How to handle secrets when using cursor-kenji skills, MCP templates, and the npm installer.

Email or open a private GitHub Security Advisory for credential leaks, malicious skill content, or installer issues. Do not post live tokens in public issues.

Real keys live only on your machine. Forks must not commit filled MCP configs.

MCP templates pin semver versions in mcp/pinned-versions.json. When copying a template:

1. Replace every YOUR_* placeholder or ${ENV} variable with env vars — not inline secrets in tracked project files.
2. Prefer pinned @version over @latest when adding servers manually.
3. AWS servers use uvx with PyPI packages documented in mcp/pinned-versions.json (legacy awslabs.s3-mcp-server / lambda-mcp-server names are not valid on PyPI).

This repo runs scripts/scan-secrets.mjs on staged files before commit. It blocks common patterns (GitHub PATs, npm tokens, Stripe live keys, AWS access keys, private key blocks). Placeholders like ghp_your_token_here and YOUR_* are allowed.

Enable hooks after clone:

npm run prepare   # sets core.hooksPath → .githooks

Primary: npm Trusted Publishing (OIDC) — configured for kensaurus/cursor-kenji + workflow npm-publish.yml. Releases publish with --provenance via GitHub Actions; no long-lived token required.

Fallback: NPM_TOKEN in GitHub Actions secrets (optional). The workflow only sets NODE_AUTH_TOKEN when the secret is non-empty so OIDC is not blocked.

Local emergency publish: copy a granular token to gitignored .env as NPM_TOKEN=… and run npm publish --access public --//registry.npmjs.org/:_authToken="$NPM_TOKEN".

package.json declares no runtime or dev dependencies — install/validate scripts use Node built-ins only. If you add dependencies, add a lockfile and run npm audit before merging.

Skills that touch Supabase, Stripe, or auth (plan-secrets-audit, plan-rls-audit, audit-security) assume your app repo follows the same rules: service-role keys never in client bundles, RLS on every table, env vars in deployment secrets — not in git.