Security
How useScrolls presents indexed security information.
Indexed Audit Data
Public audit and security metadata is shown when available from indexed sources
Secure Delivery
useScrolls is served over HTTPS on managed cloud infrastructure
Source Transparency
Listings link to public repositories so you can inspect upstream code
Security Metadata
useScrolls does not currently run a pre-publication review or direct publishing flow. Instead, it indexes public marketplace data and displays available source and audit metadata so you can make an informed installation decision.
Indexed Audit Metadata
Where available, useScrolls displays public audit and security metadata from indexed third-party sources.
Source Repository Links
Listings link back to public source repositories so you can inspect the code before installing.
Regular Data Refreshes
Public marketplace metadata is refreshed from the source website about every 24 hours.
Issue Reporting
If indexed data looks wrong or a listing appears suspicious, report it through the public issue tracker.
Infrastructure Security
TLS Encryption
Connections to useScrolls are served over HTTPS
Managed Hosting
Hosted on managed cloud infrastructure with platform security controls
Reporting Security Issues
We take security seriously. If you discover a vulnerability, please report it responsibly.
Security Contact
Email: security@usescrolls.com
What to Include
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Any suggested fixes (optional)
We aim to acknowledge reports within 24 hours and provide a fix timeline within 72 hours.
User Security Best Practices
Review before installing - Check the plugin's source code, author, repository activity, and available audit metadata before installing.
Prefer trusted sources - Install from upstream repositories and authors you trust. useScrolls is an index, not the source of truth.
Check permissions - Understand what tools and access a skill requests before granting permissions.
Keep plugins updated - Regularly update installed plugins through your agent tool to receive upstream fixes.
Report suspicious behavior - If a plugin behaves unexpectedly or a listing looks unsafe, report it immediately.