Skip to content

Security: agenerationforwordz-tech/supersafe

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in SuperSafe, please report it privately so we can fix it before it becomes public.

Email: agenerationforwordz@gmail.com

Subject line: SuperSafe Security Report

Please do NOT:

  • Open a public GitHub issue for security vulnerabilities
  • Post details publicly before we've had a chance to respond

What to include:

  • Description of the vulnerability
  • Steps to reproduce it
  • Which script(s) are affected
  • Any potential impact

What to expect:

  • We'll acknowledge your report within 48 hours
  • We'll work with you to understand and fix the issue
  • We'll credit you in the fix (unless you prefer to stay anonymous)

Scope

Security issues in these areas are in scope:

  • The quarantine watcher script
  • The emergency eject script
  • The lockdown drive script
  • The LLM prompt (could it be manipulated to output wrong verdicts?)
  • Config handling (could a malicious config cause damage?)

Known Limitations

SuperSafe is a defense-in-depth layer. It reviews file metadata (filename, size, type, hash) - not binary contents. It is not antivirus software. See the README for a full breakdown of what the LLM catches vs. what it doesn't.

There aren't any published security advisories