We take the security of Free-Claude-Code-Guide seriously. If you believe you have found a security vulnerability, please report it to us as described below. This is important for the safety of the project. We take all reports seriously.

If you find a security vulnerability, do NOT open a public issue. Instead, please report it privately by emailing us at the address shown below. We will investigate promptly.

Please include the following information in your report:

• Type of vulnerability (e.g., API key exposure, injection, etc.)
• Full path to the affected file(s)
• Steps to reproduce the vulnerability
• Potential impact of the vulnerability
• Suggested fix (if any)

After you submit a vulnerability report:

1. Acknowledgment: We will acknowledge receipt within 48 hours
2. Investigation: We will investigate and determine the scope and severity
3. Communication: We will keep you informed of our progress
4. Resolution: We will work on a fix and prepare a security advisory
5. Disclosure: We will coordinate public disclosure with you

⚠️ NEVER commit the following to this repository:

• .env files containing API keys
• NVIDIA NIM API keys
• OpenRouter API keys
• Any authentication tokens

The .gitignore file is configured to prevent accidental commits of .env files, but always double-check before pushing.

When documenting configuration examples:

• Use placeholder values like nvapi-votre-clé or sk-or-votre-clé
• Never use real API keys in documentation
• Use examples that clearly indicate they need to be replaced

• Keep your local .env file secure and private
• Don't share screenshots that might contain API keys
• Use environment variables rather than hardcoding values

This project is a documentation guide. Security updates apply to:

This security policy covers:

• The documentation in this repository
• Configuration examples provided
• CI/CD workflows

This policy does NOT cover:

• The upstream free-claude-code project (https://github.com/Alishahryar1/free-claude-code)
• NVIDIA NIM services
• Claude Code CLI software

Some parts of this security policy were adapted from the GitHub Security Policy template.