[BUG] `claude mcp get` and `claude mcp add --header` print Authorization header values unredacted to stdout

Resolved 💬 2 comments Opened Apr 7, 2026 by justanotherguyme Closed May 20, 2026

Summary

claude mcp get <name> and claude mcp add --header "Authorization: Bearer ..." both print Authorization headers in plain text to stdout with no redaction. Any terminal transcript, shell history, CI log, screen-share, or (most concerning for agent workflows) any AI coding assistant conversation log will end up containing the raw bearer token verbatim.

This is a problem for teams using Claude Code to manage MCP servers that require bearer-token auth (team task hubs, private API proxies, internal dashboards), because running either of these two commands from inside a Claude Code session immediately puts the token into the session's tool-output log. Tokens then have to be rotated.

Repro

Claude Code 2.1.94 on Windows 11 (%APPDATA%\npm\claude).

# Add an HTTP MCP server with an Authorization header
claude mcp add -s user --transport http example https://example.invalid/mcp \
  --header "Authorization: Bearer super-secret-token-value"

Output (actual, minus the redaction I just did manually):

Added HTTP MCP server example with URL: https://example.invalid/mcp to user config
Headers: {
  "Authorization": "Bearer super-secret-token-value"
}
File modified: C:\Users\...\.claude.json

And:

claude mcp get example

Output:

example:
  Scope: User config (available in all your projects)
  Status: ✓ Connected
  Type: http
  URL: https://example.invalid/mcp
  Headers:
    Authorization: Bearer super-secret-token-value

Expected

Both commands should mask the value of any header whose name matches a credential pattern — at minimum Authorization, X-Api-Key, Api-Key, X-Auth-Token, Cookie, Proxy-Authorization. Something like Authorization: Bearer ••••••••••••••••••••nb5f (last 4 chars only), or simply Authorization: <redacted>.

An opt-out flag like --show-headers could be added for the rare case where a user genuinely wants the raw value echoed.

Actual

Headers are echoed in full. There is no flag to redact them.

Why this matters for agentic use

A Claude Code agent often runs claude mcp list / claude mcp get as part of diagnosing MCP connectivity. Every such run during an agent session imports the full token into the model's context window and into the persistent session transcript file on disk. This is exactly the opposite of what teams using Claude Code as an autonomous operator want.

In our case, we had to rotate our team hub API key after a diagnostic run, then update the rotated value in four places (server env, pm2 ecosystem config, Claude Code user config, a downstream cron consumer). It's avoidable with one regex-based redaction pass in the output formatter.

Suggested fix

In whatever output-formatter helper handles mcp get / mcp add success messages:

function redactHeaderValue( name: string, value: string ): string {
  const sensitive = /^(authorization|proxy-authorization|cookie|x-api-key|api-key|x-auth-token)$/i;
  if ( sensitive.test( name ) ) {
    const tail = value.slice( -4 );
    return `<redacted:...${tail}>`;
  }
  return value;
}

Apply it in both the "Headers: {...}" echo after a successful add and the Headers: section of the get pretty-printer.

Happy to send a PR if the team wants.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