| Version | Supported |
|---|---|
| 2.0.x | ✅ Yes |
| < 2.0 | ❌ No |
We take security seriously. If you discover a security vulnerability, please follow these steps:
- Do NOT create a public issue
- Email security details to: anton.knoery@gmail.com
- Include "SuperClaude Security" in subject line
- Provide detailed description of the vulnerability
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes or mitigations
- Your contact information for follow-up
- 24 hours: Initial acknowledgment
- 72 hours: Preliminary assessment
- 7 days: Detailed response with next steps
- 30 days: Resolution target (depending on complexity)
- SuperClaude is a configuration framework, not executable software
- No network connections or data transmission
- Files are stored locally in ~/.claude/
- Shell scripts have limited system access
- Template reference system (@pattern) validated for integrity
- install.sh performs file operations only
- No sudo/admin privileges required
- Backup existing configurations before installation
- All operations within user home directory
- Configuration files are read-only for Claude Code
- No sensitive data stored in configurations
- Slash commands execute through Claude Code's security model
- MCP integrations follow Claude Code's sandbox restrictions
- Review install.sh before execution
- Keep SuperClaude updated
- Report suspicious behavior
- Use official installation methods only
- Follow secure coding practices
- No hardcoded secrets or credentials
- Validate all user inputs
- Test security implications of changes
This security policy covers:
- SuperClaude configuration files
- Installation scripts
- GitHub repository security
- Community interaction security
SuperClaude is provided "as is" without warranty. While we strive for security, users are responsible for:
- Reviewing code before installation
- Using in appropriate environments
- Following Claude Code security guidelines
- Backing up existing configurations
Questions? Contact anton.knoery@gmail.com
SuperClaude v2 | Security-conscious configuration framework