The sensitive data that is currently handled by the Cloving CLI is:

• Various AI API keys, which are stored in the cloving configuration within the user home directory (~/.clovingconfig).

Report vulnerabilities to security [at] cloving.ai

They will be handled ASAP. If the vulnerability is accepted, a mitigation will be implemented and a proper disclosure will be released. The triage and mitigation process will depend on the potential severity and impact of the vulnerability.