The should be NOSTR teams that friendly hack each other's apps to find vulnerabilities and report any to the creators.  It would be good practice for the integrity of the protocol.