DevWeaver-Lite is a skill (Markdown + MCP configuration files), not a running service. There are no network endpoints, no server processes, and no persistent data stores. Security considerations are therefore limited to:

• Secrets management (API keys, tokens)
• MCP server trust and permissions
• Prompt injection in AI-facing instruction files
• Supply chain integrity of npm packages used by optional MCPs

Do not open a public GitHub issue for security vulnerabilities.

Please report security issues via one of these private channels:

1. GitHub Private Vulnerability Reporting (preferred): Use the Security tab > Report a vulnerability button on the repository.

2. Email: security-devweaver at proton dot me

• Description of the vulnerability and its potential impact
• Steps to reproduce or proof-of-concept
• Affected file(s) and version(s)
• Any suggested mitigations you have identified

DevWeaver-Lite enforces these constraints in every activation file:

• Secrets accidentally embedded in skill files or MCP config templates
• Malicious instructions injected via provider activation files
• Insecure MCP server configurations that expose excessive filesystem access
• Prompt injection patterns that bypass CONFIRM gates

• Security of the AI providers themselves (OpenAI, Anthropic, Google, etc.)
• Security of MCP server implementations (report those to their respective maintainers)
• Security of the projects built using DevWeaver-Lite

All npm-based MCPs are invoked with npx -y (auto-download, no global install). Pin MCP package versions in your mcp.json if you require supply chain guarantees:

// Instead of:
"args": ["npx", "-y", "@playwright/mcp"]
// Use:
"args": ["npx", "-y", "@playwright/mcp@0.2.0"]

Filesystem MCP allowedDirectories should be scoped to the minimum required path. Never set allowedDirectories to / or ~.