🎉 Cmdop v1.0 is here! Download now →

Security Policy

Last updated: December 18, 2025

1. Shared Responsibility Model

Cmdop operates with the effective permissions of the user account under which it is executed. You are the sole administrator of your security boundary.

Cmdop does not provide containment, sandboxing, privilege isolation, or environmental hardening. Running Cmdop with elevated or administrative privileges grants equivalent control to any commands executed through the Service.

2. Local Execution

Cmdop runs as a local process. It possesses the same permissions as the user account under which it is executed. Any compromise of your local machine or user credentials constitutes a breach of your environment, for which Cmdop assumes no liability to the maximum extent permitted by applicable law.

3. Credential Handling

Credentials, API keys, and configuration values may be stored locally on your system. You are responsible for applying appropriate operating system-level access controls.

Recommendations:

  • Use standard system-level permissions to restrict access to configuration files
  • Avoid storing plaintext secrets where possible
  • Use environment variables or secret management tools for sensitive credentials

4. Data in Transit

Data transmitted between Cmdop and external services is encrypted in transit using standard TLS protocols (TLS 1.2 or higher).

5. Threat Model Boundaries

Cmdop is not designed to protect against:

  • Compromised local machines or user accounts
  • Malicious or incorrect user-authored prompts
  • Failures, vulnerabilities, or compromise of third-party AI providers
  • Operating system or shell-level vulnerabilities
  • Indirect prompt injection attacks via third-party content
  • Supply chain attacks on dependencies

6. What Cmdop Does Not Do

  • No sandboxing: Commands execute with your user's full permissions
  • No command validation: Cmdop does not verify commands for safety, correctness, or intent
  • No output filtering: Sensitive data in command output is not detected or redacted
  • No privilege escalation protection: Running as root gives commands root access
  • No network isolation: Commands can access any network your user can access

7. Security Best Practices

We recommend the following practices when using Cmdop:

  1. Principle of Least Privilege: Run Cmdop under a user account with minimal necessary permissions
  2. Review Before Execution: Always review generated commands before executing them
  3. Isolated Environments: Consider using containers or VMs for testing untrusted commands
  4. Audit Logging: Enable shell history and audit logging for accountability
  5. Secret Hygiene: Never include secrets, API keys, or credentials in prompts

8. Security Disclosures

Potential security vulnerabilities may be reported to [email protected]

  • We appreciate responsible disclosure
  • Reporting a vulnerability does not entitle the reporter to any reward or compensation
  • All reports are handled at our discretion
  • We aim to acknowledge reports within 7 business days

9. Compliance

Cmdop is a locally-executed developer tool. Compliance with organizational security policies, industry regulations, or data protection laws is the responsibility of the user.

Cmdop does not provide:

  • SOC 2 attestation
  • HIPAA compliance
  • PCI DSS compliance
  • FedRAMP authorization

If your use case requires such compliance, you must implement appropriate controls in your environment.

10. Updates and Patches

We release security updates as needed. Users are responsible for keeping their Cmdop installation up to date. We do not provide long-term support for older versions.

Security Contact: [email protected]

Cmdop - Control your terminal, anywhere.