We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability, please send an email to:
- Email: mbelinky@gmail.com
- Subject: [SECURITY] X MCP Server - [Brief Description]
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Assessment: Within 7 days
- Fix Timeline: Within 30 days for critical vulnerabilities
When using this MCP server:
- Never commit credentials: Keep your
.envfile out of version control - Use environment variables: Store all sensitive data in environment variables
- Rotate tokens regularly: Update your Twitter/X API tokens periodically
- Monitor usage: Check your Twitter Developer Dashboard for unusual activity
- Use OAuth 2.0: When possible, prefer OAuth 2.0 over OAuth 1.0a
- Rate Limiting: The server implements rate limiting to prevent API abuse
- No Data Storage: The server does not persist any user data or credentials
- Secure Communication: All API calls use HTTPS
- Token Handling: Tokens are never logged or exposed in error messages
This project aims to comply with:
- Twitter/X API Terms of Service
- Anthropic's Usage Policy for MCP servers
- General security best practices for API integrations
Thank you for helping keep X MCP Server secure!