SkillFlow is a local-first tool. It can import remote Skill content and can run real commands through codex exec, so safety defaults matter.

Security fixes target the latest 0.x release.

Please open a private security advisory or contact the maintainers privately before publishing exploit details.

Include:

• Reproduction steps
• Affected version or commit
• Whether the issue involves API Keys, filesystem writes, shell execution, remote Skill import, or package validation

Provider API Keys are encrypted before being stored in SQLite. Set SKILLFLOW_SECRET before serious use so keys remain decryptable across workspace moves and are not tied only to the current path.

Never commit:

• .env
• .skillflow/
• exports/
• screenshots with secrets
• logs containing API responses or API Keys

Git and Marketplace imports are treated as untrusted by default. Review permissions and run preflight before real execution.