| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability, please send an email to the maintainers. All security vulnerabilities will be promptly addressed.
Please include the following:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
When deploying Agentbot:
- Never commit API keys - Use environment variables
- Restrict database access - Use strong passwords and limit network access
- Enable HTTPS - Always use TLS in production
- Monitor access logs - Watch for unusual activity
- Keep dependencies updated - Regularly update npm packages
Each agent runs in an isolated Docker container with:
- No persistent network access
- Limited file system permissions
- Resource limits (CPU/memory)
- No access to host system
Users provide their own AI API keys. Agentbot does not store or have access to these keys beyond the agent runtime.