Please do not open a public issue for security vulnerabilities.
If you discover a security vulnerability in Self-Care, please report it privately by emailing support@notdiamond.ai.
Include as much of the following as you can:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 5 business days
- Fix or mitigation: Depends on severity, but we aim for 30 days for critical issues
We will coordinate with you on disclosure timing. We ask that you give us reasonable time to address the issue before any public disclosure.
This policy applies to the Self-Care Claude Code plugin and its bundled components. For issues related to Claude Code itself, please refer to Anthropic's security policy.