If you discover a security vulnerability in Solblade, do not open a public issue.

Instead, please report it privately by emailing nullxnothing@proton.me with:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

You will receive a response within 72 hours. Critical issues will be patched and released as soon as possible.

The following are in scope for security reports:

• Keystore encryption weaknesses
• MCP server permission bypasses
• Session/authentication flaws
• Private key exposure vectors
• Audit log tampering

Out of scope:

• Issues in upstream dependencies (report those to the dependency maintainer)
• Social engineering attacks
• Denial of service via excessive CLI usage