If you discover a security vulnerability in this project, please report it responsibly:
- Do not open a public GitHub issue
- Use GitHub Security Advisories (private report to the maintainer)
- Include a description of the vulnerability and steps to reproduce
- Never commit your Discord bot token to version control
- Use environment variables or a
.envfile (already in.gitignore) - Rotate your token immediately if it is ever exposed
- Give the bot only the permissions it needs for your use case