If you discover a security vulnerability in Wreck-It Ralph, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email your findings to the maintainers. Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
We will acknowledge receipt within 48 hours and provide a detailed response within 7 days.
This security policy covers vulnerabilities in:
- The Wreck-It Ralph orchestrator code
- Generated hook scripts
- Report generation
- Any component that could lead to unauthorized access or data exposure
- Vulnerabilities in Claude CLI itself (report to Anthropic)
- Vulnerabilities in Playwright MCP (report to Microsoft)
- Issues with target applications being tested (that's the point of the tool)
This tool is designed for authorized security testing only. Using it against systems without explicit written permission is:
- Illegal in most jurisdictions
- A violation of computer fraud and abuse laws
- Against Anthropic's acceptable use policy
The maintainers are not responsible for misuse of this tool.
| Version | Supported |
|---|---|
| Latest | ✅ |
| < 1.0 | ❌ |
We only provide security updates for the latest release.