Skip to content

Security: timeout187/AntiLink

Security

SECURITY.md

Security policy

AntiLink protects live Discord communities, so responsible disclosure matters.

Reporting a vulnerability

Do not publish suspected vulnerabilities, exploitation details, credentials, private server data, or proof-of-concept attacks in a public GitHub issue.

Report security concerns privately through the AntiLink support server. Clearly state that the report is security-sensitive so it can be routed appropriately.

Please include:

  • A clear description of the issue
  • The affected AntiLink surface
  • Reproduction steps that do not harm other users or servers
  • The potential impact
  • Screenshots or logs with tokens, IDs, and personal information removed
  • A safe way to contact you for follow-up

Scope

Security reports may concern:

  • The AntiLink Discord bot
  • The dashboard
  • The marketing website
  • The documentation website
  • The public status platform
  • AntiLink authentication or authorization behavior

Third-party platforms and services should be reported to their respective owners unless the issue is caused by AntiLink's integration.

Safe research

Do not:

  • Access data that does not belong to you
  • Disrupt AntiLink or Discord services
  • Test against Discord servers without permission
  • Use social engineering, credential theft, spam, or denial-of-service attacks
  • Retain or disclose sensitive data

AntiLink does not currently promise a bug bounty or payment for reports. Responsible reports are still appreciated and will be reviewed in good faith.

There aren't any published security advisories