Skip to content

URGENT: org profile README leaks non-org and private repos — remove wrong links #60

Description

@telleroutlook

Security / correctness issue

Current profile/README.md has two problems:

1. Incorrect link — points to non-existent WasmAgent repo

Line references [claude-bot](https://github.com/WasmAgent/claude-bot)this repo does not exist. The actual bot lives at telleroutlook/claude-bot which is a personal (non-org) repository.

Listing it here:

  • Creates a broken link in the public org page
  • Implies claude-bot is part of WasmAgent, which is misleading
  • Leaks information about the operator's personal account (telleroutlook)

Fix: remove the row entirely. claude-bot is an operational tool of the org's maintainer, NOT an org-owned repo.

2. Private repo wasmagent-ops should not appear on the public profile

The row for wasmagent-ops describes it as "Private operations hub — media, release, research, and security operations". This is a private repository. Publishing its existence + description on the public org profile:

  • Reveals internal structure to anyone browsing WasmAgent
  • Any linked outsiders will get a 404 (since they can't see private repos)
  • Publishing the description ("security operations for the org") is a security-relevant info leak

Fix: remove the wasmagent-ops row from any public table on profile/README.md.

3. Also remove the "Internal tools" paragraph

The section titled "Internal tools" explicitly names claude-bot and wasmagent-ops. If both rows are removed, this paragraph has no subject. Delete the paragraph entirely.

Acceptance criteria

  • profile/README.md no longer contains the string claude-bot (in any URL or description)
  • profile/README.md no longer contains the string wasmagent-ops
  • The "Internal tools" section is removed
  • No new lint errors from removed anchor references (search for internal-tools anchors elsewhere and remove)

Priority

Highest. This is a public information-leak concern: the org profile is served to any GitHub user visiting github.com/WasmAgent. Every hour these lines are up is a minor operational-secrecy leak.

Related

  • No dependencies. Should be implemented as a standalone doc-only PR.

Metadata

Metadata

Assignees

No one assigned

    Labels

    claudeAuto-filed by the botclaude-hardHigh-capability (opus) model task

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions