Security fixes land in the latest release. Please update before reporting («О приложении» → «Проверить»).
Исправления безопасности выходят в последнем релизе. Перед обращением, пожалуйста, обновитесь.
Do not open a public issue for security problems.
Please report privately via GitHub's private vulnerability reporting (repo → Security → Report a vulnerability). Include steps to reproduce, affected version/OS, and impact. We aim to acknowledge within a few days; timelines are best-effort for this noncommercial side project.
Не открывайте публичный issue по проблемам безопасности. Сообщайте приватно через Security → Report a vulnerability в репозитории. Укажите шаги воспроизведения, версию и ОС, характер воздействия.
SpeakAgent is offline-first: audio never leaves the machine. Worth extra scrutiny:
- the local MCP server (JSON-RPC over HTTP, bound to
127.0.0.1, optional bearer token); - the auto-updater (updates are signed; the public key ships in
tauri.conf.json); - locally stored settings (including an optional cloud-AI provider token, if you enable one).