Security fixes target the latest published release.
Report vulnerabilities privately by emailing support@xquik.com.
Do not open public issues for secrets, credential handling bugs, private data exposure, account takeover paths, or write-action safety bypasses.
Security-sensitive areas include:
- API key handling
- Action endpoint gating
- Catalog allowlisting
- Private X account reads
- Tweet, delete, follow, DM, profile, monitor, webhook, extraction, and draw actions
- Package supply chain metadata