Skip to content

alexpota/cloudscope-mcp

v0.3.0 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Data & Storage
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

anomaly-detection azure azure-advisor bigquery budget-monitoring claude
+13 more
claude-code cloud-billing cloud-cost cost-management cost-optimization cursor finops gcp gcp-recommender mcp mcp-server model-context-protocol multi-cloud

Affected surfaces

auth rce_ssrf

Summary

AI summary

CloudScope now supports Google Cloud Platform alongside Azure with new GCP tools and security hardening.

Full changelog

CloudScope now supports Google Cloud Platform alongside Azure.

GCP Provider

  • Cost queries via BigQuery billing export (standard + detailed)
  • Recommendations and idle resource detection via GCP Recommender API
  • Untagged resources via Cloud Asset Inventory API
  • Budget monitoring via Billing Budgets API
  • Client-side linear regression forecasting

Multi-Provider

  • All 14 shared tools accept provider: 'azure' | 'gcp'
  • Default provider auto-detected from configured credentials
  • Dynamic server instructions reflect connected providers
  • 5 prompts accept optional provider argument

New Tools

  • list_projects — list accessible GCP projects
  • get_cross_project_costs — cost breakdown across GCP projects

Security

  • Raw SDK error messages no longer returned to clients
  • BigQuery table name validated against SQL injection
  • ESLint rules enforce console.error only (no console.log) and ban error.message in logs

Testing

  • 280 unit tests, 29 Azure E2E tests, 18 GCP E2E tests
  • npm run test:e2e / test:e2e:gcp / test:e2e:all

Setup

Azure works with az login (zero config). GCP requires BigQuery billing export — see
README for setup.

Security Fixes

  • Raw SDK error messages are no longer returned to clients.
  • BigQuery table name validation added to prevent SQL injection.
  • ESLint configuration enforces use of `console.error` only (bans `console.log`) and disallows logging `error.message`.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track alexpota/cloudscope-mcp

Get notified when new releases ship.

Sign up free

About alexpota/cloudscope-mcp

Azure cloud cost management — spending analysis, forecasts, anomaly detection, budgets, optimization recommendations, idle resource detection, tag-based cost allocation, and cross-subscription queries through natural language.

All releases →

Related context

Beta — feedback welcome: [email protected]