Skip to content

Security: oleg-koval/kitty-agent-status

SECURITY.md

Security Policy

Scope

kitty-agent-status only changes the color of a kitty tab. The scripts:

  • call kitten @ set-tab-color against the current window's tab,
  • read the name of the command you launched (shell integration) to decide if it is a coding agent,
  • forward Codex notify arguments unchanged to your previous notify program.

They do not read your code, make network requests, or run anything from an agent's output. The installer is the only component that writes: it places the scripts under ~/.config/kitty/agent-status, adds one source line to your shell rc, and (unless --no-claude) adds three hooks to ~/.claude/settings.json. An unreadable settings.json is backed up rather than clobbered.

Reporting a vulnerability

Please report security issues privately via GitHub Security Advisories rather than a public issue. You can expect an initial response within a few days.

There aren't any published security advisories