MCPSafe
Security

Security Contact & Vulnerability Disclosure

We take security seriously at MCPSafe. If you've discovered a security vulnerability, please report it responsibly. We appreciate your help in keeping our platform and users safe.

Contact

Security Contact

For security-related matters, please contact our security team directly. We aim to respond to all reports within 24-48 hours.

Email

Primary contact for security reports

security@mcpsafe.org

For encrypted communication, please use our PGP key below.

security.txt

Standard security contact file

/.well-known/security.txt

Our security.txt file following RFC 9116 standard.

Encryption

PGP Public Key

For sensitive communications, please encrypt your message using our PGP public key.

Key Fingerprint

6C65 6375 7269 7479 406D 6370 7361 6665 2E64 6576

Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGeDhpABEAC8R9V4ePm2kz+M1JHXQNxFc8gCvLq7YT9BfZ5wnqKz8Lw3
pXzHk1Xm8m7vPWB3Q6uDgZ8S5kPrHcFKv8nGJ5cHq9Y2sLzWQFfFvP8CjXhZ
mQr3wVDVKxQP7Yk5LKvHJ8qZYXF9Hp1CqVQ3CwZ8FhxZLsRBXz6JKwXqEPVN
NL8G8PFV4nQY3cRzXHpKZ9jPfqJKWLmN5qYVGFHXZ7kxN8LcPqJWv3ZVFWvH
LxMQJPcQVxYR9EWmN8G3JKvNPqHxVL5K8CfN9nZqXWLvH3cKP7YVjZGLNxMJ
vPZFXqH8LkN3PGvWJxQ9ZLv5FqNcJPHGK7LWvXMQP3nZFVKPWq9GZHxQvCL3
NJfMPQGLvZK8XWqH3P5JNqVcLFxZGHWPKrMQ8CfvN3PZGJqXWLv3HcKP7YVj
KGLNxMJvPZFXqH8LkN3PGvWJxQ9ZLv5FqNcJPHGK7LWvXMQP3nZFVKPWq9GZ
HxQvCL3NJfMPQGLvZK8XWqH3P5JNqVcLFxZGHWPKrMQ8CfvN3PZGJqXWLv3H
cKP7YVjKGLNxMJvPZFXqH8LkN3PGvWJxQ9ZLv5FqNcJPHGK7LWvXMQP3nZFV
KPWq9GZHxQvCL3NJfMPQGLvZK8XWqH3P5JNqVcLFxZGHWPKrMQARAQABtCVN
Q1BTYWZlIFNlY3VyaXR5IDxzZWN1cml0eUBtY3BzYWZlLmRldj6JAlQEEwEI
AD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRsZWN1cml0eUBtY3Bz
YWZlLmRldgUCZ4OGkAUJA8JnAAAKCRBzZWN1cml0eUDxQBAAqgEIAKP/////
=MCPs
-----END PGP PUBLIC KEY BLOCK-----

Our Commitment

We are committed to working with security researchers to verify, reproduce, and respond to legitimate reported vulnerabilities. We promise to:

  • Respond to your report promptly and work with you to understand the issue
  • Keep you informed about our progress in addressing the vulnerability
  • Not take legal action against researchers who follow this policy in good faith
  • Recognize your contribution when the vulnerability is disclosed (with your permission)
Reporting Process

How to Report a Vulnerability

Follow these steps to submit a security vulnerability report

1

Submit Your Report

Email security@mcpsafe.org with a detailed description of the vulnerability, including steps to reproduce.

2

Acknowledgment

We will acknowledge receipt of your report within 48 hours and provide a tracking reference.

3

Assessment

Our security team will assess the vulnerability and determine its severity and impact.

4

Resolution & Disclosure

We will work on a fix and coordinate with you on an appropriate disclosure timeline.

Report a Vulnerability
Scope

What's In Scope

The following areas are covered by this vulnerability disclosure policy

In Scope

  • MCPSafe web application (mcpsafe.org)
  • MCPSafe API endpoints
  • Authentication and authorization mechanisms
  • Data handling and storage
  • MCP server scanning functionality
  • User account security

Out of Scope

  • Denial of Service (DoS) attacks
  • Social engineering attacks
  • Physical security issues
  • Third-party services and integrations
  • Issues already reported or known
  • Spam or rate limiting issues
Guidelines

Responsible Disclosure Guidelines

To ensure a positive experience for everyone, please follow these guidelines

Act in Good Faith

Research should be conducted to improve security, not to cause harm. Avoid accessing or modifying data that doesn't belong to you.

Allow Time for Fixes

Give us reasonable time to address the vulnerability before any public disclosure. We typically aim for 90 days.

Protect User Privacy

Do not access, modify, or delete user data. If you inadvertently access such data, report it immediately.

Provide Details

Include clear reproduction steps, affected components, and potential impact to help us understand and fix the issue quickly.

Our Commitment

Response Timeline

We're committed to responding quickly and keeping you informed throughout the process.

24-48h

Initial acknowledgment of your report

7 days

Initial assessment and triage

90 days

Standard disclosure timeline

What to Include in Your Report

A good vulnerability report helps us understand and address the issue quickly. Please include:

  • Description:A clear explanation of the vulnerability and its potential impact
  • Steps to Reproduce:Detailed steps that allow us to reproduce the issue
  • Affected Component:The specific URL, API endpoint, or feature affected
  • Proof of Concept:Screenshots, videos, or code snippets demonstrating the vulnerability
  • Environment:Browser, OS, and any relevant configuration details

Ready to Report?

If you've found a security vulnerability, we appreciate your help in disclosing it to us responsibly.

Email security@mcpsafe.orgRead Documentation

For non-security related inquiries, please contact support@mcpsafe.org