Skip to content

Add security.md and update readme/faq with some up to date security info #220

Merged
wonderwhy-er merged 1 commit into
mainfrom
update-security-related-info
Aug 22, 2025
Merged

Add security.md and update readme/faq with some up to date security info #220
wonderwhy-er merged 1 commit into
mainfrom
update-security-related-info

Conversation

@wonderwhy-er

@wonderwhy-er wonderwhy-er commented Aug 22, 2025

Copy link
Copy Markdown
Owner

Summary by CodeRabbit

  • Documentation
    • Overhauled security guidance to clearly outline known limitations and possible bypass vectors.
    • Added a Security Policy page with a defined vulnerability reporting process and disclosure timeline.
    • Introduced production hardening guidance recommending Docker-based isolation and selective folder mounting.
    • Clarified that directory restrictions apply to filesystem operations only and that command blocking has known bypasses.
    • Added a section on local-only usage analytics (stored on-device, not sent externally).
    • Expanded configuration guidance with examples for viewing and updating settings, including directory access controls.

@coderabbitai

coderabbitai Bot commented Aug 22, 2025

Copy link
Copy Markdown
Contributor

Walkthrough

Documentation updates clarify security limitations, add a new SECURITY.md with reporting guidance, expand README security warnings and usage analytics details, and revise FAQ sections on permissions and fileWriteLineLimit with configuration examples and Docker-based production guidance. No code or public API changes.

Changes

Cohort / File(s) Summary of Changes
Security policy and reporting
SECURITY.md
Added new security policy: guardrail stance, known limitations, Docker isolation guidance, disclosure/reporting process, contacts, and timestamp.
README security, reporting, and config
README.md
Reworked security warnings; added vulnerability reporting links; clarified allowedDirectories scope; added production Docker guidance; introduced local-only usage analytics; added get/set config examples.
FAQ security and limits
FAQ.md
Rewrote security/permissions to emphasize known bypasses; added vulnerability reporting and production Docker path; expanded fileWriteLineLimit rationale and configuration with chunking guidance.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • serg33v

Poem

I thump my paws on parchment bright,
New scrolls of caution, set to light—
Docker burrows, safe and snug,
Report our holes, give bugs a tug.
We nibble docs, refine the lore—
Hop secure, and write some more! 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch update-security-related-info

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🧹 Nitpick comments (3)
SECURITY.md (2)

31-31: Optional: add light SLA to disclosure timeline

Consider committing to rough timelines (e.g., “acknowledge within 7 days; initial assessment within 14 days”) to set expectations for researchers.


40-40: Update the “Last updated” timestamp to reflect this PR

The file is added now; January 2025 is stale.

-*Last updated: January 2025*
+*Last updated: August 2025*
FAQ.md (1)

389-390: Clarify and link to the correct Docker section

Also adjust language to “strong isolation boundary” and add the cross-file link.

-Directory access controls exist but have known bypass vulnerabilities. For secure usage, we recommend the Docker installation which provides complete isolation with controlled folder mounting.
+Directory access controls exist but have known bypass vectors. For secure usage, we recommend the Docker installation for a strong isolation boundary with controlled folder mounting. See [Docker installation](README.md#docker-installation).
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 218531b and 9cdcd4a.

📒 Files selected for processing (3)
  • FAQ.md (1 hunks)
  • README.md (2 hunks)
  • SECURITY.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
SECURITY.md

[grammar] ~9-~9: There might be a mistake here.
Context: ...d) in our README for setup instructions. ## Reporting Vulnerabilities 1. **Create a ...

(QB_NEW_EN)


[grammar] ~22-~22: There might be a mistake here.
Context: ... project has known security limitations: - Directory restrictions can be bypassed v...

(QB_NEW_EN)


[grammar] ~27-~27: There might be a mistake here.
Context: ...s-no-nodejs-required) for setup details. ## Disclosure Timeline As a startup focused...

(QB_NEW_EN)


[grammar] ~35-~35: There might be a mistake here.
Context: .../wonderwhy-er/DesktopCommanderMCP/issues - Discord Community: https://discord.gg/...

(QB_NEW_EN)

FAQ.md

[grammar] ~385-~385: There might be a mistake here.
Context: ...omplete isolation from your host system. ### Can I control which directories Claude ca...

(QB_NEW_EN)

README.md

[grammar] ~576-~576: There might be a mistake here.
Context: ...omplete isolation from your host system. ### Configuration Tools You can manage serve...

