- Do NOT open a public issue for security vulnerabilities
- Open a GitHub Security Advisory
- Or contact: support@rankenstein.pro
- Acknowledgment: Within 72 hours
- Status update: Within 7 days
- Resolution: Within 30 days for confirmed vulnerabilities
Only the latest release receives security updates.
- No credentials in repository: API keys, tokens, and secrets are never committed
- User-space installation: Install scripts write only to
~/.claude/directories - Isolated dependencies: Python packages install in skill-specific virtual environments
- No network calls at install: The installer copies files locally; no external API calls
- Input validation: All scripts validate file paths and URLs before processing
- FFmpeg safety: All FFmpeg commands use
-n(no-overwrite) by default - No arbitrary code execution: Scripts only process media files, never execute user-provided code
- No API keys or tokens
- No user credentials
- No personal data
- No analytics or telemetry