agentlint now checks secrets hidden in command-line arguments

agentlint version 0.1.2 is now available on PyPI. agentlint is a for MCP server settings. The earlier version checked whether secrets were written directly inside sections.

The new version also checks the for each server setting. If an API key or token is passed as a launch option, it can remain in terminal history or appear in the running process list. The update applies the same pattern checks used for to .

Suspected leaks now trigger a high-severity warning.

Key points

  • agentlint 0.1.2 is live on PyPI.
  • The new scanner checks in MCP server settings.
  • API keys or tokens passed as launch options can end up in terminal history and process lists.
  • The tool reuses its existing secret- for these arguments.
  • Possible leaks are marked with a high-severity warning.
Read original