| Version | Supported |
|---|---|
| 1.x | ✅ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
Do not open a public issue. Instead, please:
- Email the maintainer directly (see package.json for contact info)
- Include a description of the vulnerability
- Include steps to reproduce if possible
- Include potential impact
You should expect a response within 48 hours. We will:
- Confirm receipt of your report
- Investigate and verify the vulnerability
- Develop and test a fix
- Release a patch
- Credit you in the release notes (unless you prefer to remain anonymous)
smol-agent has the ability to execute shell commands via the run_command tool. This is a core feature but comes with inherent risks:
- Only run smol-agent in environments you trust
- Review the agent's proposed changes before confirming destructive operations
- Be cautious when processing untrusted input
The agent can read and write files within your project directory. Path traversal protections are in place, but:
- Run smol-agent in a dedicated project directory
- Don't run as root/administrator
- Review file operations before confirming
If you use the web_search and web_fetch tools:
- These require an Ollama API key
- Data is sent to Ollama's servers for processing
- Review Ollama's privacy policy at https://ollama.com/privacy
- Review before executing: The agent will show you what it plans to do
- Use version control: Commit your changes before running smol-agent
- Limit scope: Run in a dedicated project directory
- Monitor token usage: Be aware of context window limits
- Keep updated: Use the latest version of smol-agent and Ollama