Please do not open a public GitHub issue for security vulnerabilities.
Send a report to [email protected] with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
We will acknowledge your report within 48 hours and keep you updated as we work on a fix.
| In scope | Out of scope |
|---|---|
| OCC editor (this repo) | Third-party VS Code extensions |
| OpenClaw extension | Upstream VS Code / Void vulnerabilities |
| OCC website | Attacks requiring physical access |
We follow coordinated disclosure. Please give us a reasonable amount of time to fix an issue before making it public.