From 2cdfecdde32da78b24b9cf2071f450f776c82fe4 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Fri, 30 Jan 2026 21:51:19 +0100 Subject: [PATCH] docs: clarify security scope --- SECURITY.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 39ad03d749..efb2951869 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,6 +7,16 @@ If you believe you've found a security issue in OpenClaw, please report it priva - Email: `steipete@gmail.com` - What to include: reproduction steps, impact assessment, and (if possible) a minimal PoC. +## Bug Bounties + +OpenClaw is a labor of love. There is no bug bounty program and no budget for paid reports. Please still disclose responsibly so we can fix issues quickly. +The best way to help the project right now is by sending PRs. + +## Out of Scope + +- Public Internet Exposure +- Using OpenClaw in ways that the docs recommend not to + ## Operational Guidance For threat model + hardening guidance (including `openclaw security audit --deep` and `--fix`), see: