| Version | Supported |
|---|---|
| 1.0.x | Yes |
| < 1.0 | No |
If you discover a security vulnerability in ClawFleet, please report it responsibly:
- Do NOT open a public issue.
- Email security@clawfleet.io with a description of the vulnerability, steps to reproduce, and any relevant logs or screenshots.
- We will acknowledge your report within 48 hours and provide an estimated timeline for a fix.
ClawFleet manages Docker containers running OpenClaw instances. Security concerns in scope include:
- Container escape or privilege escalation
- Unauthorized access to the dashboard or API
- Host filesystem exposure through container misconfiguration
- Authentication bypass (Codex OAuth flow)
- Credential leakage in logs or state files
Security issues in upstream OpenClaw itself should be reported to the OpenClaw project.
We follow coordinated disclosure. We ask that you give us reasonable time to address the issue before public disclosure.