FoneClaw is an Android AI phone assistant that interacts with supported phone workflows. Security reports are taken seriously.
Please do not open a public issue for security reports.
Send reports to:
privacy@foneclaw.ai
Include:
- A clear description of the issue
- Steps to reproduce
- Affected page, workflow, or Android permission area
- Screenshots or logs if safe to share
- Your contact information for follow-up
Relevant reports may include:
- Permission handling issues
- Sensitive action confirmation bypasses
- Website security issues
- Data exposure issues
- Authentication or download integrity issues
- Cross-site scripting or content injection risks on foneclaw.ai
Out of scope:
- Generic vulnerability scanner output without reproduction
- Social engineering
- Denial-of-service testing
- Issues in third-party websites not controlled by FoneClaw
- Speculative reports without a practical impact path
We aim to acknowledge valid reports within a reasonable timeframe and may ask for additional details. Please give us time to investigate before public disclosure.
The current public website at https://www.foneclaw.ai is the supported website version.