ClawHelm is early-stage software. Security fixes are applied to the main branch first.

Please do not open a public GitHub issue for a security vulnerability.

Instead:

1. Use GitHub private vulnerability reporting if enabled for the repository.
2. If that is not available, contact the repository owner directly.

Include:

• a description of the issue
• impact and attack scenario
• steps to reproduce
• affected files or endpoints
• any suggested mitigation

We will acknowledge receipt as soon as practical and work with you on responsible disclosure.