| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in Claw Compactor, please report it responsibly.
- Do NOT open a public issue for security vulnerabilities
- Send a detailed report to the OpenClaw Discord via DM to a maintainer
- Or open a private security advisory
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix release: Within 2 weeks for critical issues
Claw Compactor processes local workspace files. Security concerns may include:
- Path traversal in file operations
- Code injection through codebook entries
- Unintended data exposure through compression artifacts
- Engram API key handling
We consider security research conducted in good faith to be authorized. We will not pursue legal action against researchers who follow responsible disclosure.