We take security seriously. If you discover a vulnerability, please report it responsibly.

Do NOT create a public GitHub issue for security vulnerabilities.

Instead, please:

1. Email: Open a private security advisory at GitHub Security
2. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Type of vulnerability (XSS, injection, etc.)
• Affected versions
• Proof of concept (if safe to share)
• Your contact info (optional)

• Initial response: Within 48 hours
• Status update: Weekly until resolved
• Fix timeline: Depends on severity (critical: 7 days, high: 30 days)

When using this tool:

• Verify archive checksums before importing
• Backup existing configuration before import
• Review manifest.json content
• Use --mode=replicate for sharing between machines

• Import archives from untrusted sources
• Use --mode=full when exporting sensitive data
• Share your ~/.openclaw/ directory publicly
• Import without reviewing the manifest

We follow responsible disclosure:

1. Report privately first
2. Allow reasonable time to fix
3. Coordinated public disclosure after fix

Thank you for keeping OpenClaw Migration Tool secure! 🔒