ClaudeMaxPower is a template repository — users typically clone or fork the latest main. Security fixes land on main and on the most recent tagged release. Older releases do not receive backports.

If you have a fork or a clone pinned to an older snapshot, rebase onto main to pick up security fixes.

Please report security issues privately, not as a public issue or PR.

Preferred: open a private security advisory on this repository. GitHub keeps the discussion private until a fix is published and lets us coordinate disclosure with you.

Alternate: if private advisories are unavailable to you, contact the maintainer through the contact channels on the project owner's profile.

When reporting, please include:

• A clear description of the issue and its impact.
• Reproduction steps or a minimal proof-of-concept.
• The commit SHA or release tag where you observed it.
• Any suggested mitigation, if you have one.

• Acknowledgement within 72 hours of receipt.
• Initial assessment (severity, scope, reproducibility) within 7 days.
• Status updates at least every 14 days while the issue is open.
• Coordinated disclosure: once a fix lands on main, the advisory is published with credit to the reporter — unless you ask to remain anonymous.

Examples of issues that ClaudeMaxPower considers in scope:

• A hook script (session-start.sh, pre-tool-use.sh, post-tool-use.sh, stop.sh) that can be tricked into executing an unintended command or exfiltrating data.
• A workflow under .github/workflows/ that leaks tokens or grants more permission than necessary.
• A skill or agent that mishandles .env, secrets, or credentials.
• A path-traversal or arbitrary-file-write in any script under scripts/, workflows/, or .claude/.
• A bypass of the BLOCKED_PATTERNS allow/deny list in pre-tool-use.sh that would let a clearly-malicious command through.
• Supply-chain risks introduced by scripts/setup.sh or any auto-installed tool.

The following are explicitly out of scope for this repository:

• Vulnerabilities in Claude Code, the Claude Agent SDK, or the Anthropic API itself. Report those upstream to Anthropic.
• Vulnerabilities in third-party MCP servers configured via mcp/*.json. Report those to the respective MCP server projects.
• Risks inherent to running an AI coding assistant against your own code — the assistant can read or modify any file you authorize it to touch. Use Claude Code's permission modes and the hook block-list as defense in depth (see docs/hooks-guide.md).
• Issues in user-customized hooks, skills, or agents that ClaudeMaxPower does not ship by default.
• Findings from automated scanners that have no demonstrable security impact (style warnings, informational notices, theoretical risks without a concrete attack path).

If you have installed ClaudeMaxPower into your own project:

• Never commit .env, real API tokens, or production credentials. The pre-tool-use hook and CI's Check for Secrets job are backstops, not primary controls.
• Review every PR before merging — Claude-authored commits are not exempt.
• Keep the hooks enabled and treat pre-tool-use.sh's block-list as defense in depth, not the primary safety boundary (see docs/hooks-guide.md).
• Run bash scripts/test-hooks.sh after customizing any hook script.
• Prefer Claude Code's plan mode for risky or destructive work.