Security
Last updated: 2026-06-18
This page describes how to report security issues for Moldable, including the desktop app, official apps, skills, and hosted services such as Moldable Artifacts.
Contact
If you discover a security vulnerability, email:
Please include:
- A clear description of the issue
- Steps to reproduce
- Affected versions/components
- Affected Artifact URL, publish key flow, API route, or file path, if relevant
- Any proof-of-concept details and potential impact
For copyright, privacy, or abusive-content reports about a published Artifact, email hello@moldable.sh unless the report also involves a security vulnerability.
Disclosure Policy
We request coordinated disclosure:
- Report the issue privately by email.
- Give us reasonable time to investigate and ship a fix.
- Avoid public disclosure until we confirm remediation or agree on a timeline.
Safe Testing Guidelines
When testing, please:
- Avoid accessing, modifying, or deleting data that is not yours
- Avoid service disruption (DoS, resource exhaustion, spam)
- Use the minimum proof needed to demonstrate impact
- Test Artifact publishing, update, unpublish, and public-read behavior only with Artifacts you own or have permission to test
- Do not attempt to guess private credentials, exfiltrate secrets, access unpublished Artifacts, or enumerate unlisted Artifact URLs beyond what is necessary for a report
Response Expectations
We aim to:
- Acknowledge reports promptly
- Triage severity and impact
- Share status updates during remediation
- Credit reporters when appropriate (if requested)
Related Resources