Security is critical for integrations because connectors may interact with external APIs, user data, and credentials.
Do not open public GitHub issues for security problems.
Instead, contact the maintainers privately.
- Never commit API keys or secrets.
- Use
.env.examplefor placeholder variables. - Validate incoming webhook payloads.
- Avoid logging sensitive data.
- Use least-privilege API scopes.
- Document required permissions clearly.