GPT‑Админ gives AI agents access to your servers — security matters. If you find a vulnerability, please report it responsibly.
- Do NOT open a public GitHub issue.
- Report via Telegram: @careviolan
- Or email the maintainer directly.
Please include:
- A description of the issue and its potential impact
- Steps to reproduce (proof-of-concept)
- Affected version (
cat VERSIONorgptadmin --version) - Suggested fix, if any
- Acknowledgement: within 48 hours
- Initial assessment: within 7 days
- Fix or mitigation: depends on severity, target 30 days for critical issues
We follow coordinated disclosure. Once a fix is released, we will publish a GitHub Security Advisory and credit the reporter (unless they prefer to remain anonymous).
- The
gptadmin_hub/shellmcpservices and their HTTP/MCP endpoints - The
gptadminCLI - The
mcp-bridge.user.jsbrowser extension - Install scripts (
deploy/install*.sh,install_win.ps1)
- Vulnerabilities in third-party dependencies (report upstream)
- Issues requiring already-compromised root access
- Social engineering