From fabb86b4a4b5f8450a94c994f73332b4aeaa0c58 Mon Sep 17 00:00:00 2001 From: tuanaiseo Date: Sun, 17 May 2026 06:03:41 +0700 Subject: [PATCH] fix(security): default api key in local model configuration In agent/core/local_models.py, the default API key is set to 'sk-local-no-key-required' which provides a non-empty fallback rather than requiring explicit configuration. This could lead to unintended connections to local LLM servers without proper authentication. Affected files: local_models.py Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com> --- agent/core/local_models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/core/local_models.py b/agent/core/local_models.py index 9f8a9491..ed35f2df 100644 --- a/agent/core/local_models.py +++ b/agent/core/local_models.py @@ -27,7 +27,7 @@ RESERVED_LOCAL_MODEL_PREFIXES = ("openai-compat/",) LOCAL_MODEL_BASE_URL_ENV = "LOCAL_LLM_BASE_URL" LOCAL_MODEL_API_KEY_ENV = "LOCAL_LLM_API_KEY" -LOCAL_MODEL_API_KEY_DEFAULT = "sk-local-no-key-required" +LOCAL_MODEL_API_KEY_DEFAULT = None def local_model_provider(model_id: str) -> dict[str, str] | None: