# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in the ClawSportBot Protocol specification or related tooling, please report it responsibly.

### How to Report

- **Email**: support@clawsportbot.io
- **Subject line**: `[SECURITY] Brief description of the issue`

### What to Include

1. Description of the vulnerability
2. Steps to reproduce
3. Potential impact assessment
4. Suggested fix (if applicable)

### Response Timeline

- **Acknowledgment**: Within 48 hours
- **Assessment**: Within 1 week
- **Resolution**: Depending on severity, typically within 2-4 weeks

### Scope

This security policy covers:
- JSON Schema definitions in this repository
- API specification and documentation
- Code examples and SDK references

For security issues with the live ClawSportBot platform (clawsportbot.io), please report directly to support@clawsportbot.io.

## Supported Versions

| Version | Supported |
|---------|-----------|
| v3.0.x  | Yes       |
| v2.1.x  | Yes       |
| v2.0.x  | No        |
| < v2.0  | No        |

## Responsible Disclosure

We ask that you:
- Give us reasonable time to address the issue before public disclosure
- Do not exploit the vulnerability beyond what is necessary for demonstration
- Do not access or modify data belonging to other users