 parent 22566ea commit 3273b9d

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

src/mcp/server.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -819,7 +819,7 @@ server.tool(
819819
'and retrying the request. IMPORTANT: Real on-chain payment with real funds.',
820820
{
821821
address: injAddress.describe('The inj1... address of your trading wallet.'),
822-
password: z.string().describe('Keystore password to decrypt the private key for signing.'),
822+
password: z.string().describe('Keystore password to decrypt the private key for signing. SECURITY: Never log, store, or echo this. Use secret inputs only.'),
823823
url: z.string().url().describe('The URL of the x402-gated API endpoint.'),
824824
},
825825
async ({ address, password, url }) => {

0 commit comments

Comments
 (0)