Skip to content

Security: AkuchiS/AgentProof

Security

SECURITY.md

Security policy

These tools are built to run locally and offline — they don't phone home, require accounts, or transmit your data anywhere. That's the first line of defence. But no software is perfect, and a responsible report helps everyone.

Reporting a vulnerability

Please don't open a public issue for a security problem.

Report it privately through GitHub's built-in flow: go to the repository's Security tab → Report a vulnerability. That opens a private advisory only the maintainer can see.

When you report, include:

  • the affected tool and version,
  • what an attacker could do (impact),
  • the steps to reproduce it.

What to expect

  • An acknowledgement, typically within a few days.
  • An honest assessment — if it's real, we'll work on a fix and credit you (unless you'd rather stay anonymous).
  • If it's a hardening idea rather than an exploit, we may move it to a normal public issue with your okay.

Scope

In scope: the code in this repository. Out of scope: third-party services or software a tool merely installs or wraps (report those upstream), and social- engineering or physical attacks.

Thank you for helping keep these tools trustworthy.

There aren't any published security advisories