Security

Please report security-sensitive issues to security@calllint.com.

Do not open public GitHub issues for security-sensitive reports.

Scope

• CallLint CLI
• official CallLint rules
• official examples
• release workflows
• documentation that may affect security behavior

Out of scope

• third-party MCP servers
• unofficial forks
• user-modified rulesets

Disclosure

See /.well-known/security.txt for machine-readable contact information (RFC 9116).