There's a few rudimentary security checks in place now, but the extension needs to ensure users have proper rights to access certain special pages.
Specifically, Special:NovaProject, and Special:NovaDomain should ensure a user is an admin, or have some special right.
Additionally, the current security checks aren't likely done in the normal MediaWiki style. This should be corrected.
Version: unspecified
Severity: major