Report security issues privately to the maintainers instead of opening a public issue.
Preferred channel:
- GitHub private vulnerability reporting: https://github.com/amittell/openclaw-scheduler/security/advisories/new
Include:
- affected version
- deployment mode
- reproduction steps
- impact
- suggested mitigation if known
Security-sensitive areas include:
- shell job execution
- gateway credential handling
- delivery adapters
- approval flows
- installation and service configuration
Please report unsafe defaults, credential leaks, or privilege boundary issues.
- Acknowledgment: within 7 days of receipt.
- Resolution: within 30--90 days depending on severity and complexity.