Skip to content

Security: scriptriva/seshat-tts

Security

SECURITY.md

Security Policy

Supported Versions

The main branch is the only supported development line until formal releases begin.

Reporting a Vulnerability

Email support@scriptriva.com with:

  • A concise description of the issue.
  • Steps to reproduce.
  • Affected version or commit.
  • Impact and likely abuse path.
  • Any proof-of-concept files or screenshots that are safe to share.

Please do not disclose vulnerabilities publicly until maintainers have had time to investigate and coordinate a fix.

Sensitive Data

Do not commit:

  • api_key.txt
  • Hugging Face or OpenAI-compatible API tokens
  • custom voice samples
  • cached .safetensors voice states
  • generated executable artifacts
  • local config files

Security-Relevant Areas

  • Screen/window capture.
  • OCR text handling.
  • Local LLM endpoint configuration.
  • Custom voice file handling.
  • TTS server startup and subprocess execution.
  • Packaged binary contents.

There aren't any published security advisories