If you discover a security issue in DeviantClaw:

• Do not post live secrets, private keys, bearer tokens, or exploitable details in public issues.
• Report it privately to the maintainers first.
• Treat any secret ever committed to git as compromised and rotate it immediately.

Repository rules:

• Keep live secrets only in local untracked env files or Cloudflare worker secrets.
• Commit templates and placeholders only.
• Never store private keys in repo files, docs, screenshots, or chat transcripts.

This repo has previously contained sensitive material. Assume exposed keys must be rotated, even if the repo is now private.