HuggingClaw / SECURITY.md
anurag008w's picture
Merge pull request #31 from anurag162008/codex/find-automatic-package-installation-method-d90k9g
d65efac
|
Raw
History Blame
1.07 kB

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly:

  1. Do NOT open a public issue
  2. Email the maintainer or open a private security advisory on GitHub
  3. Include steps to reproduce if possible

We'll respond within 48 hours and work on a fix.

Security Best Practices

When deploying HuggingClaw:

  • Set your Space to Private β€” prevents unauthorized access to your gateway
  • Use a strong GATEWAY_TOKEN β€” generate with openssl rand -hex 32
  • Set a strong JUPYTER_TOKEN β€” the /terminal/ JupyterLab login defaults to huggingface only for template convenience
  • Keep your HF token scoped β€” use fine-grained tokens with minimum permissions
  • Don't commit .env files β€” the .gitignore already excludes them
  • Use TELEGRAM_ALLOWED_USERS β€” restricts bot access to your account only
  • Review logs regularly β€” check for unauthorized access attempts

Supported Versions

Version Supported
1.0.x βœ