External/SuperClaude
1
0
Fork 0
mirror of https://github.com/SuperClaude-Org/SuperClaude_Framework.git synced 2025-12-29 16:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e210b4e6e3fcd76b783cc559c432dde73eaaae2e
SuperClaude/SECURITY.md
NomenAK d24503ca02 refactor: Complete SuperClaude v2 migration with @include reference system 
- Migrate all command files to use @include reference system
- Consolidate shared patterns into new yml structure
- Create central superclaude shared configuration files
- Remove deprecated markdown files (MCP.md, PERSONAS.md, RULES.md)
- Add new documentation structure in docs/
- Update installation script for new architecture
- Add ROADMAP.md and VERSION files

This completes the major architectural refactor to improve maintainability
and reduce duplication across the SuperClaude command system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-25 16:51:53 +02:00

92 lines
2.5 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
| Version | Supported |
|---------|-----------|
| 4.0.x | ✅ Yes |
| < 4.0 | ❌ No |
## Reporting Security Vulnerabilities
We take security seriously. If you discover a security vulnerability, please follow these steps:
### 🔒 Private Reporting (Preferred)
1. **Do NOT** create a public issue
2. Email security details to: anton.knoery@gmail.com
3. Include "SuperClaude Security" in subject line
4. Provide detailed description of the vulnerability
### 📝 Required Information
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes or mitigations
- Your contact information for follow-up
### ⏱️ Response Timeline
- **24 hours**: Initial acknowledgment
- **72 hours**: Preliminary assessment
- **7 days**: Detailed response with next steps
- **30 days**: Resolution target (depending on complexity)
## Security Considerations
### Configuration Framework Security
- SuperClaude is a configuration framework, not executable software
- No network connections or data transmission
- Files are stored locally in ~/.claude/
- Shell scripts have limited system access
- Template reference system (@pattern) validated for integrity
### Installation Security
- install.sh performs file operations only
- No sudo/admin privileges required
- Backup existing configurations before installation
- All operations within user home directory
### Usage Security
- Configuration files are read-only for Claude Code
- No sensitive data stored in configurations
- Slash commands execute through Claude Code's security model
- MCP integrations follow Claude Code's sandbox restrictions
## Best Practices
### For Users
- Review install.sh before execution
- Keep SuperClaude updated
- Report suspicious behavior
- Use official installation methods only
### For Contributors
- Follow secure coding practices
- No hardcoded secrets or credentials
- Validate all user inputs
- Test security implications of changes
## Scope
This security policy covers:
- SuperClaude configuration files
- Installation scripts
- GitHub repository security
- Community interaction security
## Disclaimer
SuperClaude is provided "as is" without warranty. While we strive for security, users are responsible for:
- Reviewing code before installation
- Using in appropriate environments
- Following Claude Code security guidelines
- Backing up existing configurations
---
**Questions?** Contact anton.knoery@gmail.com
*SuperClaude v2 | Security-conscious configuration framework*
Reference in New Issue View Git Blame Copy Permalink