This repository contains example projects and reference implementations. Security reports are welcome for:
- Credential/token exposure in code or docs
- Unsafe defaults in example configurations
- Dependency vulnerabilities in maintained example projects
- Sensitive data leakage in logs or sample files
Please do not open public issues for security vulnerabilities.
Report privately with:
- A clear summary of the issue
- Steps to reproduce
- Affected file paths and example folders
- Potential impact
- Suggested mitigation (if available)
If possible, report through private maintainer channels for the Fetch.ai team.
- We review and validate reports
- We prepare a fix and documentation update
- We publish coordinated disclosure details after remediation
- Never commit real secrets, API keys, or private keys
- Use
.env.examplefor placeholder values - Keep dependencies updated
- Avoid copying sensitive logs into public issues/PRs