Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in MCP-Scope, please report it privately.

Do not create a public GitHub issue.

Send details to: carlos@aiagentobservatory.org

Please include:

Description of the vulnerability
Steps to reproduce
Potential impact
Any suggested mitigation (optional)

We will acknowledge receipt within 48 hours and provide a timeline for a fix.

Scope

The web dashboard (FastAPI)
The REST API
CLI commands that process external input
Dependencies with known CVEs

Out of Scope

The SQLite database file (local by default)
Scanner tools that MCP-Scope wraps (report issues to their respective projects)

Preferred Languages

English or Spanish.

There aren't any published security advisories