This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
MCP Servers
✓ No known CVEs patched
This release patches 1 known CVE
Topics
agent-tools
ai-agent
automation
claude
cli
cursor
+9 more
korean
line-works
mcp
model-context-protocol
naver-works
naverworks
npm
typescript
workspace
Affected surfaces
auth
Summary
AI summarySensitive parameters removed from nworks_setup tool and must be set via env
Full changelog
What's Changed
Security: Remove sensitive params from nworks_setup MCP tool
clientSecretandprivateKeyPathare no longer accepted as tool parameters- These values must be set via MCP config
envfield or system environment variables - Prevents sensitive credentials from being exposed in AI conversation logs
Improved AI agent guidance
- Structured step-by-step setup instructions in tool description
- Clear error messages with config examples when env vars are missing
- Better error recovery flow (re-login → re-setup)
Fix: Windows browser not opening on nworks login --user
- Fixed
startcommand treating URL as window title instead of opening browser - Mac/Linux unaffected
Misc
- Add
zodto dependencies for Glama build compatibility - Version bump to 1.2.1
Breaking Changes
- `clientSecret` and `privateKeyPath` parameters removed from nworks_setup tool; must now be provided via MCP config `env` field or system environment variables.
Security Fixes
- Removed clientSecret and privateKeyPath as command-line arguments to prevent credential exposure in AI conversation logs
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About yjcho9317/nworks
NAVER WORKS CLI + MCP server. 26 tools for messages, calendar, drive, mail, tasks, and boards. AI agents can manage NAVER WORKS directly.
Beta — feedback welcome: [email protected]