docs/security.md

# Security & privacy

## Principles
- Read‑only: tools never send Authorization headers
- Respect gated/private resources and label them as not accessible
- Don’t log secrets; `HF_TOKEN` is only for the inference model

## Details
- Tools normalize `visibility` and `access` fields
- The Report view renders HTML in memory; no report files are saved


## Scope
- No write operations to the Hub
- Only public endpoints and domain‑restricted search are used