We take the security of Isaac Sim MCP Server seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please use GitHub's private vulnerability reporting to submit your report.

Please include the following information in your report:

• Type of issue (e.g., buffer overflow, command injection, etc.)
• Full paths of source file(s) related to the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
• Initial Assessment: We will provide an initial assessment of the report within 1 week.
• Resolution: We aim to resolve confirmed vulnerabilities within 30 days of the initial report.

• We follow a coordinated disclosure process.
• We will work with you to understand and resolve the issue before any public disclosure.
• We will credit reporters who follow responsible disclosure practices (unless you prefer to remain anonymous).

When using Isaac Sim MCP Server:

1. Keep your installation up to date with the latest version.
2. Do not expose the MCP server to untrusted networks without proper authentication.
3. Review tool calls before executing them, especially when using with AI assistants.
4. Use virtual environments to isolate the server dependencies.

Thank you for helping keep Isaac Sim MCP Server and its users safe!