If you've discovered a security vulnerability in the ClawSecure platform itself, we appreciate your responsible disclosure.
Please do NOT open a public GitHub issue for security vulnerabilities.
Email your findings to security@clawsecure.ai with:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested remediation
- Acknowledgment within 48 hours of your report
- Status update within 7 days with our assessment
- Credit in our security acknowledgments (if desired) once the issue is resolved
This policy covers vulnerabilities in:
- The ClawSecure web platform at clawsecure.ai
- The Security Clearance API
- The Watchtower monitoring system
- Vulnerabilities in OpenClaw skills themselves — please submit these for scanning or file a Suspicious Skill Report
- Vulnerabilities in third-party services or dependencies not maintained by ClawSecure
- Social engineering attacks against ClawSecure team members
If you've found a security issue in an OpenClaw skill (not in ClawSecure itself):
- Scan the skill at clawsecure.ai
- File a Suspicious Skill Report in this repository using our issue template
- Report to ClawHub if the skill is actively distributed on the ClawHub marketplace
ClawSecure is a hosted platform. Security patches are deployed continuously. There are no self-hosted versions to maintain.