Skip to content

Security: developerJai/groww-mcp

Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, email: jai@tecorb.co

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact

I will respond within 48 hours and work with you to fix the issue before any public disclosure.

Security Best Practices

When using Groww MCP:

  1. Never commit .env files — they contain your trading credentials
  2. Use TOTP auth — it's the most secure method (short-lived tokens)
  3. Register a static IP on Groww — prevents unauthorized order placement
  4. Review tool calls — always confirm before placing orders
  5. Keep Ruby and gems updated — run bundle update regularly

Supported Versions

Version Supported
1.0.x Yes

Scope

This policy covers the Groww MCP server code only. For Groww platform security issues, contact Groww support.

There aren't any published security advisories