Skip to content

Security: 2alf/Heimdall

Security

security.md

Security Policy

Reporting a vulnerability — privately

Please do not open a public issue, PR, or discussion for a security bug. That discloses it to everyone before there's a fix.

Report it privately instead:

  • GitHub Security Advisory (preferred): the repository's Security tab → AdvisoriesReport a vulnerability. This opens a private channel with the maintainers.
  • Or email the maintainer at the address in the git history for Cargo.toml.

Please include a proof-of-concept or a concrete impact argument. We aim to acknowledge within 72 hours and to ship a fix for confirmed high-impact issues promptly. Reporters are credited in the hall of fame after a fix ships (or anonymously, if you prefer).

In scope

  • Silent bypass of change detection (a watched file altered without an alert).
  • Forgery of the signed baseline / defeat of the keystore-anchored integrity.
  • Code execution triggered by Heimdall itself, or trojanisation of Heimdall.
  • XSS or IPC-permission escalation in the desktop app (test a release build).

Out of scope

  • Attackers who already have code execution or admin as your user (the tool is tamper-evident, not tamper-proof, against that adversary — see the README).
  • Physical-access attacks and a compromised OS / credential store.
  • Denial of service via crashing the app.
  • Automated scanner output without a proof-of-concept.

Threat model

Designed to detect: unauthorised changes to your MCP configuration and the source files of the servers your AI agents launch.

Not designed to prevent: an adversary who already controls your user session or machine. Heimdall raises the bar for tampering and makes it evident; it is a detective control, not a sandbox. Pair it with real isolation for untrusted work.


Last updated: 10 July 2026.

There aren't any published security advisories