| Version | Supported |
|---|---|
0.5.x |
Yes |
0.4.x |
Yes |
< 0.4.0 |
No |
Do not open a public GitHub issue for suspected security vulnerabilities.
Use one of these channels (in order of preference):
- GitHub Private Vulnerability Reporting — go to the repository's Security tab → "Report a vulnerability"
- Email — security@clawdcontext.com
- affected version
- reproduction steps
- proof of impact
- logs/screenshots (if safe)
- proposed fix or mitigation (optional)
- Acknowledge within
72 hours - Triage within
7 days - Remediation plan or mitigation guidance within
14 days
ClawdContext includes static analysis and pattern-based security scanning for SKILL.md.
It does not provide:
- code execution sandboxing
- malware guarantees
- runtime isolation
Security findings in the extension are advisory detections and should be treated as review prompts, not definitive proof of safety.