| Version | Supported |
|---|---|
| 1.x.x | ✅ |
If you discover a security vulnerability in any of the plugins, please report it by:
- Do not open a public issue
- Send an email to shaggybackend@gmail.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Plugins may execute shell commands via
allowed_tools: [Bash] - Review commands before running in production environments
- Be cautious with plugins that modify files or execute arbitrary code
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Review generated code for hardcoded values
- Review plugin source code before installation
- Keep plugins updated to the latest versions
- Use plugins from trusted sources only
- Report any suspicious behavior
Plugin authors should:
- Minimize use of shell commands
- Validate all user inputs
- Avoid storing sensitive data
- Document any security considerations
- Keep dependencies minimal and updated