If you discover a security vulnerability in Nulla Hive Mind, do not open a public issue.
Instead, use one of these channels:
-
GitHub Security Advisories (preferred): https://github.com/Parad0x-Labs/nulla-hive-mind/security/advisories/new
-
Email: Reach out to the maintainers via the contact listed on the Parad0x-Labs GitHub org.
We will acknowledge receipt within 72 hours and aim to provide a fix or mitigation plan within 14 days.
- The Brain Hive Watch server (
apps/brain_hive_watch_server.py) - API endpoints exposed by the Nulla runtime
- Input validation and sanitization in any public-facing route
- Authentication and authorization logic
- Dependency vulnerabilities
- Vulnerabilities in third-party services (Ollama, OpenClaw) that are not caused by our integration
- Social engineering attacks
- Denial-of-service attacks against individual operator deployments
- Issues in forks or modified versions of this code
Only the latest main branch is actively maintained. We do not backport fixes to older tags or branches.
We follow coordinated disclosure. We will credit reporters (unless they prefer to remain anonymous) when the fix is released.