The Everywhere team ("We") takes security bugs in Everywhere seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
Please do not report security vulnerabilities via public GitHub issues.
To report a security issue, please email a detailed report to contact@sylinko.com.
We will send a response indicating the next steps in handling your report. After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
If you do not receive an acknowledgement of your report within 7 business days, please escalate to the founders directly:
As Everywhere utilizes UI automation and screen perception:
- Local Processing: We prioritize local execution to minimize data exposure.
- API Security: Users are responsible for the security of their own API Keys. We recommend using environment variables or encrypted storage for Key management.
We prefer reports in English or Chinese.