Overview The get_env_risk tool analyzes all environment variables and returns them sorted by risk level, with detailed explanations of each issue and specific recommended fixes.
Parameters Path to the project directory. Defaults to current working directory.
Minimum risk level to include. Defaults to “info” (show all). Options:
info - Show all variables (default)low - Low risk and abovemedium - Medium risk and abovehigh - High risk and abovecritical - Only critical risk variables Response Count of variables by risk level Number of critical risk variables
Number of high risk variables
Number of medium risk variables
Number of low risk variables
Number of info level variables
Detailed risk report for each variable Risk level: critical, high, medium, low, or info
Array of detected issues Issue type (e.g., MISSING, DEAD, UNDOCUMENTED)
Human-readable issue description
Number of times this variable is used
Files using this variable (limited to first 5)
Scan metadata Absolute path to the scanned project
Whether the scan used cached results
Scan duration in milliseconds
Example Response { "summary" : { "critical" : 2 , "high" : 5 , "medium" : 8 , "low" : 12 , "info" : 15 }, "riskReport" : [ { "name" : "API_KEY" , "riskLevel" : "critical" , "issues" : [ { "type" : "MISSING" , "severity" : "critical" , "message" : "Variable used in code but not defined anywhere and has no default value" , "recommendation" : "Add API_KEY to your .env file with a valid value" }, { "type" : "UNDOCUMENTED" , "severity" : "high" , "message" : "Variable not documented in .env.example" , "recommendation" : "Add API_KEY to .env.example with a description" } ], "usageCount" : 8 , "files" : [ "src/api/client.ts" , "src/services/external-api.ts" , "src/middleware/auth.ts" ] }, { "name" : "DATABASE_URL" , "riskLevel" : "high" , "issues" : [ { "type" : "UNDOCUMENTED" , "severity" : "medium" , "message" : "Variable not documented in .env.example" , "recommendation" : "Add DATABASE_URL to .env.example with usage instructions" } ], "usageCount" : 12 , "files" : [ "src/db/connection.ts" , "src/config/database.ts" ] } ], "metadata" : { "projectPath" : "/Users/dev/my-project" , "scannedFiles" : 156 , "cacheHit" : false , "duration" : 245 } }
Usage Example AI assistants can call this tool to identify and fix risky environment variables:
{ "name" : "get_env_risk" , "arguments" : { "projectPath" : "/path/to/project" , "minRisk" : "high" } }
To see only critical issues:
{ "name" : "get_env_risk" , "arguments" : { "minRisk" : "critical" } }
Use Cases
Security Audit : Identify critical security issues with environment variablesPre-Deployment : Check for risky configurations before deployingIssue Prioritization : Focus on fixing high and critical issues firstCode Review : Automated checking of environment variable usageDocumentation : Get specific recommendations for documenting variables 