Statement of Work
$1,000 Agent/MCP Audit Sprint Terms
These terms are designed for a compact async engineering review. They set clear scope, payment, delivery, and data-handling expectations before private work begins.
Included
| Boundary map | Tools, transports, credentials, external APIs, write actions, destructive paths, and privileged operations. |
| Risk findings | Ranked issues with evidence, affected files, impact, and practical remediation path. |
| Test plan | Focused tests for schema parsing, auth gates, secret redaction, write-mode defaults, and transport assumptions. |
| Launch notes | What to fix now, what to monitor, and what can safely wait. |
Not Included
- Implementing fixes, unless separately agreed.
- Legal, financial, compliance, SOC 2, or penetration-test certification.
- Handling private keys, cookies, production credentials, or raw sensitive customer data.
- Emergency incident response or live production operations.
- More than one repo/product slice in the same sprint.
Payment And Start
Open the intake issue first. After scope is accepted, pay USD $1,000 equivalent via the selected network and asset, then submit the transaction hash through the payment proof form. Accepted crypto paths are ETH or ERC-20 USDC/USDT/DAI on Ethereum, and SOL or SPL USDC on Solana. If an invoice-first flow is needed, raise that before payment so the exact payment method and billing details are agreed before work starts. The 48-hour target starts after payment confirmation and scope acceptance.
0xa7F2235a77FBc4eCcbF60923BCDF6Df74eC710FF
5CjUaMAsbXx2Hjczwoqi4MChTU1KjfUzbdiwPqZeceVM
Confidentiality And Data Handling
Do not paste secrets, private keys, cookies, customer data, production logs with sensitive values, or live credentials into GitHub issues. For private code or private docs, share only the minimum access needed and remove access after delivery.
Delivery
Delivery is a Markdown report unless otherwise agreed in the intake issue. The report can be public or private depending on the buyer's preference and repository sensitivity.