OpenSciFlow workflows can execute local commands, so security is central.
All standards and prototypes are drafts. Do not run untrusted manifests or workflows on sensitive systems.
Please open a private security advisory if available, or contact the maintainers privately before public disclosure.
- Do not execute arbitrary LLM-generated shell commands.
- Use allowlisted plugin commands.
- Restrict paths to approved work directories.
- Require user approval before downloading model weights or containers.
- Record commands and environment metadata for every run.