If you discover a security vulnerability in SuperSafe, please report it privately so we can fix it before it becomes public.
Email: agenerationforwordz@gmail.com
Subject line: SuperSafe Security Report
Please do NOT:
- Open a public GitHub issue for security vulnerabilities
- Post details publicly before we've had a chance to respond
What to include:
- Description of the vulnerability
- Steps to reproduce it
- Which script(s) are affected
- Any potential impact
What to expect:
- We'll acknowledge your report within 48 hours
- We'll work with you to understand and fix the issue
- We'll credit you in the fix (unless you prefer to stay anonymous)
Security issues in these areas are in scope:
- The quarantine watcher script
- The emergency eject script
- The lockdown drive script
- The LLM prompt (could it be manipulated to output wrong verdicts?)
- Config handling (could a malicious config cause damage?)
SuperSafe is a defense-in-depth layer. It reviews file metadata (filename, size, type, hash) - not binary contents. It is not antivirus software. See the README for a full breakdown of what the LLM catches vs. what it doesn't.