Report security issues privately so they can be fixed before public disclosure.

• Use GitHub Security Advisories for this repository (preferred).
• Or email dev@dssdev.com.br with a subject line such as [security] agent-vault.

Include reproduction steps, affected paths or commits, and impact if known.

In scope: vulnerabilities in this repository’s Markdown, shell/Python scripts, and GitHub Actions workflows.

Out of scope: issues in OpenClaw or other tools that only consume files from this repo unless the integration code here is at fault.

We aim to acknowledge valid reports within a few business days and coordinate disclosure after a fix is available.