titon-network/plugin is a Claude Code plugin marketplace — pure markdown skill files + JSON manifests, no executable code, no key custody, no network calls.

The "security surface" is essentially: does a skill instruct an AI agent to do something dangerous? Examples of in-scope findings:

• A skill that tells the agent to expose mnemonics, leak .env contents, or send funds without explicit user approval.
• A skill with code examples that contain known-vulnerable patterns (e.g., a deploy snippet that hardcodes a mnemonic in a commit).
• A skill that misrepresents an on-chain operation's blast radius (e.g., describing SetForgeton as reversible when it's one-shot).

• Email security@titon.network with [plugin] in the subject.
• Or use GitHub's private vulnerability reporting.

Triage is best-effort — most reasonable concerns can also be filed as a public issue or PR since there's no exploitable runtime here.

• Issues with the underlying contract behaviour the skills describe — report against the relevant protocol repo (forgeton, kronos, fortuna).
• Claude Code itself — report to Anthropic via bugcrowd.