External/SuperClaude
1
0
Fork 0
mirror of https://github.com/SuperClaude-Org/SuperClaude_Framework.git synced 2025-12-29 16:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
23a103d5dc310d080ee71dad71a82e5e269d3759
SuperClaude/SECURITY.md
NomenAK 9c3608a783 Clean up references to deleted scripts and pattern system 
- Removed references to validate-references.sh from YAML files
- Removed expand-references.sh from settings.local.json
- Cleaned up @pattern/@flags references from shared files
- Updated documentation to reflect current no-code implementation
- Simplified reference-index.yml to remove @include patterns

This cleanup removes confusion from the abandoned pattern reference
system while maintaining all functionality.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-24 21:24:14 +02:00

92 lines
2.5 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
| Version | Supported |
|---------|-----------|
| 4.0.x | ✅ Yes |
| < 4.0 | ❌ No |
## Reporting Security Vulnerabilities
We take security seriously. If you discover a security vulnerability, please follow these steps:
### 🔒 Private Reporting (Preferred)
1. **Do NOT** create a public issue
2. Email security details to: anton.knoery@gmail.com
3. Include "SuperClaude Security" in subject line
4. Provide detailed description of the vulnerability
### 📝 Required Information
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes or mitigations
- Your contact information for follow-up
### ⏱️ Response Timeline
- **24 hours**: Initial acknowledgment
- **72 hours**: Preliminary assessment
- **7 days**: Detailed response with next steps
- **30 days**: Resolution target (depending on complexity)
## Security Considerations
### Configuration Framework Security
- SuperClaude is a configuration framework, not executable software
- No network connections or data transmission
- Files are stored locally in ~/.claude/
- Shell scripts have limited system access
- Template reference system (@pattern) validated for integrity
### Installation Security
- install.sh performs file operations only
- No sudo/admin privileges required
- Backup existing configurations before installation
- All operations within user home directory
### Usage Security
- Configuration files are read-only for Claude Code
- No sensitive data stored in configurations
- Slash commands execute through Claude Code's security model
- MCP integrations follow Claude Code's sandbox restrictions
## Best Practices
### For Users
- Review install.sh before execution
- Keep SuperClaude updated
- Report suspicious behavior
- Use official installation methods only
### For Contributors
- Follow secure coding practices
- No hardcoded secrets or credentials
- Validate all user inputs
- Test security implications of changes
## Scope
This security policy covers:
- SuperClaude configuration files
- Installation scripts
- GitHub repository security
- Community interaction security
## Disclaimer
SuperClaude is provided "as is" without warranty. While we strive for security, users are responsible for:
- Reviewing code before installation
- Using in appropriate environments
- Following Claude Code security guidelines
- Backing up existing configurations
---
**Questions?** Contact anton.knoery@gmail.com
*SuperClaude v4.0.0 | Security-conscious configuration framework*
Reference in New Issue View Git Blame Copy Permalink