[BUG] `claude mcp get` and `claude mcp add --header` print Authorization header values unredacted to stdout
Summary
claude mcp get <name> and claude mcp add --header "Authorization: Bearer ..." both print Authorization headers in plain text to stdout with no redaction. Any terminal transcript, shell history, CI log, screen-share, or (most concerning for agent workflows) any AI coding assistant conversation log will end up containing the raw bearer token verbatim.
This is a problem for teams using Claude Code to manage MCP servers that require bearer-token auth (team task hubs, private API proxies, internal dashboards), because running either of these two commands from inside a Claude Code session immediately puts the token into the session's tool-output log. Tokens then have to be rotated.
Repro
Claude Code 2.1.94 on Windows 11 (%APPDATA%\npm\claude).
# Add an HTTP MCP server with an Authorization header
claude mcp add -s user --transport http example https://example.invalid/mcp \
--header "Authorization: Bearer super-secret-token-value"
Output (actual, minus the redaction I just did manually):
Added HTTP MCP server example with URL: https://example.invalid/mcp to user config
Headers: {
"Authorization": "Bearer super-secret-token-value"
}
File modified: C:\Users\...\.claude.json
And:
claude mcp get example
Output:
example:
Scope: User config (available in all your projects)
Status: ✓ Connected
Type: http
URL: https://example.invalid/mcp
Headers:
Authorization: Bearer super-secret-token-value
Expected
Both commands should mask the value of any header whose name matches a credential pattern — at minimum Authorization, X-Api-Key, Api-Key, X-Auth-Token, Cookie, Proxy-Authorization. Something like Authorization: Bearer ••••••••••••••••••••nb5f (last 4 chars only), or simply Authorization: <redacted>.
An opt-out flag like --show-headers could be added for the rare case where a user genuinely wants the raw value echoed.
Actual
Headers are echoed in full. There is no flag to redact them.
Why this matters for agentic use
A Claude Code agent often runs claude mcp list / claude mcp get as part of diagnosing MCP connectivity. Every such run during an agent session imports the full token into the model's context window and into the persistent session transcript file on disk. This is exactly the opposite of what teams using Claude Code as an autonomous operator want.
In our case, we had to rotate our team hub API key after a diagnostic run, then update the rotated value in four places (server env, pm2 ecosystem config, Claude Code user config, a downstream cron consumer). It's avoidable with one regex-based redaction pass in the output formatter.
Suggested fix
In whatever output-formatter helper handles mcp get / mcp add success messages:
function redactHeaderValue( name: string, value: string ): string {
const sensitive = /^(authorization|proxy-authorization|cookie|x-api-key|api-key|x-auth-token)$/i;
if ( sensitive.test( name ) ) {
const tail = value.slice( -4 );
return `<redacted:...${tail}>`;
}
return value;
}
Apply it in both the "Headers: {...}" echo after a successful add and the Headers: section of the get pretty-printer.
Happy to send a PR if the team wants.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