Files
mlx-knife/SECURITY.md
T
Local Test de7ccf9018 2.0.0-alpha: default 2.0 tests, cache safety, and docs
Testing:
- pytest defaults to tests_2.0 via pytest.ini
- README/TESTING updated; Quick Start uses `pip install -e . && pip install pytest`

Safety:
- Add test-cache sentinel + centralized checks
- Strict delete guard via MLXK2_STRICT_TEST_DELETE=1
- Hide sentinel from 2.0 list output

Portability:
- Remove site-specific paths; generic test/user cache detection (mlxk2_test_ prefix + sentinel)

Docs:
- Environment & Caches, HF cache integrity
- Local-only hooks/excludes and local test script (excluded from VCS)
2025-08-29 16:57:45 +02:00

4.4 KiB

Security Policy

Overview

MLX Knife is designed to run locally on your Apple Silicon Mac. It prioritizes user privacy and security by keeping all model execution local. The only network activity is downloading models from HuggingFace (a trusted source).

Security Model

What MLX Knife Does

  • Runs models locally on your device
  • Downloads models only from HuggingFace (trusted repository)
  • API server binds to localhost by default
  • No telemetry or usage tracking
  • No external API calls (except HuggingFace for downloads)

What MLX Knife Doesn't Do

  • No data is sent to external servers
  • No model outputs are logged or transmitted
  • No user tracking or analytics
  • No automatic updates or phone-home features

Reporting Security Vulnerabilities

If you discover a security vulnerability in MLX Knife, please help us address it responsibly:

Do NOT:

  • Open a public GitHub issue
  • Post about it on social media
  • Exploit it maliciously

Please DO:

  1. Email: Send details to broke@gmx.eu
  2. Or: Create a private security advisory on GitHub
  3. Include:
    • Affected version(s)
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

We will acknowledge receipt within 48 hours and work on a fix.

Security Considerations

Model Downloads (mlxk pull)

  • Source: Models are downloaded from HuggingFace only
  • Verification: HuggingFace provides checksums for file integrity
  • Risk: Malicious models could theoretically exist on HuggingFace
  • Mitigation: Only download models from trusted organizations (e.g., mlx-community)

API Server (mlxk server)

# Safe (localhost only):
mlxk server --port 8000

# CAUTION (network accessible):
mlxk server --host 0.0.0.0 --port 8000

WARNING: When using --host 0.0.0.0:

  • The API becomes accessible from your network
  • No built-in authentication or rate limiting
  • Anyone on your network can use your models
  • Could potentially be exposed to the internet (check firewall!)

Recommendations for network access:

  • Use a reverse proxy with authentication (nginx, Caddy)
  • Implement firewall rules
  • Never expose directly to the internet
  • Consider VPN-only access

Model Execution

  • Memory: Large models can consume significant RAM/GPU memory
  • CPU/GPU: Model execution can be resource-intensive
  • Disk: Models are cached locally (can be multiple GB each)

File System Access

  • Cache Location: ~/.cache/huggingface/hub or $HF_HOME
  • Permissions: Standard user permissions apply
  • Cleanup: Use mlxk rm <model> to safely remove models; avoid manual deletion in the user cache

Hugging Face Cache Integrity

  • Separate contexts: use an isolated test cache for automated tests; keep the user cache for manual/production work
  • HF_HOME: set explicitly for user work if needed; tests should not override user HF_HOME by default
  • Safe operations: reads (list, health, show) are always safe; coordinate writes (pull, rm) in maintenance windows
  • Test safeguards: the test suite places a sentinel in the test cache and enforces deletion guards to prevent accidental user-cache modification

Security Best Practices

For Users:

  1. Download models only from trusted sources (prefer mlx-community/*)
  2. Keep the API server local unless you need network access
  3. Monitor disk usage - models can be large
  4. Review model cards on HuggingFace before downloading
  5. Keep Python dependencies updated: pip install --upgrade mlx-knife

For Contributors:

  1. Never commit secrets (API keys, tokens)
  2. Validate all inputs in new features
  3. Use secure defaults (localhost binding, etc.)
  4. Document security implications of new features
  5. Test for resource exhaustion (memory, disk)

Supported Versions

Version Supported
1.1.0
1.0.4
1.0.3
1.0.2
1.0.1
< 1.0

Additional Resources


Remember: Security is everyone's responsibility. If something doesn't feel right, please report it! 🦫