eeymoo/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-04-27 07:45:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0f01faac156896314fcb05a0716f9479084dea51
claw-code/SECURITY.md

1.6 KiB
Raw Blame History

Security Policy

Supported Versions

This project is pre-1.0 / active development. Only the main branch (and the current active feature branch) receives security attention. No LTS commitment exists yet.

Branch Supported
main
older forks/branches

Reporting a Vulnerability

Do not file a public GitHub issue for security vulnerabilities.

Please use GitHub Security Advisories to report privately:

  1. Go to the Security tab of this repository
  2. Click "Report a vulnerability"
  3. Describe the issue with reproduction steps and impact

We aim to acknowledge within 72 hours and work toward coordinated disclosure.

Disclosure Process

  1. Report received → acknowledgement within 72h
  2. We assess severity and reproduce the issue
  3. Fix developed and reviewed privately
  4. Fix shipped; advisory published after patch is live
  5. Credit given to reporter (unless they prefer anonymity)

Scope

In scope:

  • Remote code execution (RCE)
  • Authentication or authorization bypass
  • Secrets / credentials exfiltration
  • Sandbox escape (agent isolation boundary violations)
  • Privilege escalation

Out of scope:

  • Denial of service (DoS/resource exhaustion)
  • Social engineering attacks
  • Vulnerabilities in third-party dependencies — report those upstream
  • Behavior that is working as intended (check ROADMAP.md pinpoints first)

License

This project is MIT-licensed — provided as-is, without warranty of any kind.

Reference in New Issue View Git Blame Copy Permalink