cbash-cli is a local CLI—shell scripts only, no backend. Security focus: credentials, plugin code you run, and what you source.
Do not open a public issue. Contact maintainers privately with:
- Description of the vulnerability
- Steps to reproduce
- Impact (e.g. credential leak, arbitrary command execution)
We aim to respond within 48 hours.
- Never commit credentials, API keys, or tokens to repo or custom plugins
- Use environment variables; prefer AWS SSO/IAM over static keys
- Do not log or echo secrets
If you use the AWS plugin with credential files:
chmod 600 ~/.aws/credentials- Plugins run with your user permissions—review code before use
- Audit
custom/plugins/for hardcoded secrets and safe commands - Replace all placeholders in config templates; remove sample credentials
- Prefer: clone → review (
cbash.sh, plugins you use) → run installer
git clone https://github.com/cminhho/cbash.git ~/.cbash
cd ~/.cbash && ./tools/install.sh- One-liner install runs code without prior review—use only from a trusted source
cbash cli update