Responsible Disclosure

Last updated: March 9, 2026

SpiderRating is committed to protecting the AI tool ecosystem. When we detect serious security issues, we follow a responsible disclosure process to give maintainers time to fix problems before public exposure.

Our Disclosure Process

1

Detection

TeeShield detects a critical or high-severity security issue during automated scanning. The tool receives a grade D or F.

2

Notification

We open a GitHub issue on the affected repository (or contact the maintainer privately) detailing the findings and recommended fixes.

3

90-Day Window

During the 90-day disclosure window, only the overall grade and score are shown publicly. Specific vulnerability details (file paths, line numbers, issue codes) are redacted from the public rating page.

4

Resolution or Disclosure

If the maintainer fixes the issues, we rescan and update the rating. If 90 days pass without a fix, the full details are made public to protect end users.

What Gets Redacted

Always Visible

  • Overall grade (A-F)
  • Numeric score (0-10)
  • Issue severity counts
  • Hard constraint applied

Redacted During Window

  • Specific file paths
  • Line numbers
  • Issue code details
  • Exploit descriptions

Report a Vulnerability

If you discover a security issue in a rated tool that our scanner missed, or if you find a vulnerability in SpiderRating itself:

  • Open a GitHub issue at teehooai/spidershield
  • For sensitive reports, use GitHub's private vulnerability reporting feature
  • Include reproduction steps and the affected tool name

For Maintainers

If your tool received a low grade and you've addressed the findings, submit a rescan request through our submission page. We typically rescan within 24 hours.