Security reports should be private.
Email support@abuswe7l.com if you find a vulnerability in a Sw7l Projects repository, bot, website, API, deployment flow, or automation script.
Don't open a public GitHub issue with:
- Secrets, tokens, API keys, private keys, or
.envvalues - Exploit steps that can be copied directly
- Screenshots showing private server data
- Production URLs, admin paths, or credentials that aren't already public
- Affected repository or service
- Clear reproduction steps
- Expected impact
- Affected user, bot, API, or Discord workflow
- Safe proof of concept if available
- Your contact method for follow-up
In scope:
- Public Sw7l Projects repositories
- AbuSwe7l community tooling owned by Sw7l Projects
- Bots, APIs, dashboards, automation, and deployment workflows maintained by the team
Out of scope:
- Social engineering
- Spam, denial-of-service, or destructive testing
- Attacks against third-party services we don't control
- Testing that exposes private user data without permission
Security, cryptography, and steganography experiments in this organization are educational unless a repository explicitly says the work is production-safe.