If you discover a security vulnerability in ClawGuard Shield, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, email: michno.jrg@gmail.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix release: As soon as possible, typically within 2 weeks
This policy applies to:
- The ClawGuard Shield API (prompttools.co/api/v1/)
- API authentication and key management
- The scan engine and pattern matching
- Payment processing (Stripe integration)
- Detection patterns (false negatives, bypasses)
We credit security researchers in our release notes (unless you prefer to remain anonymous).
| Version | Supported |
|---|---|
| 0.6.x | Yes |
| 0.5.x | Yes |
| < 0.5 | No |