Security
Report sensitive issues privately to the repository owner.
Never commit Meta Page tokens, app secrets, webhook verify tokens, internal API keys, OpenClaw hook tokens, production database files, or raw webhook payloads.
Before publishing changes, run:
pytest
git grep -n -i -E 'token|secret|password|api[_-]?key|bearer'