# Security Policy ## Reporting a Vulnerability If you discover a security vulnerability in MCP-Scope, please report it privately. **Do not create a public GitHub issue.** Send details to: **carlos@aiagentobservatory.org** Please include: - Description of the vulnerability - Steps to reproduce - Potential impact - Any suggested mitigation (optional) We will acknowledge receipt within 48 hours and provide a timeline for a fix. ## Scope - The web dashboard (FastAPI) - The REST API - CLI commands that process external input - Dependencies with known CVEs ## Out of Scope - The SQLite database file (local by default) - Scanner tools that MCP-Scope wraps (report issues to their respective projects) ## Preferred Languages English or Spanish.