Security Policy
Scope
BatteryMHM is a research library for harmonic-feature modeling. It does not handle credentials, network services, or user data, so its attack surface is small. Still, we take correctness and supply-chain integrity seriously.
Supported versions
The latest released version (1.0.0) is supported.
Reporting a vulnerability
If you discover a security issue (for example, a dependency vulnerability, a deserialization risk in user-supplied data, or a way the library could be made to execute untrusted code), please do not open a public issue. Instead, report it privately via the Hugging Face model discussion page (mark it as a security concern) or the repository's private advisory channel.
Please include:
- A description of the issue and its impact
- Steps to reproduce
- Affected version(s) and environment
We aim to acknowledge reports within a few business days and to address confirmed issues promptly.
Note on model weights
This repository distributes no trained model weights or pickled objects.
If you train your own models, never pickle.load weights from an untrusted
source — pickle can execute arbitrary code on load.