Last updated: May 12, 2026
Stellar Scope ("the Service") is a read-only portfolio-viewing prototype. This page describes how the Service handles user security and how to report a vulnerability.
The Service does not custody, hold, send, receive, or sign transactions involving your funds. All on-chain data it displays is fetched from publicly accessible endpoints (such as the Stellar Horizon API). There is no functionality within the Service that requires a private key.
If you use the optional "Connect Freighter" feature, signing — should any signing flow be added in the future — occurs entirely within the Freighter browser extension. The Service receives only the public address you authorize Freighter to share. The Service never sees, requests, or stores secret keys, recovery phrases, or signed-transaction material.
Traffic between your browser and the Service is served over HTTPS. Queries to the Stellar Horizon API and similar public data sources are also made over HTTPS.
The Service is open source. Its full source code is available for inspection at github.com/kebkoether/moonshot_bank. We encourage independent review.
The Service depends on third-party infrastructure including the Stellar Horizon API, public price oracles, and the Freighter wallet extension. Availability and correctness of displayed data depend on those services. The Service does not control, and is not responsible for, third-party security practices.
The Service is a hackathon-stage prototype. It has not undergone formal security audit. Users should treat all displayed information as informational, and should verify critical balances or transactions independently using a trusted explorer or wallet before relying on them.
If you believe you have found a security vulnerability in the Service, please report it by opening a private security advisory on the project's GitHub repository: github.com/kebkoether/moonshot_bank/security/advisories. Please do not disclose the issue publicly until it has been addressed.
If the Service displays unexpected balances or activity for a wallet you control, this is a display issue — not a movement of your funds. Verify the wallet's true state using a trusted source such as stellar.expert or your wallet of record. If you have questions, open an issue on GitHub.