MimiDesk is an early-preview local desktop application.
Only the current main branch is actively maintained during the early preview period.
Please do not publish exploit details in a public issue before the maintainer has had a chance to respond.
Preferred reporting path:
- Open a private GitHub security advisory if it is available for the repository.
- If private advisories are not available, contact the maintainer through the GitHub repository profile and include a minimal description of the issue.
Helpful details include:
- affected platform and version
- reproduction steps
- expected impact
- whether local files, notification permissions, or command execution are involved
- MimiDesk stores data locally in
~/.mimidesk/app-data.json. - MimiDesk does not require an account.
- MimiDesk does not use cloud sync.
- MimiDesk does not include telemetry.
- The CLI and desktop app read and write the same local data file.
Because this is a desktop application, please be especially careful with reports involving local file access, shell commands, notification permissions, autostart behavior, or update/install scripts.