If you discover a security vulnerability, please report it using GitHub's private vulnerability reporting rather than opening a public issue.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
| Version | Supported |
|---|---|
| main | Yes |
This project is designed for use in forensic analysis environments. Users should:
- Run in isolated/sandboxed environments when analyzing untrusted data
- Keep dependencies updated
- Review MCP permissions before enabling
- Never expose MCP servers to untrusted networks
- Rotate API tokens regularly (OpenCTI, etc.)
API tokens (OpenCTI, REMnux) are stored in .mcp.json — the single source of truth for MCP configuration. This file is chmod 600 and gitignored.
Limitations:
- Tokens are stored in plaintext on disk. If an attacker gains read access to your home directory, tokens are exposed.
chmod 600is the only access control. On filesystems that don't support POSIX permissions (FAT32, some network mounts), this provides no protection.- REMnux MCP uses HTTP by default — bearer tokens are transmitted unencrypted. Use HTTPS for non-localhost connections.
Hardening recommendations:
- Use an encrypted home directory or full-disk encryption
- Use HTTPS for all remote MCP connections (OpenCTI, REMnux)
- When
./setup.sh --openctiasks about self-signed certs, only say yes for genuinely self-signed certs, not to bypass TLS entirely - Rotate tokens if you suspect compromise: re-run
./setup.sh --opencti --force-repromptor./setup.sh --remnux --force-reprompt