Security

Security

Kyber runs locally and gives the AI agent access to tools on your system. Here’s how to keep things locked down.

Secrets architecture

Kyber separates secrets from configuration:

FileContentsPermissions
~/.kyber/config.jsonSettings (provider, model, ports, channels)600
~/.kyber/.envAPI keys, bot tokens, dashboard auth token600

API keys and tokens are never stored in config.json. They live in ~/.kyber/.env, which is:

  • Created with 600 permissions (owner read/write only)
  • Loaded automatically on startup via environment variable injection
  • Managed transparently by the dashboard — when you save config through the web UI, secrets are routed to .env and stripped from the JSON
  • Listed in .gitignore by default

When Kyber starts, secrets are resolved in this priority order:

  1. Real environment variables (export KYBER_PROVIDERS__OPENROUTER__API_KEY=...)
  2. ~/.kyber/.env file
  3. ~/.kyber/config.json (should be empty for secret fields after migration)

Migrating from plaintext config

If you’re upgrading from an older version that stored keys in config.json:

kyber migrate-secrets

This extracts all secrets to .env, blanks them from config.json, and locks down file permissions. The gateway also warns on startup if it detects plaintext keys in config.json.

External secret management

For production deployments, you can skip .env entirely and inject secrets through your environment:

export KYBER_PROVIDERS__OPENROUTER__API_KEY="sk-or-v1-xxx"
export KYBER_CHANNELS__DISCORD__TOKEN="your-bot-token"
kyber gateway

This works with Docker secrets, systemd EnvironmentFile=, Kubernetes secrets, or any secret manager that sets environment variables.

Access control

Every chat channel supports allowFrom to restrict who can interact with the bot. If allowFrom is empty, the bot responds to everyone. Always set this in production.

{
  "channels": {
    "discord": {
      "allowFrom": ["YOUR_USER_ID"],
      "allowGuilds": ["YOUR_SERVER_ID"],
      "allowChannels": ["YOUR_CHANNEL_ID"]
    },
    "telegram": {
      "allowFrom": ["YOUR_USER_ID"]
    }
  }
}

Discord also supports allowGuilds and allowChannels for additional filtering.

Dashboard security

  • The dashboard is local-only by default (127.0.0.1)
  • Protected with an auto-generated bearer token (stored in .env)
  • Token comparison uses secrets.compare_digest() for timing-safe validation
  • Refuses to bind to non-local addresses without allowedHosts configured
  • Security headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Content-Security-Policy
  • Request body size limited to 1 MB
  • For remote access on a VPS, use an SSH tunnel — no need to expose the dashboard publicly

Shell execution

The exec tool gives the agent shell access. To limit this:

{
  "tools": {
    "exec": {
      "timeout": 60,
      "restrictToWorkspace": true
    }
  }
}
  • timeout kills commands that run too long
  • restrictToWorkspace blocks commands that access paths outside the workspace

WhatsApp session

The WhatsApp bridge stores session data locally in ~/.kyber/. This data provides full access to your WhatsApp account. Treat the entire ~/.kyber/ directory as sensitive.

Security scanning

Kyber includes a built-in Security Center that performs comprehensive environment audits. It checks file permissions, exposed secrets, network configuration, SSH hardening, running processes, firewall status, and more.

It also includes two dedicated scanning tools:

  • ClamAV malware scanning — performs a full system scan daily in the background, detecting trojans, viruses, rootkits, and other threats. Install with kyber setup-clamav. The daily scan cron job is registered automatically.
  • Cisco AI Defense skill-scanner — scans installed agent skills for prompt injection, data exfiltration, and malicious code patterns. Install with kyber setup-skillscanner.

Run a scan from the dashboard’s Security Center or ask the agent directly. Reports are saved to ~/.kyber/security/reports/ and viewable in the dashboard with score tracking, finding history, and issue management.

See the Security Center guide for full details.

VPS deployments

If running on a VPS:

  1. Set allowFrom on all channels
  2. Use restrictToWorkspace: true for shell execution
  3. Use an SSH tunnel to access the dashboard securely
  4. Use loginctl enable-linger so services survive logout
  5. Keep ~/.kyber/ permissions tight (chmod 700)
  6. Use environment variables or .env for all secrets — never put keys in config.json
CLI Reference