(QB_NEW_EN)

🪛 markdownlint-cli2 (0.17.2)
SECURITY.md

33-33: Link fragments should be valid

(MD051, link-fragments)


35-35: Link fragments should be valid

(MD051, link-fragments)

README.md

576-576: Link fragments should be valid

(MD051, link-fragments)

🔇 Additional comments (2)
SECURITY.md (1)

22-27: Good: candid list of current limitations

Clear articulation of bypass vectors is helpful and consistent with README/FAQ messaging. No changes needed.

FAQ.md (1)

393-399: Inconsistency: “blocked by default” vs. “doesn't have a pre-defined blocklist”

This section says dangerous commands are blocked by default, but the next paragraph (Line 399 onward) states there is no predefined blocklist. Please reconcile and document the actual behavior (e.g., “no default blocklist; users can configure via block_command/unblock_command”).

Comment thread FAQ.md
Comment on lines +375 to 386
> **Important**: For current security limitations and vulnerability reporting, see our [Security Policy](SECURITY.md).

### Is it safe to give Claude access to my file system?

Claude Desktop Commander operates within certain safety boundaries:
Claude Desktop Commander has known security limitations:

- While file restrictions are currently disabled, Claude typically only works with files in folders you specifically direct it to
- Directory restrictions can be bypassed via symlinks and terminal commands
- Command blocking can be bypassed via command substitution and absolute paths
- Claude can only perform actions that your user account has permission to do
- No data is sent to external servers beyond what you share in Claude conversations

> **Note:** Command blocking features are still in development. You should always review the actions Claude proposes before allowing it to make system changes, especially when working with important files or system configurations.
> **For production use requiring security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) with selective folder mounting for complete isolation from your host system.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix broken in-page link (points to FAQ instead of README) and soften isolation claim

The link currently points to a non-existent anchor within FAQ and uses an emoji fragment. Point to README’s stable anchor and avoid “complete isolation”.

-> **Important**: For current security limitations and vulnerability reporting, see our [Security Policy](SECURITY.md).
+> **Important**: For current security limitations and vulnerability reporting, see our [Security Policy](SECURITY.md).
@@
-> **For production use requiring security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) with selective folder mounting for complete isolation from your host system.
+> **For production use requiring security**: Use the [Docker installation](README.md#docker-installation) with selective folder mounting for a strong isolation boundary from your host system.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
> **Important**: For current security limitations and vulnerability reporting, see our [Security Policy](SECURITY.md).
### Is it safe to give Claude access to my file system?
Claude Desktop Commander operates within certain safety boundaries:
Claude Desktop Commander has known security limitations:
- While file restrictions are currently disabled, Claude typically only works with files in folders you specifically direct it to
- Directory restrictions can be bypassed via symlinks and terminal commands
- Command blocking can be bypassed via command substitution and absolute paths
- Claude can only perform actions that your user account has permission to do
- No data is sent to external servers beyond what you share in Claude conversations
> **Note:** Command blocking features are still in development. You should always review the actions Claude proposes before allowing it to make system changes, especially when working with important files or system configurations.
> **For production use requiring security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) with selective folder mounting for complete isolation from your host system.
> **Important**: For current security limitations and vulnerability reporting, see our [Security Policy](SECURITY.md).
### Is it safe to give Claude access to my file system?
Claude Desktop Commander has known security limitations:
- Directory restrictions can be bypassed via symlinks and terminal commands
- Command blocking can be bypassed via command substitution and absolute paths
- Claude can only perform actions that your user account has permission to do
> **For production use requiring security**: Use the [Docker installation](README.md#docker-installation) with selective folder mounting for a strong isolation boundary from your host system.
🧰 Tools
🪛 LanguageTool

[grammar] ~385-~385: There might be a mistake here.
Context: ...omplete isolation from your host system. ### Can I control which directories Claude ca...

(QB_NEW_EN)

🤖 Prompt for AI Agents
In FAQ.md around lines 375 to 386, the in-page link currently points to an FAQ
anchor with emoji and should instead point to the README's stable anchor; update
the link to README.md#option-6-docker-installation (remove emoji from fragment)
and replace the phrase "for complete isolation from your host system" with a
softened claim such as "for greater isolation from your host system" (or similar
wording) to avoid the absolute guarantee.

Comment thread FAQ.md
Comment on lines +396 to +398

Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for full guidelines.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Align vulnerability reporting with private disclosure

Switch to GitHub’s private reporting.

-Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for full guidelines.
+Please use GitHub's "Report a vulnerability" in the repository Security tab to submit a private advisory with detailed information. See our [Security Policy](SECURITY.md) for full guidelines.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for full guidelines.
Please use GitHub’s “Report a vulnerability” in the repository Security tab to submit a private advisory with detailed information. See our [Security Policy](SECURITY.md) for full guidelines.
🤖 Prompt for AI Agents
In FAQ.md around lines 396-398, replace the public "create a GitHub Issue"
instruction with a directive to use GitHub's private security reporting
(repository security advisories) — update the sentence to point readers to the
repo's Security Policy page and to file a private report via the repository's
security contact/advisory flow (e.g. link to /security/policy and
/security/advisories/new) so vulnerabilities are reported privately rather than
as a public issue.

Comment thread README.md
Comment on lines +568 to +576
> **For comprehensive security information and vulnerability reporting**: See [SECURITY.md](SECURITY.md)

2. **The `allowedDirectories` setting currently only restricts filesystem operations**, not terminal commands. Terminal commands can still access files outside allowed directories. Full terminal sandboxing is on the roadmap.
1. **Known security limitations**: Directory restrictions and command blocking can be bypassed through various methods including symlinks, command substitution, and absolute paths or code execution

2. **Always change configuration in a separate chat window** from where you're doing your actual work. Claude may sometimes attempt to modify configuration settings (like `allowedDirectories`) if it encounters filesystem access restrictions.

3. **The `allowedDirectories` setting currently only restricts filesystem operations**, not terminal commands. Terminal commands can still access files outside allowed directories.

4. **For production security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) which provides complete isolation from your host system.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix invalid self-link anchor and soften isolation language

  • The emoji-based fragment violates MD051; point to a stable custom anchor.
  • Avoid “complete isolation” phrasing; remind users to mount selectively/read‑only.
-4. **For production security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) which provides complete isolation from your host system.
+4. **For production security**: Use the [Docker installation](#docker-installation) for a strong isolation boundary. Mount only the folders you need (prefer read-only binds) to limit host exposure.

Add a stable anchor right before the “Option 6” heading (outside this hunk):

<a id="docker-installation"></a>
🧰 Tools
🪛 LanguageTool

[grammar] ~576-~576: There might be a mistake here.
Context: ...omplete isolation from your host system. ### Configuration Tools You can manage serve...

(QB_NEW_EN)

🪛 markdownlint-cli2 (0.17.2)

576-576: Link fragments should be valid

(MD051, link-fragments)

🤖 Prompt for AI Agents
In README.md around lines 568 to 576, the self-link uses an emoji-based fragment
that violates MD051 and the text overstates Docker as providing "complete
isolation"; add a stable anchor id just before the "Option 6" heading (e.g.
id="docker-installation"), update the link target in this section to point to
that new "#docker-installation" anchor, and soften the wording by replacing
"complete isolation from your host system" with a recommendation that Docker
provides stronger isolation but users should still selectively mount and prefer
read-only mounts for sensitive data.

💡 Verification agent

🧩 Analysis chain

Verify anchor fixes repo-wide

Run this to ensure the new anchor exists and no emoji-based fragments remain:


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Check that explicit Docker anchor exists in README:"
rg -n 'id="docker-installation"' README.md || { echo "Missing explicit anchor id"; exit 1; }

echo "Ensure no outdated emoji fragment links remain:"
if rg -n 'option-6-docker-installation' SECURITY.md README.md FAQ.md; then
  echo "Found outdated fragments above; replace them with '#docker-installation' or 'README.md#docker-installation'"
  exit 1
else
  echo "No outdated fragments found."
fi

echo "References to README.md#docker-installation:"
rg -n 'README\.md#docker-installation' SECURITY.md FAQ.md README.md || true

Length of output: 249


Add explicit Docker installation anchor and replace outdated fragment links

The verification script confirmed that README.md is missing the required <a id="docker-installation"></a> anchor, so all links targeting #docker-installation will break. Please:

  • Insert the anchor immediately before the “Option 6: Docker installation” heading in README.md. For example:
    ## Option 6: Docker installation 🐳 ⭐ – auto-updates, no NodeJS required
    +<a id="docker-installation"></a>
  • Update the link in your security section (currently using the emoji-based fragment) from:
    [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required)
    to:
    [Docker installation](#docker-installation)
  • Search SECURITY.md and FAQ.md for any remaining option-6-docker-installation references and replace them with either #docker-installation or README.md#docker-installation.

These changes are required to restore correct navigation and ensure the new anchor functions as intended.

🧰 Tools
🪛 LanguageTool

[grammar] ~576-~576: There might be a mistake here.
Context: ...omplete isolation from your host system. ### Configuration Tools You can manage serve...

