If you discover a security vulnerability in nanobot, please report it by:
- DO NOT open a public GitHub issue
- Create a private security advisory on GitHub or contact the repository maintainers
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to respond to security reports within 48 hours.
CRITICAL: Never commit API keys to version control.
# ✅ Good: Store in config file with restricted permissions
chmod 600 ~/.nanobot/config.json
# ❌ Bad: Hardcoding keys in code or committing themRecommendations:
- Store API keys in
~/.nanobot/config.jsonwith file permissions set to0600 - Consider using environment variables for sensitive keys
- Use OS keyring/credential manager for production deployments
- Rotate API keys regularly
- Use separate API keys for development and production
IMPORTANT: Always configure allowFrom lists for production use.
{
"channels": {
"telegram": {
"enabled": true,
"token": "YOUR_BOT_TOKEN",
"allowFrom": ["123456789", "987654321"]
},
"whatsapp": {
"enabled": true,
"allowFrom": ["+1234567890"]
}
}
}Security Notes:
- Empty
allowFromlist will ALLOW ALL users (open by default for personal use) - Get your Telegram user ID from
@userinfobot - Use full phone numbers with country code for WhatsApp
- Review access logs regularly for unauthorized access attempts
The exec tool can execute shell commands. While dangerous command patterns are blocked, you should:
- ✅ Review all tool usage in agent logs
- ✅ Understand what commands the agent is running
- ✅ Use a dedicated user account with limited privileges
- ✅ Never run nanobot as root
- ❌ Don't disable security checks
- ❌ Don't run on systems with sensitive data without careful review
Blocked patterns:
rm -rf /- Root filesystem deletion- Fork bombs
- Filesystem formatting (
mkfs.*) - Raw disk writes
- Other destructive operations
File operations have path traversal protection, but:
- ✅ Run nanobot with a dedicated user account
- ✅ Use filesystem permissions to protect sensitive directories
- ✅ Regularly audit file operations in logs
- ❌ Don't give unrestricted access to sensitive files
API Calls:
- All external API calls use HTTPS by default
- Timeouts are configured to prevent hanging requests
- Consider using a firewall to restrict outbound connections if needed
WhatsApp Bridge:
- The bridge runs on
localhost:3001by default - If exposing to network, use proper authentication and TLS
- Keep authentication data in
~/.nanobot/whatsapp-authsecure (mode 0700)
Critical: Keep dependencies updated!
# Check for vulnerable dependencies
pip install pip-audit
pip-audit
# Update to latest secure versions
pip install --upgrade nanobot-aiFor Node.js dependencies (WhatsApp bridge):
cd bridge
npm audit
npm audit fixImportant Notes:
- Keep
litellmupdated to the latest version for security fixes - We've updated
wsto>=8.17.1to fix DoS vulnerability - Run
pip-auditornpm auditregularly - Subscribe to security advisories for nanobot and its dependencies
For production use:
-
Isolate the Environment
# Run in a container or VM docker run --rm -it python:3.11 pip install nanobot-ai -
Use a Dedicated User
sudo useradd -m -s /bin/bash nanobot sudo -u nanobot nanobot gateway
-
Set Proper Permissions
chmod 700 ~/.nanobot chmod 600 ~/.nanobot/config.json chmod 700 ~/.nanobot/whatsapp-auth
-
Enable Logging
# Configure log monitoring tail -f ~/.nanobot/logs/nanobot.log
-
Use Rate Limiting
- Configure rate limits on your API providers
- Monitor usage for anomalies
- Set spending limits on LLM APIs
-
Regular Updates
# Check for updates weekly pip install --upgrade nanobot-ai
Development:
- Use separate API keys
- Test with non-sensitive data
- Enable verbose logging
- Use a test Telegram bot
Production:
- Use dedicated API keys with spending limits
- Restrict file system access
- Enable audit logging
- Regular security reviews
- Monitor for unusual activity
- Logs may contain sensitive information - secure log files appropriately
- LLM providers see your prompts - review their privacy policies
- Chat history is stored locally - protect the
~/.nanobotdirectory - API keys are in plain text - use OS keyring for production
If you suspect a security breach:
- Immediately revoke compromised API keys
- Review logs for unauthorized access
grep "Access denied" ~/.nanobot/logs/nanobot.log
- Check for unexpected file modifications
- Rotate all credentials
- Update to latest version
- Report the incident to maintainers
✅ Input Validation
- Path traversal protection on file operations
- Dangerous command pattern detection
- Input length limits on HTTP requests
✅ Authentication
- Allow-list based access control
- Failed authentication attempt logging
- Open by default (configure allowFrom for production use)
✅ Resource Protection
- Command execution timeouts (60s default)
- Output truncation (10KB limit)
- HTTP request timeouts (10-30s)
✅ Secure Communication
- HTTPS for all external API calls
- TLS for Telegram API
- WebSocket security for WhatsApp bridge
- No Rate Limiting - Users can send unlimited messages (add your own if needed)
- Plain Text Config - API keys stored in plain text (use keyring for production)
- No Session Management - No automatic session expiry
- Limited Command Filtering - Only blocks obvious dangerous patterns
- No Audit Trail - Limited security event logging (enhance as needed)
Before deploying nanobot:
- API keys stored securely (not in code)
- Config file permissions set to 0600
-
allowFromlists configured for all channels - Running as non-root user
- File system permissions properly restricted
- Dependencies updated to latest secure versions
- Logs monitored for security events
- Rate limits configured on API providers
- Backup and disaster recovery plan in place
- Security review of custom skills/tools
Last Updated: 2026-02-03
For the latest security updates and announcements, check:
- GitHub Security Advisories: https://github.com/HKUDS/nanobot/security/advisories
- Release Notes: https://github.com/HKUDS/nanobot/releases
See LICENSE file for details.