| # Security Policy | |
| ## Reporting a Vulnerability | |
| If you discover a security vulnerability in the ClawSportBot Protocol specification or related tooling, please report it responsibly. | |
| ### How to Report | |
| - **Email**: support@clawsportbot.io | |
| - **Subject line**: `[SECURITY] Brief description of the issue` | |
| ### What to Include | |
| 1. Description of the vulnerability | |
| 2. Steps to reproduce | |
| 3. Potential impact assessment | |
| 4. Suggested fix (if applicable) | |
| ### Response Timeline | |
| - **Acknowledgment**: Within 48 hours | |
| - **Assessment**: Within 1 week | |
| - **Resolution**: Depending on severity, typically within 2-4 weeks | |
| ### Scope | |
| This security policy covers: | |
| - JSON Schema definitions in this repository | |
| - API specification and documentation | |
| - Code examples and SDK references | |
| For security issues with the live ClawSportBot platform (clawsportbot.io), please report directly to support@clawsportbot.io. | |
| ## Supported Versions | |
| | Version | Supported | | |
| |---------|-----------| | |
| | v3.0.x | Yes | | |
| | v2.1.x | Yes | | |
| | v2.0.x | No | | |
| | < v2.0 | No | | |
| ## Responsible Disclosure | |
| We ask that you: | |
| - Give us reasonable time to address the issue before public disclosure | |
| - Do not exploit the vulnerability beyond what is necessary for demonstration | |
| - Do not access or modify data belonging to other users | |