Skip to content

Security: sno-ai/nodix

Security

SECURITY.md

Security Policy

Nodix is being prepared for a public source release. This repository is public now, but the first complete source and package release will follow after the public-surface review is complete.

Reporting Security Issues

Please do not open a public issue for a suspected vulnerability. Use GitHub's private vulnerability reporting flow for this repository when available, or contact the maintainers through the security contact listed by the Sno AI organization.

Secrets

  • Do not commit API keys, tokens, passwords, local database files, or .env files.
  • Keep local secrets in environment files or an external secret manager.
  • Treat plugin manifests, installer scripts, and model/provider configuration as security-sensitive release surfaces.

Data Handling

  • Default local storage paths must be documented before the first complete source release.
  • Optional network or cloud-provider behavior must be opt-in and clearly documented.
  • Security metadata such as openclaw.security.json must match the shipped package behavior before npm publication.

There aren't any published security advisories