Skip to content

Security: phoenixray2000/WhereMyTokens

Security

SECURITY.md

Security Policy

WhereMyTokens reads local AI coding tool data and may use local provider credentials to fetch usage snapshots for enabled providers. Please report security issues privately.

Reporting A Vulnerability

Open a private security advisory on GitHub, or contact the maintainer through the repository owner profile.

Please include:

  • Affected version or commit.
  • Steps to reproduce.
  • What local files, credentials, or network requests are involved.
  • Any logs with tokens, secrets, or personal paths redacted.

Privacy Expectations

  • No cloud sync.
  • No telemetry.
  • No separate credential backup.
  • Provider usage requests only for enabled providers.
  • Antigravity support uses loopback local RPC only.

Supported Versions

The latest GitHub Release is the supported version for security fixes.

There aren't any published security advisories