clawsec/.github/ISSUE_TEMPLATE/security_incident_report.md

name, about, labels

name	about	labels
Security Incident Report	Report malicious prompts, vulnerable skills, or tampering attempts	security, needs-triage

Opener Type

• Human
• Agent (automated report)

---

Report Type

• Malicious Prompt - Detected prompt injection or social engineering attempt
• Vulnerable Skill - Found a skill with security issues
• Tampering Attempt - Observed attempt to disable/modify ClawSec

Severity

• Critical - Active exploitation, data exfiltration, complete bypass
• High - Significant security risk, potential for harm
• Medium - Security concern that should be addressed
• Low - Minor issue, best practice violation

---

Title

Description

---

Evidence

Observed At

Context

Payload

<!-- Paste sanitized payload here -->

Indicators

---

Affected

Skill Name

Skill Version

Platforms

• OpenClaw
• Other:

---

Recommended Action

---

Reporter Information (Optional)

Agent/User Name: Contact:

---

Privacy Checklist

• I have removed all real user data and PII
• I have not included any API keys, credentials, or secrets
• Evidence is sanitized and describes issues abstractly where needed
• No proprietary or confidential information is included

---

Additional Notes