Security

How useScrolls presents indexed security information.

Indexed Audit Data

Public audit and security metadata is shown when available from indexed sources

Secure Delivery

useScrolls is served over HTTPS on managed cloud infrastructure

Source Transparency

Listings link to public repositories so you can inspect upstream code

Security Metadata

useScrolls does not currently run a pre-publication review or direct publishing flow. Instead, it indexes public marketplace data and displays available source and audit metadata so you can make an informed installation decision.

1

Indexed Audit Metadata

Where available, useScrolls displays public audit and security metadata from indexed third-party sources.

2

Source Repository Links

Listings link back to public source repositories so you can inspect the code before installing.

3

Regular Data Refreshes

Public marketplace metadata is refreshed from the source website about every 24 hours.

4

Issue Reporting

If indexed data looks wrong or a listing appears suspicious, report it through the public issue tracker.

Infrastructure Security

TLS Encryption

Connections to useScrolls are served over HTTPS

Managed Hosting

Hosted on managed cloud infrastructure with platform security controls

Reporting Security Issues

We take security seriously. If you discover a vulnerability, please report it responsibly.

Security Contact

Email: security@usescrolls.com

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Any suggested fixes (optional)

We aim to acknowledge reports within 24 hours and provide a fix timeline within 72 hours.

User Security Best Practices

1.

Review before installing - Check the plugin's source code, author, repository activity, and available audit metadata before installing.

2.

Prefer trusted sources - Install from upstream repositories and authors you trust. useScrolls is an index, not the source of truth.

3.

Check permissions - Understand what tools and access a skill requests before granting permissions.

4.

Keep plugins updated - Regularly update installed plugins through your agent tool to receive upstream fixes.

5.

Report suspicious behavior - If a plugin behaves unexpectedly or a listing looks unsafe, report it immediately.