Skip to content

Security: ruhang365/styleos-protocol

Security

SECURITY.md

Security

StyleOS Protocol is a documentation-first repository. It does not include an application, server, SDK, package, build pipeline, database, or runtime service.

Security work for this repository focuses on protecting contributors, preventing private data exposure, and keeping the open-core boundary clear.

Report a Security or Privacy Issue

Please report issues when you find:

  • real user photos;
  • personal data;
  • unauthorized private cases;
  • leaked credentials;
  • confusing official certification claims;
  • malicious links;
  • unsafe instructions that could expose user data.

Use a private maintainer contact channel when available. If no private channel is available, open a minimal public issue without quoting sensitive details.

中文说明: 如果发现隐私数据、真实照片、凭据泄露或未经授权案例,不要在公开 issue 中复述敏感内容,只描述问题类型并等待维护者处理。

Do Not Submit Secrets

Never submit:

  • API keys;
  • tokens;
  • cookies;
  • passwords;
  • private keys;
  • production URLs with credentials;
  • internal system screenshots;
  • private customer exports.

Maintainer Response

Maintainers should:

  • remove or redact exposed data;
  • ask contributors to replace real cases with synthetic examples;
  • close or edit issues that include personal data;
  • avoid preserving sensitive data in quotes, screenshots, or examples;
  • document recurring safety patterns in DATA_POLICY.md when useful.

There aren't any published security advisories