Security

Caro uses AI to generate shell commands from natural language. While we've built comprehensive safety features, it's important to understand the security considerations when using AI-powered command generation.

AI Command Generation Risks

Caro Can Make Mistakes

Like all AI systems, Caro can generate incorrect or unexpected commands. You should always review generated commands before executing them, especially those that:

  • Modify or delete files
  • Change system configurations
  • Access sensitive data
  • Make network requests
  • Require elevated privileges (sudo)

Prompt Injection

Due to prompt injection risks, only use Caro with code and content you trust. Malicious content in files or environment variables could potentially influence the generated commands. Be cautious when:

  • Working with untrusted codebases
  • Processing files from unknown sources
  • Using Caro in automated pipelines with external input
Important Never pipe Caro's output directly to a shell without review. Always inspect generated commands before execution.

Built-in Safety Features

Caro includes multiple layers of protection to prevent dangerous operations:

Command Validation

All generated commands pass through a safety validation system that detects potentially dangerous patterns:

  • Filesystem destruction: rm -rf /, rm -rf ~
  • Disk operations: mkfs, dd if=/dev/zero
  • Fork bombs: :(){ :|:& };:
  • System paths: Operations on /bin, /usr, /etc
  • Privilege escalation: sudo su, chmod 777 /

Safety Levels

Configure how cautious Caro should be with the --safety flag:

  • Strict: Blocks high and critical risk commands, requires confirmation for moderate risk
  • Moderate (default): Blocks critical commands, requires confirmation for high risk
  • Permissive: Warns about all dangerous commands but allows execution with confirmation

Confirmation Prompts

When Caro detects a potentially dangerous command, it will ask for confirmation before proceeding. This gives you a chance to review the command and abort if needed. 

$ caro "remove all temporary files"
Warning: This command may modify or delete files
Command: rm -rf /tmp/*
Do you want to proceed? [y/N]

Best Practices

Review Before Execution

Always read and understand the generated command before running it. If you're unsure what a command does, look it up or ask for an explanation.

Use Dry Run Mode

Use the --dry-run flag to see what would be executed without actually running the command: 

$ caro --dry-run "find and delete old log files"

Start with Strict Safety

When working with unfamiliar commands or critical systems, use --safety strict for maximum protection.

Work in Safe Environments

When experimenting or learning, use:

  • Docker containers or virtual machines
  • Test directories with sample data
  • Version-controlled projects (so you can revert)

Don't Disable Safety Features

Avoid using --confirm or --safety permissive in production environments or with critical data.

Reporting Security Issues

If you discover a security vulnerability in Caro, please report it responsibly:

  1. Do not create a public GitHub issue
  2. Email details to the maintainers (see the security policy)
  3. Include steps to reproduce the vulnerability
Questions? If you have questions about Caro's security model, feel free to open a discussion on GitHub.