Skip to content

Security: robot-accomplice/ghola

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in Ghola, please report it responsibly.

Do not open a public issue.

Instead, email: robot@accomplice.ch

Include:

  • A description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Response Timeline

  • Acknowledgment: within 48 hours
  • Initial assessment: within 7 days
  • Fix or mitigation: coordinated disclosure within 90 days

Scope

This policy covers the ghola CLI tool and its dependencies. It does not cover third-party services that ghola may communicate with (blockchain RPCs, arbitrary HTTP targets).

Supported Versions

Version Supported
Latest release Yes
Older releases Best effort

There aren't any published security advisories