Resources

Security

How Dravo Hood handles credentials and protects its surfaces.


Dravo Hood is a read-oriented intelligence platform. It does not custody funds, request wallet connections, or execute transactions on your behalf, which keeps its security surface deliberately small.

Credential handling

  • AI and provider credentials live only in server-side environment configuration.
  • All AI calls happen on the server; API keys never reach the browser.
  • Internal errors are logged server-side only — response bodies, headers, keys, and system prompts are never exposed to the client.

Your responsibility

Dravo helps you verify contracts, but the decision to interact with one is yours. Use Inspect to confirm verification, ownership, and permissions before trusting any deployment, and confirm token addresses against official documentation.

Report a concern

If you believe you have found a security issue, reach the team through the official channels listed on the Contact page.