| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| < 0.2 | ❌ |
ZeptoClaw implements defense-in-depth:
- Runtime Isolation — Configurable Native, Docker, or Apple Container runtimes for shell execution
- Containerized Gateway — Full agent isolation per request with semaphore concurrency limiting
- Shell Blocklist — Regex patterns blocking dangerous commands (rm -rf, reverse shells, etc.)
- Path Traversal Protection — Symlink escape detection, workspace-scoped filesystem tools
- SSRF Prevention — DNS pre-resolution against private IPs, redirect host validation
- Input Validation — URL path injection prevention, spreadsheet ID validation, mount allowlist
- Rate Limiting — Cron job caps (50 active, 60s minimum interval), spawn recursion prevention
See src/security/ for implementation details.
If you discover a security vulnerability, please report it responsibly:
- Email: admin@aisar.ai
- Do not open a public GitHub issue for security vulnerabilities
- Include steps to reproduce, affected versions, and potential impact
Response timeline:
- Acknowledgment: within 48 hours
- Assessment: within 7 days
- Fix or mitigation: within 30 days for critical issues
The following are in scope for security reports:
- Shell command injection bypassing the blocklist
- Path traversal escaping the workspace sandbox
- SSRF bypassing private IP checks
- Container escape vulnerabilities
- Plugin system sandbox bypasses
- Authentication/authorization issues in channels
- Vulnerabilities in upstream dependencies (report to the dependency maintainer)
- Issues requiring physical access to the host machine
- Social engineering attacks