VeriClaw is a public-facing Apple-native AI agent correction project. If you discover a security issue that could affect users, release assets, or linked distribution surfaces, please report it privately first.
- Email the maintainer before opening a public issue if the report includes an exploit, credential leak, or package integrity concern.
- If private email is unavailable, open a minimal GitHub issue without exploit details and ask for a secure follow-up channel.
- Affected version or release tag
- Exact page, asset, or file involved
- Reproduction steps
- Expected impact
- Suggested mitigation if known
- GitHub release assets
- Download integrity and checksum mismatches
- Pages-hosted landing and download surfaces
- ClawHub companion packaging for VeriClaw
Best effort initial response within 72 hours for valid reports.