If you discover a security vulnerability in SWE Squad, please report it responsibly:
- Do NOT open a public GitHub issue
- Email the maintainers or use GitHub Security Advisories
- Include a description of the vulnerability, steps to reproduce, and potential impact
We will acknowledge receipt within 48 hours and provide a timeline for a fix.
SWE Squad executes code via Claude Code CLI and runs shell commands. When deploying:
- Isolate the runtime — run agents in a sandboxed VM or container
- Use dedicated GitHub accounts — never share your personal credentials with agents
- Scope PAT permissions — use the minimum required GitHub token scopes
- Review agent output — agents propose fixes on branches; always review before merging
- Protect secrets — never commit
.envfiles; use the.env.exampletemplate - Restrict network access — limit agent VM's network to only required endpoints
| Version | Supported |
|---|---|
Latest main |
Yes |
| Older commits | No |