If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email us at aadil@ralphnex.com with:
- A description of the vulnerability
- Steps to reproduce it
- The potential impact
- Acknowledgment — within 48 hours
- Initial assessment — within 5 business days
- Fix or mitigation — as soon as reasonably possible, depending on severity
This repository contains a skill definition file (not a backend service). Security concerns most likely relate to:
- MCP configuration that could expose credentials
- Notification content that could leak sensitive data
- Documentation that recommends insecure practices
For vulnerabilities in the Pushary API or backend service itself, please report them at pushary.com.
We will coordinate with you on disclosure timing and credit you in the fix (unless you prefer to remain anonymous).