| # Security | |
| Report sensitive issues privately to the repository owner. | |
| Never commit Meta Page tokens, app secrets, webhook verify tokens, internal API keys, OpenClaw hook tokens, production database files, or raw webhook payloads. | |
| Before publishing changes, run: | |
| ```bash | |
| pytest | |
| git grep -n -i -E 'token|secret|password|api[_-]?key|bearer' | |
| ``` | |