The NBS Framework consists of documentation and Claude Code command scripts. It does not process untrusted input or handle sensitive data. Security considerations are minimal.
Only the latest version on the master branch is actively maintained.
If you discover a security issue (e.g., command injection in shell scripts, unsafe file operations), please report it by:
- Opening a GitHub issue if the vulnerability is not sensitive
- Emailing the maintainer directly for sensitive security issues (see GitHub profile for contact)
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
As this is a research project maintained by one person:
- Acknowledgement: Within 1 week
- Initial assessment: Within 2 weeks
- Fix timeline: Depends on severity and complexity
The Claude Code commands (/nbs, /nbs-discovery, /nbs-recovery) have limited tool access as defined in their YAML frontmatter. Review the allowed-tools field in each command file to understand capabilities.
The framework is designed for collaborative human-AI work, not for autonomous operation or handling untrusted projects.