Skip to content

Security: reshuibuduo/TMCRA-Agent-Memory

Security

SECURITY.md

Security policy

Do not open a public issue containing credentials, private memory data, or a working exploit. Use GitHub's private vulnerability reporting for this repository when available.

TMCRA checkpoints must be loaded with torch.load(..., weights_only=True) and verified against the published SHA-256 manifest. The maintainers do not support disabling these checks for untrusted checkpoints.

Provider API keys belong only in local *.env files. The example files contain placeholders and real environment files are excluded by .gitignore.

There aren't any published security advisories