Zooin Shell is a local desktop app that delegates work to installed CLI engines. Because it can help run commands on a user's machine, security reports are taken seriously.

The project is currently pre-1.0. Security fixes will target the latest main branch.

Please do not open a public issue for vulnerabilities that could cause data loss, command injection, credential exposure, or unsafe execution.

Instead, contact the maintainer privately through GitHub. Include:

• A clear description of the issue
• Steps to reproduce
• Affected OS
• Whether Codex CLI, Claude Code, or app-level safety checks are involved
• Any relevant logs with secrets removed

In scope:

• Unsafe command execution behavior
• Confirmation bypasses
• Prompt or IPC paths that allow unintended destructive actions
• Accidental exposure of credentials or local secrets

Out of scope:

• Vulnerabilities in Codex CLI or Claude Code themselves
• User-approved commands that behave as documented
• General model hallucination reports without an actionable app-level mitigation