haitham/horus-3d
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65c2b9cf85a36a796398d6a6f7ad003ea0664baf
horus-3d/SECURITY.md
T
Luke The Dev 4fa4f13558 First Release of Claw3D (#11) 
Co-authored-by: iamlukethedev <iamlukethedev@users.noreply.github.com>
2026-03-19 23:14:04 -05:00

1.4 KiB
Raw Blame History

Security Policy

Reporting A Vulnerability

Please do not open public GitHub issues for security vulnerabilities.

Preferred path:

  • If the repository host exposes private vulnerability reporting or GitHub Security Advisories for this repo, use that path first.

Fallback path:

  • If no private reporting channel is available, open a minimal public issue requesting a private contact channel and do not include exploit details, tokens, or proof-of-concept payloads in that issue.

When reporting a vulnerability, include:

  • A clear description of the issue.
  • Impact and affected areas.
  • Reproduction steps or a proof of concept.
  • Any suggested mitigation if you have one.

We aim to acknowledge reports promptly, investigate them, and coordinate a fix and disclosure timeline with the reporter.

Current Security Limitations

  • Studio gateway settings are stored on disk in plaintext under the local OpenClaw state directory.
  • The current UI loads the configured upstream gateway URL/token into browser memory at runtime, even though those values are not stored in browser persistent storage.

Scope

Please report issues related to:

  • Authentication or access-control bypasses.
  • Secret handling or token exposure.
  • Remote code execution or privilege escalation paths.
  • Unsafe filesystem, proxy, or network behavior.
  • Dependency vulnerabilities that materially affect this project.
Reference in New Issue View Git Blame Copy Permalink