Coordination request (no technical details here)
I have a private coordinated vulnerability report for ultraworkers/claw-code affecting sandbox isolation reporting and permission-mode persistence (HIGH). Report includes full write-up and suggested patches.
Private vulnerability reporting appears disabled on this repository (GET .../private-vulnerability-reporting → enabled: false), so I cannot file a GHSA report via the API.
Please either
- Enable private vulnerability reporting so I can submit the full package via GitHub Security Advisories, or
- Contact @macncrash /
macncrash@users.noreply.github.com and I will grant access to the private package repo or re-send the materials.
Private package (invite-only): https://github.com/macncrash/saudit-disclosure-claw-code-2026-07
I will not post exploit details, PoCs, or patches on this public issue.
Reporter: macncrash
AI-assisted analysis; findings human-verified. Local validation only.
Thank you.
Coordination request (no technical details here)
I have a private coordinated vulnerability report for
ultraworkers/claw-codeaffecting sandbox isolation reporting and permission-mode persistence (HIGH). Report includes full write-up and suggested patches.Private vulnerability reporting appears disabled on this repository (
GET .../private-vulnerability-reporting→enabled: false), so I cannot file a GHSA report via the API.Please either
macncrash@users.noreply.github.comand I will grant access to the private package repo or re-send the materials.Private package (invite-only): https://github.com/macncrash/saudit-disclosure-claw-code-2026-07
I will not post exploit details, PoCs, or patches on this public issue.
Reporter: macncrash
AI-assisted analysis; findings human-verified. Local validation only.
Thank you.