Skip to main content

Threat model

The main security concern with Konduktor is prompt injection from fetching stuff from the web, for which the main layer of defense is Claude Code’s own prompt injection defense layer. You’re in full control of all prompts, which greatly minimizes this issue, but Konduktor could feasibly fetch a malicious website looking for documentation and get prompt injected. In that case, if you’re running on a remote machine as recommended, what’s exposed is:
  • Your Konduktor instance
  • Your code
  • Your gh token
  • Your Claude Code token
If you want to be extra cautious about this, you should consider setting up a firewall in front of the instance that only allows traffic from trusted sources, such as npm, PyPI, GitHub, etc.

Sandbox isolation and tighter security

Konduktor was built for solo usage. It was made to be simple and configurable, and developers are empowered to configure their Konduktor instance as they want or need. If you want to run Konduktor with sandbox isolation, a tougher security profile, or leverage Konduktor for teams, reach out at [email protected].