# Security Policy

`@openclaw/fs-safe` is a filesystem-safety library, so potential boundary bypasses should be reported privately first.

Email security reports to Peter Steinberger at `steipete@gmail.com` with:

- affected version or commit
- platform and filesystem details
- minimal reproduction steps
- expected impact

Please do not open a public issue for traversal, symlink, hardlink, archive extraction, or credential-file bugs until we have coordinated disclosure.