(QB_NEW_EN)

🪛 markdownlint-cli2 (0.17.2)

576-576: Link fragments should be valid

(MD051, link-fragments)

🤖 Prompt for AI Agents
In README.md around lines 568 to 576, the Docker installation anchor referenced
by links is missing which breaks navigation; insert an explicit anchor tag <a
id="docker-installation"></a> immediately before the "Option 6: Docker
installation" heading, change the security section link from the emoji-based
fragment to [Docker installation](#docker-installation), and then search
SECURITY.md and FAQ.md for any references to "option-6-docker-installation" and
replace them with either "#docker-installation" or
"README.md#docker-installation" as appropriate to restore correct navigation.

Comment thread README.md
Comment on lines +863 to +865
### How do I report security vulnerabilities?
Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for complete guidelines on responsible disclosure.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Align vulnerability reporting with private disclosure

Route users to GitHub’s private advisory flow rather than public issues.

-Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for complete guidelines on responsible disclosure.
+Please use GitHub's "Report a vulnerability" flow (Security tab) to submit a private advisory with detailed information. See our [Security Policy](SECURITY.md) for complete guidelines on responsible disclosure.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
### How do I report security vulnerabilities?
Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for complete guidelines on responsible disclosure.
### How do I report security vulnerabilities?
Please use GitHub's "Report a vulnerability" flow (Security tab) to submit a private advisory with detailed information. See our [Security Policy](SECURITY.md) for complete guidelines on responsible disclosure.
🤖 Prompt for AI Agents
In README.md around lines 863 to 865, the guidance currently instructs users to
file a public GitHub Issue for security vulnerabilities; change this to direct
reporters to GitHub’s private security advisory flow (or to the repository's
SECURITY.md private disclosure instructions). Update the text and link so it
points to the repository’s private security reporting channel (e.g., "Report
security vulnerabilities via GitHub Security Advisories" or a direct link to the
repo's private advisory/reporting page) and ensure SECURITY.md is referenced for
full disclosure instructions.

Comment thread SECURITY.md
Comment on lines +5 to +10
Desktop Commander is designed for human users working with AI assistants like Claude. The security restrictions built into the tool are primarily **guardrails to help the AI model** avoid actions the user didn't intend, rather than hardened security boundaries.

**Security is not currently our top priority** - we haven't heard significant demand from users for stronger security controls. We take **user needs seriously**, so if you need better security controls for your specific use case, please contact the team to discuss your requirements.

**For users who need security**: We recommend using Desktop Commander with Docker, which provides complete isolation. See the [Docker installation section](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) in our README for setup instructions.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Avoid absolute “complete isolation” claim and fix invalid README anchor fragment

  • “Complete isolation” is misleading when users mount host folders; prefer “strong isolation boundary” and recommend selective, read-only mounts.
  • The link fragment with emojis is invalid on GitHub (MD051). Switch to a stable custom anchor and reference that.

Apply:

-**For users who need security**: We recommend using Desktop Commander with Docker, which provides complete isolation. See the [Docker installation section](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) in our README for setup instructions.
+**For users who need security**: We recommend running Desktop Commander in Docker, which provides a strong isolation boundary when used with selective folder mounts. Avoid mounting broad host paths and prefer read-only binds (e.g., `-v /path:/mnt/path:ro`) where possible. See the [Docker installation section](README.md#docker-installation) in our README for setup instructions.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Desktop Commander is designed for human users working with AI assistants like Claude. The security restrictions built into the tool are primarily **guardrails to help the AI model** avoid actions the user didn't intend, rather than hardened security boundaries.
**Security is not currently our top priority** - we haven't heard significant demand from users for stronger security controls. We take **user needs seriously**, so if you need better security controls for your specific use case, please contact the team to discuss your requirements.
**For users who need security**: We recommend using Desktop Commander with Docker, which provides complete isolation. See the [Docker installation section](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) in our README for setup instructions.
Desktop Commander is designed for human users working with AI assistants like Claude. The security restrictions built into the tool are primarily **guardrails to help the AI model** avoid actions the user didn't intend, rather than hardened security boundaries.
**Security is not currently our top priority** - we haven't heard significant demand from users for stronger security controls. We take **user needs seriously**, so if you need better security controls for your specific use case, please contact the team to discuss your requirements.
**For users who need security**: We recommend running Desktop Commander in Docker, which provides a strong isolation boundary when used with selective folder mounts. Avoid mounting broad host paths and prefer read-only binds (e.g., `-v /path:/mnt/path:ro`) where possible. See the [Docker installation section](README.md#docker-installation) in our README for setup instructions.
🧰 Tools
🪛 LanguageTool

[grammar] ~9-~9: There might be a mistake here.
Context: ...d) in our README for setup instructions. ## Reporting Vulnerabilities 1. **Create a ...

