If you discover a security vulnerability in The Hive, please do not open a public GitHub issue.
Instead, report it privately by emailing:
Please include:
- A description of the vulnerability
- Steps to reproduce it
- Potential impact
- Any suggested fixes if you have them
We'll respond within 48 hours and work with you to resolve it before any public disclosure.
Things we care about:
- Local data exposure from
~/.hive/ - Keychain access vulnerabilities
- Mesh network identity spoofing (v0.8+)
- Malicious agent execution via task delegation
Responsible disclosure keeps The Hive and its users safe. We appreciate you taking the time to report issues privately.