Skip to content

Security: FoneClaw-AI/foneclaw-v2

Security

SECURITY.md

Security Policy

FoneClaw is an Android AI phone assistant that interacts with supported phone workflows. Security reports are taken seriously.

Reporting a vulnerability

Please do not open a public issue for security reports.

Send reports to:

privacy@foneclaw.ai

Include:

  • A clear description of the issue
  • Steps to reproduce
  • Affected page, workflow, or Android permission area
  • Screenshots or logs if safe to share
  • Your contact information for follow-up

Scope

Relevant reports may include:

  • Permission handling issues
  • Sensitive action confirmation bypasses
  • Website security issues
  • Data exposure issues
  • Authentication or download integrity issues
  • Cross-site scripting or content injection risks on foneclaw.ai

Out of scope:

  • Generic vulnerability scanner output without reproduction
  • Social engineering
  • Denial-of-service testing
  • Issues in third-party websites not controlled by FoneClaw
  • Speculative reports without a practical impact path

Response

We aim to acknowledge valid reports within a reasonable timeframe and may ask for additional details. Please give us time to investigate before public disclosure.

Supported version

The current public website at https://www.foneclaw.ai is the supported website version.

There aren't any published security advisories