External/SuperClaude
1
0
Fork 0
mirror of https://github.com/SuperClaude-Org/SuperClaude_Framework.git synced 2025-12-29 16:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fc8cd74cfc80c2dd386cefdfb82e79d3cabac5e9
SuperClaude/SECURITY.md
NomenAK d24503ca02 refactor: Complete SuperClaude v2 migration with @include reference system 
- Migrate all command files to use @include reference system
- Consolidate shared patterns into new yml structure
- Create central superclaude shared configuration files
- Remove deprecated markdown files (MCP.md, PERSONAS.md, RULES.md)
- Add new documentation structure in docs/
- Update installation script for new architecture
- Add ROADMAP.md and VERSION files

This completes the major architectural refactor to improve maintainability
and reduce duplication across the SuperClaude command system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-25 16:51:53 +02:00

2.5 KiB
Raw Blame History

Security Policy

Supported Versions

Version Supported
4.0.x Yes
< 4.0 No

Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability, please follow these steps:

🔒 Private Reporting (Preferred)

  1. Do NOT create a public issue
  2. Email security details to: anton.knoery@gmail.com
  3. Include "SuperClaude Security" in subject line
  4. Provide detailed description of the vulnerability

📝 Required Information

Please include:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any suggested fixes or mitigations
  • Your contact information for follow-up

⏱️ Response Timeline

  • 24 hours: Initial acknowledgment
  • 72 hours: Preliminary assessment
  • 7 days: Detailed response with next steps
  • 30 days: Resolution target (depending on complexity)

Security Considerations

Configuration Framework Security

  • SuperClaude is a configuration framework, not executable software
  • No network connections or data transmission
  • Files are stored locally in ~/.claude/
  • Shell scripts have limited system access
  • Template reference system (@pattern) validated for integrity

Installation Security

  • install.sh performs file operations only
  • No sudo/admin privileges required
  • Backup existing configurations before installation
  • All operations within user home directory

Usage Security

  • Configuration files are read-only for Claude Code
  • No sensitive data stored in configurations
  • Slash commands execute through Claude Code's security model
  • MCP integrations follow Claude Code's sandbox restrictions

Best Practices

For Users

  • Review install.sh before execution
  • Keep SuperClaude updated
  • Report suspicious behavior
  • Use official installation methods only

For Contributors

  • Follow secure coding practices
  • No hardcoded secrets or credentials
  • Validate all user inputs
  • Test security implications of changes

Scope

This security policy covers:

  • SuperClaude configuration files
  • Installation scripts
  • GitHub repository security
  • Community interaction security

Disclaimer

SuperClaude is provided "as is" without warranty. While we strive for security, users are responsible for:

  • Reviewing code before installation
  • Using in appropriate environments
  • Following Claude Code security guidelines
  • Backing up existing configurations

Questions? Contact anton.knoery@gmail.com

SuperClaude v2 | Security-conscious configuration framework

Reference in New Issue View Git Blame Copy Permalink