SpiritBox Ultimate has been audited with industry-standard tools (Bandit, Trivy) across 65,000+ authored source lines and 10 Docker containers. Zero high-severity vulnerabilities. Zero outbound telemetry. Unlike cloud AI services like ChatGPT or Gemini, all processing happens locally on your NVIDIA GPU.
Bandit static analysis across the entire Python codebase. Zero high-severity findings. All code follows security best practices recommended by leading cybersecurity organizations.
Trivy comprehensive vulnerability scanner across all 10 Docker images. Minimal attack surface using slim base images. All dependencies patched to latest security versions.
No analytics, no tracking pixels, no phoning home. Verified by network traffic analysis. The only outbound connections are user-initiated (web search, Telegram).
Every layer of SpiritBox Ultimate is hardened with defense-in-depth. The AI reasoning layer ("The Brain") is architecturally separated from the execution layer ("The Hands") — a patented credential-isolation design.
API keys encrypted with Fernet AES-128-CBC. The AI decides what to do; a separate execution script runs the action without exposing the key to the LLM context window.
12+ injection pattern detectors scrub every RAG document, web search result, and user input before it reaches the LLM. Blocks prompt injection, jailbreak attempts, and data exfiltration.
no-new-privileges + cap_drop: ALL on every service. Moltbot has zero network access. PostgreSQL has zero host ports. Each container runs with minimum viable permissions.
The Neo4j knowledge graph only stores facts you explicitly approve. No silent data collection. No background indexing of your conversations without your permission.
Telegram remote access runs through Cloudflare Tunnel with IP whitelist. No port forwarding, no exposed services. Your home network stays invisible.
Unlike closed-source AI tools, SpiritBox's codebase can be inspected by security professionals. Run Bandit, Trivy, or any scanner yourself — anytime.
Each service runs in its own Docker container with no-new-privileges, cap_drop: ALL, and strict volume mounts. No container can access data outside its designated scope.
no-new-privileges cap_drop: ALLGPU passthrough security_level=normalno-new-privileges Piper + Whispernetwork: none zero internetNeo4j internal network onlyPostgreSQL + pgvector no host portsRedis internal network onlySearXNG user-initiated onlyn8n credential isolationCloudflare IP whitelist