claude-code-remote-remake/.github/ISSUE_TEMPLATE/security.md

---
name: 🔒 Security Report
about: Report a security vulnerability
title: '[SECURITY] '
labels: 'security'
---

<!--
🏷️ ISSUE TITLE NAMING RULES:
Format: [SECURITY] Short description of the security issue

✅ GOOD EXAMPLES:
- [SECURITY] Hardcoded credentials in config file
- [SECURITY] Command injection vulnerability in email handler
- [SECURITY] Exposed API keys in environment variables
- [SECURITY] Unauthorized access to notification settings
- [SECURITY] XSS vulnerability in notification content
- [SECURITY] Path traversal in file upload feature
- [SECURITY] SQL injection in database queries

❌ BAD EXAMPLES:
- Security issue (no [SECURITY] prefix)
- [SECURITY] Problem (not descriptive enough)
- Vulnerability (no [SECURITY] prefix)
- [SECURITY] Bug (too vague)

📋 AVAILABLE ISSUE TYPES:
1. 🐛 Bug Report - Report broken functionality
2. ✨ Feature Request - Request new features
3. ❓ Question - Ask usage questions
4. 🔒 Security Report (this template) - Report security vulnerabilities
5. ⚡ Performance Issue - Report performance problems
6. 🔧 Enhancement - Suggest improvements to existing features
7. 💬 Discussion - General discussions and brainstorming
-->

## Severity Level (select one)
- [ ] 🔴 Critical - Immediate action required
- [ ] 🟠 High - Should be fixed soon
- [ ] 🟡 Medium - Should be addressed
- [ ] 🟢 Low - Minor security concern

## Vulnerability Type (select one)
- [ ] Authentication/Authorization
- [ ] Code injection (Command/SQL/XSS)
- [ ] Data exposure/leak
- [ ] Hardcoded secrets/credentials
- [ ] Input validation
- [ ] Path traversal
- [ ] Other

## Description
<!-- Clear description of the security issue -->

## Steps to reproduce
1. 
2. 
3. 

## Impact
<!-- What could an attacker achieve? -->

## Suggested fix
<!-- If you have suggestions for fixing this -->

## Environment
- **Node version**: 
- **OS**: 
- **Platform**: Email / Telegram / LINE / All