Security overview
Last updated: February 1, 2026
Molten.Bot is designed to run agent workloads in isolated, locked-down containers. This page summarizes our approach and the security boundaries you should understand.
1. Sandboxed containers
Workloads run with a sandboxed runtime to reduce the risk of container escape and limit kernel attack surface.
2. Credentials and secrets
Treat any key you provide (API keys, bot tokens, integration credentials) as sensitive. Store only what you need and rotate if you suspect exposure.
3. Skills and third‑party code
Many skills are community-developed. Always review instructions and scripts before running them. If you don't trust the source, don't install it.
4. Reporting security issues
If you believe you found a vulnerability, report it immediately. Please include reproduction steps and impact.