Intelligence Assist projects handle system integration and AI automation, making security a top priority. We appreciate the security research community's help in keeping our projects safe.
We actively maintain and provide security updates for:
| Project | Version | Supported |
|---|---|---|
| MCPControl | Latest release | ✅ |
| claude-hub | Latest release | ✅ |
| ADHD Framework | Development | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing: [email protected]
Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Affected versions/components
- Any potential impact assessment
- Suggested mitigation if known
- Acknowledgment - We'll acknowledge receipt within 48 hours
- Initial Assessment - We'll provide an initial assessment within 1 week
- Updates - We'll keep you informed of progress toward resolution
- Disclosure - We'll coordinate responsible disclosure timing with you
- System Access: Grants LLMs direct computer control
- Privilege Escalation: Monitor for unauthorized privilege requests
- Data Access: Potential access to sensitive files and applications
- Network Activity: May initiate network connections
- Container Isolation: Docker containers must remain properly sandboxed
- Webhook Security: Validate all incoming webhook payloads
- Resource Limits: Prevent container resource exhaustion attacks
- Network Segmentation: Containers should not access internal networks
- Data Privacy: Handles personal productivity and health data
- Authentication: Discord bot tokens and API credentials
- Third-party Integrations: Security of connected productivity tools
- Notification Security: Prevent information leakage through notifications
- Never commit secrets - Use environment variables and .env files
- Validate all inputs - Sanitize user inputs and webhook payloads
- Principle of least privilege - Request minimum necessary permissions
- Audit dependencies - Keep dependencies updated and scan for vulnerabilities
- Test in isolation - Use sandboxed environments for testing system interactions
While we don't currently offer a formal bug bounty program, we deeply appreciate security research and will:
- Provide public acknowledgment (if desired)
- Fast-track fixes for critical vulnerabilities
- Consider the researcher for future security consulting opportunities
For security-related questions or concerns:
- Email: [email protected]
- Response Time: Within 48 hours
- Emergency Contact: For critical vulnerabilities requiring immediate attention
Thank you for helping keep Intelligence Assist projects secure!