(QB_NEW_EN)

🤖 Prompt for AI Agents
In SECURITY.md around lines 5 to 10, the text currently claims “complete
isolation” and links to an invalid README emoji fragment; change the wording to
avoid absolute claims by replacing “complete isolation” with “a strong isolation
boundary” and add a recommendation to use selective, minimal host mounts and
prefer read-only mounts where possible; also update the link to point to a
stable custom anchor in the README (e.g., README.md#docker-installation) and
ensure the README contains that exact anchor id so the reference is valid on
GitHub.

Comment thread SECURITY.md
Comment on lines +13 to +19
1. **Create a GitHub Issue** with detailed information
2. **Label it as security-related** for visibility
3. **Include technical details** and proof of concept if possible
4. **Request attribution** if you'd like to be credited in any future advisories

We will acknowledge reports and provide context as needed.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Use private vulnerability reporting (GitHub Security tab) instead of public issues

Public GitHub Issues for vulns risk 0‑day exposure. Prefer GitHub’s private “Report a vulnerability” workflow.

-1. **Create a GitHub Issue** with detailed information
-2. **Label it as security-related** for visibility  
-3. **Include technical details** and proof of concept if possible
-4. **Request attribution** if you'd like to be credited in any future advisories
-
-We will acknowledge reports and provide context as needed.
+1. **Use GitHub's "Report a vulnerability"** (Security tab) to submit a private advisory
+2. **Include technical details** and a proof of concept if possible
+3. **State desired attribution** if you'd like to be credited in any future advisories
+4. If private reporting is unavailable, contact us on Discord to coordinate a secure channel before disclosure
+
+We will acknowledge reports within 7 days and provide context as needed.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
1. **Create a GitHub Issue** with detailed information
2. **Label it as security-related** for visibility
3. **Include technical details** and proof of concept if possible
4. **Request attribution** if you'd like to be credited in any future advisories
We will acknowledge reports and provide context as needed.
1. **Use GitHub's "Report a vulnerability"** (Security tab) to submit a private advisory
2. **Include technical details** and a proof of concept if possible
3. **State desired attribution** if you'd like to be credited in any future advisories
4. If private reporting is unavailable, contact us on Discord to coordinate a secure channel before disclosure
We will acknowledge reports within 7 days and provide context as needed.
🤖 Prompt for AI Agents
In SECURITY.md around lines 13 to 19, replace the guidance that asks reporters
to "Create a GitHub Issue" with instructions to use GitHub's private
vulnerability reporting channels: instruct reporters to use the repository's
"Security" → "Report a vulnerability" workflow (or the GitHub Security
Advisory/private report flow) or send sensitive reports to the designated
security contact (e.g., security@yourdomain) instead of opening a public issue,
and update the remaining steps to reference the private report flow (labeling,
technical details/PoC, and attribution requests) so that disclosure happens
privately.

Comment thread SECURITY.md
Comment on lines +27 to +28
**For production use requiring security**: Use Docker installation with selective folder mounting for complete isolation. See [Docker installation instructions](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) for setup details.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Repeat: soften “complete isolation” and fix README link fragment

Mirror the earlier phrasing, and switch to the stable anchor.

-**For production use requiring security**: Use Docker installation with selective folder mounting for complete isolation. See [Docker installation instructions](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) for setup details.
+**For production use requiring security**: Use the Docker installation with selective folder mounting for a strong isolation boundary. See [Docker installation instructions](README.md#docker-installation) for setup details.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
**For production use requiring security**: Use Docker installation with selective folder mounting for complete isolation. See [Docker installation instructions](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) for setup details.
**For production use requiring security**: Use the Docker installation with selective folder mounting for a strong isolation boundary. See [Docker installation instructions](README.md#docker-installation) for setup details.
🧰 Tools
🪛 LanguageTool

[grammar] ~27-~27: There might be a mistake here.
Context: ...s-no-nodejs-required) for setup details. ## Disclosure Timeline As a startup focused...

(QB_NEW_EN)

🤖 Prompt for AI Agents
In SECURITY.md around lines 27-28, the sentence overstates Docker as providing
"complete isolation" and uses an unstable README fragment; mirror the earlier
softer phrasing (e.g., "for improved isolation" or "for stronger isolation")
instead of "complete isolation" and update the README link to the stable anchor
(replace the current fragment with "#option-6-docker-installation" or the
canonical anchor used elsewhere in the repo) so the sentence reads consistently
and links reliably.

@wonderwhy-er wonderwhy-er merged commit 9747fc3 into main Aug 22, 2025
2 checks passed
@wonderwhy-er wonderwhy-er deleted the update-security-related-info branch September 10, 2025 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant