Security Report

Cross-platform security posture and issue tracking

Overall Security Score

Aggregate of all security checks across 13 platforms

81%

Open Issues

Being Fixed

Critical

High

Cross-Platform Matrix

Platform	CSRF Protection	Rate Limiting	Input Validation	Encryption	Security Headers	Auth / Session	Issues
Nox	✓	✓	○	○	✓	✓	15
BYND	✓	✓	✓	✓	✓	✓	1
Veil	✓	✓	✓	✓	✓	✓	2
Veritas	✓	✓	✓	○	✓	✓	3
Heal	✓	✓	✓	✓	✓	✓	1
Auth	✓	✓	✓	—	✓	✓	0
TuneNest	✓	✗	○	○	○	✓	6
VibeVerse	✓	✗	✓	○	○	✓	4
ReelRoom	✓	✗	○	○	○	✓	4
StreamSpace	✓	✗	✓	✓	○	✓	6
InkWell	✓	✗	✓	○	○	✓	5
SVRN Economics	✓	✓	✓	✓	○	✓	1
Agent Platform	○	○	○	○	○	✓	6

Platform Breakdown

Nox83%

High

✓CSRF Protection✓Rate Limiting○Input Validation✓Security Headers✓Auth / Session○Encryption

15 open issues

HighNo request size limits on file upload routesOpen

HighAdmin routes lack additional authorization checksOpen

HighNo audit logging for sensitive operationsOpen

+12 more →

BYND100%

✓CSRF Protection✓Rate Limiting✓Input Validation✓Encryption✓Security Headers✓Auth / Session

1 open issue

LowNo rate limiting on WebSocket reconnectionsOpen

Veil100%

✓CSRF Protection✓Rate Limiting✓Input Validation✓Encryption✓Security Headers✓Auth / Session

2 open issues

MediumExport data feature is stub — privacy compliance gapOpen

LowNo key rotation mechanism for encryption keysOpen

Veritas92%

✓CSRF Protection✓Rate Limiting✓Input Validation✓Security Headers✓Auth / Session○Encryption

3 open issues

MediumNo admin dashboard for content moderationOpen

MediumMissing moderation queue for user commentsOpen

LowNo analytics or usage trackingOpen

Heal100%

✓CSRF Protection✓Rate Limiting✓Input Validation✓Encryption✓Security Headers✓Auth / Session✓PHI Audit Trail

1 open issue

LowNo automated HIPAA compliance scanningOpen

Auth100%

No issues

✓CSRF Protection✓Rate Limiting✓Input Validation✓Security Headers✓Auth / Session✓CORS

TuneNest58%

CriticalHigh

✓CSRF Protection✗Rate Limiting○Input Validation○Security Headers✓Auth / Session○Encryption

6 open issues

CriticalNo rate limiting — AI endpoints can be abused (expensive Anthropic calls)Open

HighMissing CSP header — XSS risk on public profilesOpen

HighNo server-side file type verification — relies on extension onlyOpen

+3 more →

VibeVerse67%

CriticalHigh

✓CSRF Protection✗Rate Limiting✓Input Validation○Security Headers✓Auth / Session○Encryption

4 open issues

CriticalNo rate limiting on API routesOpen

HighMissing CSP headerOpen

MediumCORS set to * on agent-actions and llms.txtOpen

+1 more →

ReelRoom58%

CriticalHigh

✓CSRF Protection✗Rate Limiting○Input Validation○Security Headers✓Auth / Session○Encryption

4 open issues

CriticalNo rate limiting on API routesOpen

HighMissing CSP and HSTS headersOpen

Highoptimize-image accepts bucket param — potential path traversalOpen

+1 more →

StreamSpace75%

CriticalHigh

✓CSRF Protection✗Rate Limiting✓Input Validation○Security Headers✓Auth / Session✓Encryption

6 open issues

CriticalNo rate limiting on API routesOpen

HighMissing CSP headerOpen

HighCORS * on agent-actions endpointOpen

+3 more →

InkWell67%

CriticalHigh

✓CSRF Protection✗Rate Limiting✓Input Validation○Security Headers✓Auth / Session○Encryption

5 open issues

CriticalNo rate limiting — auth, tips, and content endpoints unprotectedOpen

HighMissing CSP headerOpen

HighCORS * on agent-actions endpointOpen

+2 more →

SVRN Economics92%

✓CSRF Protection✓Rate Limiting✓Input Validation○Security Headers✓Auth / Session✓Encryption

1 open issue

LowNo custom security headers configured (relying on Vercel defaults)Open

Agent Platform58%

High

○CSRF Protection○Rate Limiting○Input Validation○Security Headers✓Auth / Session○Encryption

6 open issues

HighCSRF protection unclear — POST endpoints lack documented CSRF mitigationOpen

HighRate limiting thresholds not documentedOpen

HighToken rotation/expiry/revocation not documentedOpen

+3 more →