MetallicClaw is an agent runtime that can read files, write files, execute shell commands, and call MCP tools. Treat it like automation software with access to your machine.

This repository is pre-1.0. Security fixes land on main until releases are formalized.

Do not open a public issue for exploitable vulnerabilities.

Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled yet, contact the maintainer privately using the contact method listed on the maintainer's GitHub profile. Do not include exploitable details in a public issue.

Include:

• affected version or commit
• operating system
• reproduction steps
• expected impact
• whether secrets, files, commands, or network calls are involved

By default, MetallicClaw is a local tool. It is not safe to expose the gateway directly to the public internet.

Important controls:

• tool_policy can block or require approval for dangerous tools.
• shell_exec supports timeout_ms.
• MCP servers support timeout_ms.
• provider TLS verification is enabled by default.
• public plaintext HTTP provider URLs are blocked by default.
• write_file creates rollback journals.
• sessions can be cancelled with metallicclaw cancel --session ID.

See docs/SECURITY_MODEL.md.

• sandboxing arbitrary shell commands
• sandboxing third-party MCP servers
• automatic rollback for shell or MCP side effects
• public remote gateway authentication
• skill registry trust and signing

These are roadmap items, not current guarantees.