What we did this week. The good, the wrong, the silent.
Real numbers. Every retraction listed. Every silent fix counted.
If we screwed up, you’ll see it here before you see it anywhere else.
Live disclosure stats
Pulled from the GitHub API at the moment you loaded this page. loading…
Silent fixes are maintainers who fixed the bug without commenting back.
Our recheck.py re-runs the original check every few hours and counts them automatically.
Verify yourself: github.com/search?author:Raffa-jarrl + "Security report". Same numbers, same source.
External attack-surface scanning, May 2026
The numbers above are GitHub-public disclosures. The blocks below are separate: direct-email disclosures from our external attack-surface scans, sent straight to the affected organisation's security contact or the cloud provider's abuse desk. Never to a GitHub issue, never to a public post. No victim names appear anywhere on this site.
Week 1 (May 19 to 22): External attack-surface scan
.js.map), HIGH tier after content-quality validation (initial scan flagged 292; 248 reclassified as framework boilerplate or stubs after anti-FP analysis)Week 2 (May 23 to 24): AI provider + cloud credential leak hunting
sk-proj-*) → OpenAI Security (triage assigned to engineer within hours)hf_*) → HuggingFace Securitysk-ant-api03-*) → Anthropic Securityphpinfo.php pages leaking PHP config (both running EOL PHP) → site owners directlyThe anti-FP rigor that's actually the product
Why these aren't in the GitHub stats: external attack-surface + credential-leak findings go to the organisation's security@, the cloud provider's abuse desk, or via vendor disclosure programmes (Immunefi, HackerOne, CERT, INCD, BSI, AWS / OpenAI / Google / Anthropic / HuggingFace / Replicate / DigitalOcean / Wasabi security teams). They are never published on GitHub. The CVD clock starts the day we send. Full breakdown by category at /in-the-wild.
Live site traffic (last 7 days)
Pulled from Cloudflare Analytics every hour. No Google Analytics. No third-party trackers. The same numbers we see in our dashboard.
loading site traffic…
Operating principles
The non-negotiables. If any future Lictor commit violates one of these, treat it as a bug and file an issue.
1. Never publish exploit details publicly
Every disclosure goes through GitHub’s private channels first: a direct issue with no specifics, or a Private Security Advisory if the repo supports it. The exact file/line/redacted key is only sent privately after the maintainer replies asking for details.
2. Hard cap: 50 contacts per day
The autonomous cron is rate-limited at the source. Even if our queue had 10,000 candidates, no more than 50 maintainers hear from us in any 24-hour window. Protects against runaway-loop failure modes and respects maintainer fatigue.
3. Manual verification before submission
Every queued candidate is re-verified before a contact-request goes out. A regex match alone is not enough. We fetch the raw file, check context for placeholders, decode JWTs to confirm role, validate against WAF/SPA-fallback false positives.
4. Retract publicly when we’re wrong
If a finding turns out to be a false positive, we add an apology comment to the original issue, close it, and ship the scanner fix the same day. We did this 8 times on May 17. We’ll do it again. See the public retraction templates →
5. No telemetry, no analytics, no tracking
The Claude Code skill is 100% local, with no network calls. The URL scanner sends only the URL you paste (necessary). The site itself has zero analytics scripts. We can’t see who uses Lictor, and we don’t want to.
6. Apache 2.0 forever
The license on the skill-suite repo is irrevocable. Even if Lictor gets acquired tomorrow, every commit through that moment stays free for anyone to fork. The license file is in /LICENSE.
Two pages that hold us accountable
Live receipts you can audit any time.
📜 Changelog
Every commit ever pushed to Lictor, fetched live from GitHub on each page load. No editorial gloss, just what we shipped, when, and what changed.
Read /changelog →🛑 Retractions
Every false positive we’ve ever sent. The apology. The scanner fix. Most security tools hide this. We publish it with names and links.
Read /retractions →What we deliberately don’t do
Just as important as what we do.
- ❌ We don’t scan internal/private repos. Every disclosure target is from public GitHub / GitLab / PyPI / npm / HuggingFace. Your private code is invisible to us.
- ❌ We don’t resell findings. No Lictor “intelligence feed”, no bug-bounty arbitrage, no selling lists to security vendors. Findings go to the maintainer + nobody else.
- ❌ We don’t do active exploitation: never authenticate, never write data, never trigger a vulnerability beyond reading what an unauthenticated request returns.
- ❌ We don’t name & shame. No public blog posts of the form “Look at this idiot startup with their leaked keys.” The exposures we find are anonymised here by category, not name (except where the maintainer publicly responded).
- ❌ We don’t accept paid disclosure embargoes. Companies sometimes offer to pay for an extended embargo. We don’t engage. Standard 30-day window applies to everyone equally.
- ❌ We don’t use bots to artificially boost stars / followers. Every star on github.com/Raffa-jarrl/Lictor-AI is a real human. If the count ever looks suspiciously high, blame organic discovery, not us.
The skill suite is open source. Read it yourself.
Everything the audit can flag on your code is publicly auditable. The internet-scale scanners run as a hosted service; the evidence rules they follow are documented on this site.
📜 The 4 skills
lictor-security-check / fix-it / explain / rotate, installable as one Claude Code plugin. Each is a markdown file you can read in 5 minutes.
Browse →✅ The 48 checks
Every check module the audit runs, each with a “what NOT to flag” guard, readable before you trust it.
Browse →🧪 The evidence rules
The false-positive classes every Lictor scanner filters, learned from real disclosures and triager responses.
Read →Spot something we’re doing wrong?
Open an issue, send us a DM, or just email. The door is open.
🗣 Voice / accuracy bug
If a finding sounded jargony or was a false positive: file an issue.
📧 Direct
For sensitive concerns: Raffa@Lictor-AI.com. Read within 24h, response within 48h.
🔒 Security in Lictor itself
For vulns in Lictor’s own code: use our PVR channel. Same standard we hold others to.