AI workflows can execute code, make API calls, and process sensitive data. Security is not an afterthought at AIMD—it is the foundation.
When a creator uploads a zip archive for a workflow or codebase, it does not go directly to the public marketplace.
Every single file is processed through a strict ClamAV anti-malware pipeline. We scan for known malware signatures, suspicious execution patterns, and hidden payloads. If a file is flagged, the resource is instantly quarantined and the creator's account is locked pending review.
While we do not censor the content of AI prompts (as many jailbreak prompts are used for legitimate red-teaming), we strongly advise users to review the raw prompt text before executing it in their own enterprise environments.
For code-based workflows, many creators offer a "Sandbox" preview via our CodeSandbox integration. This allows you to test the workflow in a secure, isolated container before downloading the files to your local machine.
Our community relies on self-policing backed by our Reputation Engine. If you encounter a resource that violates our Terms of Service (e.g., generating CSAM, facilitating illegal acts, or stealing API keys), you can click the Report button on the listing.
Resources with a high volume of reports are automatically hidden from the Trending and Discovery feeds until a human moderator reviews them.
We do not sell your data. We do not use your private library acquisitions to train AI models. Your transactions are heavily encrypted, and our database employs Row Level Security (RLS) to ensure that no user can ever query another user's private data.