fix(everything): require key parameter for get-env tool

Prevent leaking all process.env variables by requiring a specific key.
This addresses a security concern where the tool was returning the
entire environment without any parameter or filtering.

Issue: #3986

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: Will-hxw

src/everything/tools/get-env.ts

@@ -6,26 +6,50 @@ const name = "get-env";
 const config = {
   title: "Print Environment Tool",
   description:
-    "Returns all environment variables, helpful for debugging MCP server configuration",
-  inputSchema: {},
+    "Returns the value of a specific environment variable, helpful for debugging MCP server configuration",
+  inputSchema: {
+    type: "object",
+    properties: {
+      key: {
+        type: "string",
+        description:
+          "The name of the environment variable to retrieve (e.g., 'PATH', 'HOME', 'USER')",
+      },
+    },
+    required: ["key"],
+  },
 };
 
 /**
  * Registers the 'get-env' tool.
  *
- * The registered tool Retrieves and returns the environment variables
- * of the current process as a JSON-formatted string encapsulated in a text response.
+ * The registered tool retrieves and returns the value of a specific
+ * environment variable from the current process.
  *
  * @param {McpServer} server - The McpServer instance where the tool will be registered.
  * @returns {void}
  */
 export const registerGetEnvTool = (server: McpServer) => {
   server.registerTool(name, config, async (args): Promise<CallToolResult> => {
+    const { key } = args as { key: string };
+    const value = process.env[key];
+
+    if (value === undefined) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Environment variable '${key}' is not set.`,
+          },
+        ],
+      };
+    }
+
     return {
       content: [
         {
           type: "text",
-          text: JSON.stringify(process.env, null, 2),
+          text: `${key}=${value}`,
         },
       ],
     };