| # Security Policy | |
| ## Reporting a Vulnerability | |
| If you discover a security vulnerability in MCP-Scope, please report it privately. | |
| **Do not create a public GitHub issue.** | |
| Send details to: **carlos@aiagentobservatory.org** | |
| Please include: | |
| - Description of the vulnerability | |
| - Steps to reproduce | |
| - Potential impact | |
| - Any suggested mitigation (optional) | |
| We will acknowledge receipt within 48 hours and provide a timeline for a fix. | |
| ## Scope | |
| - The web dashboard (FastAPI) | |
| - The REST API | |
| - CLI commands that process external input | |
| - Dependencies with known CVEs | |
| ## Out of Scope | |
| - The SQLite database file (local by default) | |
| - Scanner tools that MCP-Scope wraps (report issues to their respective projects) | |
| ## Preferred Languages | |
| English or Spanish. | |