Vulnerability Daemon is a local-first tool that helps run recurring AI-assisted security audits over local folders.

Please report security issues privately to the maintainers rather than opening a public issue with exploit details. If this repository is hosted under an organization with GitHub private vulnerability reporting enabled, use that channel.

The daemon reads local source folders and writes audit artifacts to the configured output_dir. Reports may contain sensitive exploit sketches, local file paths, internal architecture details, and copied snippets from private code.

Do not expose the dashboard or output directory on a public network.

The daemon itself:

• binds the dashboard/API to 127.0.0.1
• does not upload source code directly
• may send webhook notifications if notifications.webhook_url is configured

The configured agent CLI (codex, claude, or cursor-agent) may have its own network behavior and provider terms. Review the agent you configure before using this tool on confidential repositories.