We apply security-related fixes to the current default branch (main). We do not maintain separate supported-version branches unless stated in a release.
If you believe you have found a security vulnerability in this repository or any of its scripts/tools:
- Do not open a public GitHub issue for the vulnerability.
- Report privately by emailing the maintainers (see the repository About section or owner profile for contact options) or by using the repository’s Security tab → Report a vulnerability (GitHub Security Advisories).
- Include a clear description, steps to reproduce, and impact if possible. We will respond as soon as we can.
We ask for reasonable time to address the report before any public disclosure. We will credit you for the finding (unless you prefer to remain anonymous) once a fix is released or the issue is disclosed.
- In scope: Bugs or misconfigurations in code or documentation in this repository that could lead to security impact when used as intended (e.g. credential handling, unsafe defaults, or logic errors in security checks).
- Out of scope: Issues in third-party services (e.g. Microsoft 365, OpenClaw backend), general security best-practice advice without a concrete bug, or misuse of the tools on systems without authorization.
Thank you for helping keep Security Research Labs safe for everyone.