← Back to Stellar Scope

Security

Last updated: May 12, 2026

Stellar Scope ("the Service") is a read-only portfolio-viewing prototype. This page describes how the Service handles user security and how to report a vulnerability.

The Service will never ask you for your secret key or recovery phrase. If anything claiming to be the Service ever requests this information, do not provide it.

1. Read-Only by Design

The Service does not custody, hold, send, receive, or sign transactions involving your funds. All on-chain data it displays is fetched from publicly accessible endpoints (such as the Stellar Horizon API). There is no functionality within the Service that requires a private key.

2. Wallet Connection (Freighter)

If you use the optional "Connect Freighter" feature, signing — should any signing flow be added in the future — occurs entirely within the Freighter browser extension. The Service receives only the public address you authorize Freighter to share. The Service never sees, requests, or stores secret keys, recovery phrases, or signed-transaction material.

3. Transport Security

Traffic between your browser and the Service is served over HTTPS. Queries to the Stellar Horizon API and similar public data sources are also made over HTTPS.

4. Open Source

The Service is open source. Its full source code is available for inspection at github.com/kebkoether/moonshot_bank. We encourage independent review.

5. Third-Party Risk

The Service depends on third-party infrastructure including the Stellar Horizon API, public price oracles, and the Freighter wallet extension. Availability and correctness of displayed data depend on those services. The Service does not control, and is not responsible for, third-party security practices.

6. Prototype Status

The Service is a hackathon-stage prototype. It has not undergone formal security audit. Users should treat all displayed information as informational, and should verify critical balances or transactions independently using a trusted explorer or wallet before relying on them.

7. Reporting a Vulnerability

If you believe you have found a security vulnerability in the Service, please report it by opening a private security advisory on the project's GitHub repository: github.com/kebkoether/moonshot_bank/security/advisories. Please do not disclose the issue publicly until it has been addressed.

8. What to Do If Something Looks Wrong

If the Service displays unexpected balances or activity for a wallet you control, this is a display issue — not a movement of your funds. Verify the wallet's true state using a trusted source such as stellar.expert or your wallet of record. If you have questions, open an issue on GitHub.