If you discover a security vulnerability in this project, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, email: jai@tecorb.co
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
I will respond within 48 hours and work with you to fix the issue before any public disclosure.
When using Groww MCP:
- Never commit
.envfiles — they contain your trading credentials - Use TOTP auth — it's the most secure method (short-lived tokens)
- Register a static IP on Groww — prevents unauthorized order placement
- Review tool calls — always confirm before placing orders
- Keep Ruby and gems updated — run
bundle updateregularly
| Version | Supported |
|---|---|
| 1.0.x | Yes |
This policy covers the Groww MCP server code only. For Groww platform security issues, contact Groww support.