If you believe you have found a security issue in SearchCLI, report it privately.
Do not open a public issue with exploit details.
Notify ByteDance Security through one of these channels:
If the repository hosting platform later enables private vulnerability reporting, you may also use that route.
Please include:
- A clear title
- Affected command, skill, or file path
- Reproduction steps
- Impact
- Environment details
- Suggested mitigation, if known
Never include:
- Volcengine AK/SK
- tokens, cookies, or session secrets
- customer data
- private dataset contents
Use redacted examples whenever possible.
This repository is a CLI and installable skill bundle for Viking AI Search on Volcengine.
Useful reports typically involve:
- credential handling
- unsafe command execution
- path traversal or arbitrary file write/read
- packaging or install-time trust issues
- skill-install safety issues
Reports that only restate documented operator behavior, or require a user to intentionally paste secrets into chat against the documented guidance, are generally not security vulnerabilities.