Skip to content

Security: mattweberio/metatron

Security

SECURITY.md

Security Policy

Supported Versions

Security fixes target the latest published version of metatron-cli.

Reporting a Vulnerability

Do not open a public issue for a credential leak or exploitable vulnerability. Use GitHub's private vulnerability reporting for this repository when available, or contact the maintainer through the GitHub profile linked from the repository.

Secrets

Metatron configuration can contain API bearer tokens and local LLM integration settings. Keep real values in ~/.config/metatron/config.toml or another private path. Never commit .env, .pypirc, API keys, Slack tokens, npm tokens, or PyPI tokens.

If a secret is committed, revoke it before rewriting history or cutting a new release.

There aren't any published security advisories