Only the latest released version of Watchdog receives security fixes. Pin your dependency accordingly.

Do not open a public GitHub issue for security-sensitive reports.

Send a private email to jonyandunh@outlook.com with:

• A clear description of the issue
• Steps to reproduce (or a minimal PoC)
• The version / commit you tested against
• Your assessment of impact

I will acknowledge your report within 7 days and aim to publish a fix within 30 days for valid reports. If the report requires coordination with upstream projects (e.g., Claude Code itself or the ralph-loop plugin we derive from), the timeline may be longer — I will keep you informed.

The Watchdog plugin runs as a set of bash scripts triggered by Claude Code hooks. In-scope issues include:

• Command injection via unescaped user input (prompts, state file contents, hook input JSON)
• State file path manipulation via the per-session key (the parent Claude Code PID). The key is parsed as a positive integer before use, so classic path traversal is not possible, but any new code path that bypasses that validation would be in scope.
• Recursion / isolation bypass where a subprocess's Stop hook could mutate a different session's state file
• Privilege escalation via the headless Claude CLI classifier call

Out of scope:

• Issues in Claude Code itself — report to Anthropic
• Issues in the ralph-loop plugin — report to Anthropic
• Social engineering that tricks a user into running /watchdog:start with a malicious prompt
• Resource exhaustion from legitimately-loop-bound tasks (use --max-iterations to bound)

Reporters of valid vulnerabilities will be credited in the release notes unless they request otherwise.