If you discover a security vulnerability in mcp-use, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

1. GitHub Security Advisories: Use GitHub's private vulnerability reporting
2. Email: security@manufact.com

• Description of the vulnerability
• Steps to reproduce
• Impact assessment
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Assessment: Within 1 week
• Fix: Depends on severity

For anything related to Manufact Cloud please report any findings at security@manufact.com

1. Review server permissions before connecting to any MCP server
2. Use environment variables for secrets — never hardcode them
3. Limit server access to only required tools and resources
4. Keep dependencies updated to patch known vulnerabilities