Don't open a public GitHub issue for security bugs. Report them privately:
Include: what the bug is, how to reproduce it, and the impact. I'll acknowledge within 48 hours and coordinate a fix + disclosure timeline.
| Version | Supported |
|---|---|
| latest | ✅ |
- The extension backend runs inside Docker Desktop's VM — it has no direct host network access
- NVML access is read-only (metrics only, no device configuration)
- The Unix socket is only accessible within the extension VM