| Version | Supported |
|---|---|
| 5.0.x | ✅ |
| < 5.0 | ❌ |
Do NOT open a public GitHub issue for security vulnerabilities.
If you discover a security vulnerability in CatchClaw, please report it responsibly:
- Email: Send details to the maintainer via GitHub private message to @Coff0xc
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix release: Within 30 days for critical issues
This policy covers the CatchClaw tool itself, NOT the targets it is designed to assess. CatchClaw is a security testing tool — vulnerabilities in target platforms (OpenClaw/Open-WebUI) should be reported to their respective maintainers.
CatchClaw is designed for authorized security testing only. Any use against systems without explicit written permission is prohibited and may violate applicable laws.