Security is the whole point of this project, so we take reports seriously.
If you find a vulnerability in any Strix Advanced Tools repository, please report it privately — do not open a public issue for a security bug.
- Use GitHub Private Vulnerability Reporting on the affected repository (its Security → Report a vulnerability tab), or
- follow the disclosure path in that repository's own
SECURITY.md, which also documents its threat model.
We will acknowledge your report, work with you on a fix, credit you if you'd like, and never retaliate. Please give us reasonable time to ship a fix before public disclosure.
How to verify a Strix download (SHA-256 checksums + build-provenance attestation): https://strix-tool.github.io/security/