These tools are built to run locally and offline — they don't phone home, require accounts, or transmit your data anywhere. That's the first line of defence. But no software is perfect, and a responsible report helps everyone.
Please don't open a public issue for a security problem.
Report it privately through GitHub's built-in flow: go to the repository's Security tab → Report a vulnerability. That opens a private advisory only the maintainer can see.
When you report, include:
- the affected tool and version,
- what an attacker could do (impact),
- the steps to reproduce it.
- An acknowledgement, typically within a few days.
- An honest assessment — if it's real, we'll work on a fix and credit you (unless you'd rather stay anonymous).
- If it's a hardening idea rather than an exploit, we may move it to a normal public issue with your okay.
In scope: the code in this repository. Out of scope: third-party services or software a tool merely installs or wraps (report those upstream), and social- engineering or physical attacks.
Thank you for helping keep these tools trustworthy.