If you discover a security vulnerability, please report it privately by emailing hey@meimakes.com. Do not open a public issue.

I'll acknowledge receipt within 48 hours and provide a timeline for a fix.

This server spawns coding agents (Claude Code, Codex) that have full shell access on the host machine. The MCP server's own filesystem tools are sandboxed, but spawned agents are not — a manipulated prompt could access files outside the session directory.

See the Known limitation section in the README for details and recommended mitigations.