Skip to content

Security: ethosagent/ethos

Security

SECURITY.md

Security policy

Reporting

Use GitHub's private vulnerability reporting ("Report a vulnerability" button on this repo's Security tab). We aim to acknowledge within 5 business days.

Scope

  • The ethos CLI, web UI, and gateway adapters in this monorepo
  • Bundled extensions under extensions/
  • Documented public APIs

Out of scope

  • User-installed plugins, MCP servers, or skills (report to those projects)
  • Issues only reproducible with experimental flags / --no-safety

Disclosure

We follow 90-day coordinated disclosure with fix-or-ETA acknowledgement.

There aren't any published security advisories