Skip to content
LVIS AI
EN|KO

Host · Trust & Security

What Protects the User

The more automation LVIS does, the more the question 'is this safe?' matters to the user. This page gathers, in one place, the safety limits LVIS has in place to protect the user.

Source verification
Secret protection
Runs after consent
Only on your PC

Only source-verified packages are installed

Every plugin, Agent, MCP, and Skill bundle from the Marketplace carries a publisher signature, and the host re-verifies that signature right before install. A mismatched signature is rejected automatically.

Secrets live in the OS secure store

Secrets like API keys, tokens, and internal session cookies are encrypted and kept in the operating system's secure storage. They are never stored in plaintext on the LVIS disk.

Risky actions always ask for user confirmation

Actions such as sending mail, calling external services, deleting files, or submitting approvals trigger an inline confirmation card or a full dialog, depending on risk level, to get user consent.

Data stays only on your PC

Conversations, meeting notes, indexed material, memory, and automation records are all kept in the LVIS area on the user's PC. External server sync is limited to features the user has explicitly turned on.

Delegation consent is preserved as a chain

Consent given when delegating autonomous execution to an Agent is preserved as an immutable record chain. Who consented, when, and within what scope can always be reviewed later exactly as it happened.

Internal-only plugins work only on the internal network

Internal-only plugins, such as an internal portal, automatically block login itself when accessed from outside the corporate network. This is a safeguard against internal credentials leaking out over the wrong network.

Audit log — every action, one line at a time

Every action LVIS performs automatically (tool calls, permission grants, mail sent, automation fired) is recorded as a single line in secure storage. Users can open this log anytime to check things like "how many times did LVIS touch my mail today?" or "who turned on this automation?"

  • Split by date, one file per day — easy to search.
  • No automatic cleanup by the host. Records are preserved as-is unless the user deletes them directly.
  • Sandbox actions (running external code) are kept in a separate log and stored even more conservatively.

No workarounds

  1. 01

    Revoked permission stops execution immediately

    Once a granted permission is revoked by the user, any tool that needed it stops immediately on the next call, with no fallback, and asks the user to grant it again.

  2. 02

    What's disallowed stays disallowed

    Risky actions are never routed around under the name of a "plan B." A disallowed action stays disallowed — this prevents an action the user thought they'd consented to "a while back" from quietly happening again.

  3. 03

    Only allowed sources are trusted

    External domains, external tools, and external servers are trusted only when the user has explicitly registered them. There's no such thing as an allow-listed domain hardcoded into the code.

Summary — what the user can check
  • Every action LVIS took today — the audit log.
  • Currently active permissions / delegations / automations — the settings screen.
  • The types of secrets each plugin holds — Settings → Plugins → Permission management.
  • The time of the last automatic update and the version before it — Settings → App → Update status.