If you discover a security vulnerability in Handless, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please use GitHub Security Advisories to report the vulnerability privately.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment within 48 hours
• A fix or mitigation plan within 7 days for critical issues
• Credit in the release notes (unless you prefer anonymity)

Since Handless runs entirely offline and processes audio locally, the primary security concerns are:

• Local privilege escalation
• Unauthorized access to microphone or clipboard data
• Malicious model files
• Dependencies with known vulnerabilities