Your idea never leaves your machine. The engine runs locally inside your AI CLI; the only data IdeaTwister ever sees is what you choose to type into it.
Security Policy
Reporting a vulnerability
Please do not open a public GitHub issue for security problems.
Instead, email hello@ideatwister.com with:
- A description of the issue
- Steps to reproduce
- The version of the engine you're running (printed when the engine starts)
- Your name and contact info if you'd like credit in a fix
We aim to acknowledge reports within 72 hours and ship a fix within two weeks for confirmed issues.
What counts
Anything that could let someone:
- Read another user's idea or run output
- Execute code outside the user's intended sandbox
- Exfiltrate the Anthropic API key from a user's machine
- Bypass the license check in a way that materially affects the product
Things that don't count: configuration mistakes on a user's own machine, vulnerabilities in upstream dependencies that already have a CVE filed, or general "AI can produce wrong output" reports.
Scope
This policy covers the IdeaTwister engine distributed via ideatwister.com and the public materials in this repository. It does not cover Claude Code itself or the Anthropic API — please report those upstream.
Disclosure
We coordinate disclosure with reporters. Once a fix ships, we credit reporters in the changelog unless they prefer otherwise.