If you discover a security vulnerability in any MCP server in this repository, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please use GitHub's private vulnerability reporting feature:

1. Go to the Security tab of this repository
2. Click Report a vulnerability
3. Fill in the details

Alternatively, you can email the maintainers directly at studyhubnetin@gmail.com.

• Description of the vulnerability
• Steps to reproduce
• Affected server(s) and version(s)
• Potential impact

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 1 week
• Fix Release: Within 2 weeks for critical issues

When using MCP servers:

1. Never commit API keys — Always use .env files (which are gitignored)
2. Use least-privilege tokens — Grant only the permissions each server needs
3. Review server code — Before running any MCP server, review what API calls it makes
4. Keep dependencies updated — Run pip audit or npm audit regularly
5. Rotate tokens periodically — Especially for production use