pnx-mcp-audit is a security tool; we treat bugs in it accordingly.

If you find a vulnerability in this tool itself - a way to crash the audit binary by feeding it a crafted MCP message, a way to escape the working directory with a malicious server-supplied path, etc. - please report it privately:

• Preferred: open a GitHub Security Advisory at https://github.com/projectboot/pnx-mcp-audit/security/advisories/new
• Alternative: see RFC 9116 contact at https://penaxtra.com/.well-known/security.txt

Please do NOT open a public issue for the report.

We will acknowledge within two business days, share a remediation plan within seven days, and coordinate the disclosure window with you. Default window is 90 days from acknowledgement; we will accept shorter if a fix is faster, longer only when you ask.

pnx-mcp-audit is the messenger; the owner of the MCP server you audited is the one to fix the finding. The findings shipped with this tool include remediation guidance plus OWASP / MITRE framework references. Use those to drive your conversation with the publisher.

If you find a vulnerability that is broadly applicable across many MCP servers (a server-framework bug, a transport-level issue, a class-of-attacks no current check catches), we want to hear about it. File an issue or PR with a sample reproducer and we will consider adding a new check.

• Bugs in this repo's source code (Go).
• Bugs in this repo's release artefacts (binaries, container images, goreleaser config).
• Cases where the audit tool itself can be coerced into executing unintended code by a malicious MCP server response.

• Findings reported by the audit (those are findings about the audited server; report to the server's publisher).
• The Penaxtra commercial platform (use the contact form at https://penaxtra.com/contact for that).
• Social-engineering or denial-of-service against this repo's CI.
• Vulnerabilities in unsupported or end-of-life Go versions (we support the last two major Go releases).

For reviewers + downstream users:

• Zero third-party Go dependencies. The full attack surface is this module plus the Go standard library.
• No phone-home telemetry. Inspect the source: every byte that leaves the binary is in this repo.
• All file I/O is explicit (--output). The audit does not write anywhere else.
• The HTTP transport refuses plain http:// by default.
• Pagination cursors are capped at 32 pages so a hostile server cannot wedge the audit in an infinite loop.
• The stdio transport bounds child-process shutdown at 2 seconds, then kills the process.
• Apache-2.0 licensed. The patent grant is the standard ASL2 grant.