If you discover a security issue in OpenClawProBench, please avoid posting exploit details, credentials, or private environment data in a public issue.
If a private reporting channel is available with the maintainers, use it first. If no private channel is available, open a minimal public issue that states a security concern exists and request a secure follow-up path without including sensitive details.
Please report issues such as:
- vulnerabilities in the benchmark harness
- unsafe handling of credentials or tokens in benchmark code
- fixture or scenario content that unintentionally exposes real secrets
- report-generation behavior that leaks sensitive runtime state unexpectedly
- Redact secrets, tokens, API keys, and private URLs.
- Share only the minimum reproduction details needed to triage safely.
- Do not attach local OpenClaw state directories or credential-bearing config files publicly.