If you discover a security vulnerability in Claw Compactor, please report it responsibly.

1. Do NOT open a public issue for security vulnerabilities
2. Send a detailed report to the OpenClaw Discord via DM to a maintainer
3. Or open a private security advisory

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Assessment: Within 1 week
• Fix release: Within 2 weeks for critical issues

Claw Compactor processes local workspace files. Security concerns may include:

• Path traversal in file operations
• Code injection through codebook entries
• Unintended data exposure through compression artifacts
• Engram API key handling

We consider security research conducted in good faith to be authorized. We will not pursue legal action against researchers who follow responsible disclosure.