We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:

Kubrick CLI undergoes comprehensive automated security scanning:

• CodeQL: GitHub's semantic code analysis engine scans for security vulnerabilities
• Bandit: Python security linter checks for common security issues
• Semgrep: Static analysis tool for detecting security vulnerabilities and bugs

• Safety: Checks Python dependencies against known security vulnerabilities
• Dependabot: Automated dependency updates for security patches

• Trivy: Comprehensive vulnerability scanner for Docker images
• Scans for OS packages, language-specific packages, and application dependencies
• Checks against CVE databases

• OSSF Scorecard: Automated security health metrics for open source projects
• Evaluates repository security practices

Please do not report security vulnerabilities through public GitHub issues.

If you discover a security vulnerability, please send an email to rcland12@gmail.com with:

1. Description: A clear description of the vulnerability
2. Impact: What could an attacker potentially do?
3. Steps to Reproduce: Detailed steps to reproduce the issue
4. Affected Versions: Which versions are affected?
5. Suggested Fix: If you have ideas on how to fix it (optional)

• Initial Response: Within 48 hours acknowledging receipt
• Status Update: Within 7 days with an assessment of the report
• Fix Timeline: Depends on severity and complexity
  • Critical: 1-7 days
  • High: 7-30 days
  • Medium: 30-90 days
  • Low: Handled in regular development cycle

Security fixes are released as patch versions (e.g., 0.1.5 → 0.1.6) and announced through:

• GitHub Security Advisories
• Release notes
• PyPI version updates

1. Keep Updated: Always use the latest version

   pip install --upgrade kubrick-cli

2. Review Code Generated by AI: Always review code before executing

   • Don't blindly run generated scripts
   • Verify file operations match expectations
   • Check tool calls for unexpected actions

3. Sandbox Untrusted Environments: Use Docker for isolation

   docker run --rm -it \
     --user $(id -u):$(id -g) \
     -v ${PWD}:/workspace \
     rcland12/kubrick-cli

4. Protect API Keys:

   • Never commit API keys to version control
   • Use environment variables or secure config files
   • Rotate keys regularly

5. Monitor Tool Execution: Pay attention to tool calls being made

   • Kubrick displays all tool calls before execution
   • Dangerous commands require confirmation (configurable)

1. Network Security:

   • Don't expose Triton/vLLM directly to the internet
   • Use localhost or internal networks
   • Consider using VPN/tunnels for remote access

2. Model Security:

   • Only use models from trusted sources
   • Verify model checksums/signatures
   • Keep model serving infrastructure updated

3. Access Control:

   • Implement authentication if exposing services
   • Use API keys or tokens
   • Monitor access logs

1. Dangerous Command Confirmation:

   • Configurable warnings for destructive operations
   • require_dangerous_command_confirmation setting
   • Defaults to enabled

2. File Size Limits:

   • max_file_size_mb prevents reading huge files
   • Prevents memory exhaustion attacks

3. Timeout Protections:

   • Tool execution timeouts
   • Agent loop timeouts
   • Prevents infinite loops

4. Input Validation:

   • Path traversal prevention
   • Safe file path handling
   • Parameter validation

{
  "require_dangerous_command_confirmation": true,
  "tool_timeout_seconds": 30,
  "max_file_size_mb": 10,
  "max_iterations": 15,
  "total_timeout_seconds": 600
}

• LLM Hallucinations: AI may generate plausible but incorrect/insecure code
• Injection Vulnerabilities: Always validate AI-generated code
• Unintended Side Effects: Review tool calls and code changes

1. Always Review: Inspect generated code before execution
2. Use Version Control: Commit before major operations
3. Test in Safe Environments: Use Docker or VMs for testing
4. Enable Confirmations: Keep dangerous command warnings enabled

We monitor dependencies for security vulnerabilities:

• Automated Updates: Dependabot submits PRs for security patches
• Safety Checks: CI pipeline checks dependencies against vulnerability databases
• Minimal Dependencies: We keep dependencies minimal to reduce attack surface

Current dependencies:

• rich - Terminal formatting (well-maintained, widely used)
• prompt_toolkit - Interactive CLI (well-maintained, widely used)

Our Docker images:

• Based on official Python slim images
• Scanned by Trivy for vulnerabilities
• Multi-arch builds (amd64, arm64)
• Non-root user by default
• Regular rebuilds to incorporate OS patches

• OWASP: We follow OWASP secure coding practices
• CWE: Code is checked against Common Weakness Enumeration
• CVE: Dependencies monitored against CVE databases
• OSSF: Project follows OpenSSF best practices

For security inquiries: rcland12@gmail.com

For general support: GitHub Issues

• We practice responsible disclosure
• Security fixes are released before public disclosure
• We acknowledge security researchers in release notes (if desired)
• We do not run a bug bounty program at this time

We appreciate security researchers who responsibly disclose vulnerabilities:

Last Updated: January 2026 Policy Version: 1.0