AntiLink protects live Discord communities, so responsible disclosure matters.
Do not publish suspected vulnerabilities, exploitation details, credentials, private server data, or proof-of-concept attacks in a public GitHub issue.
Report security concerns privately through the AntiLink support server. Clearly state that the report is security-sensitive so it can be routed appropriately.
Please include:
- A clear description of the issue
- The affected AntiLink surface
- Reproduction steps that do not harm other users or servers
- The potential impact
- Screenshots or logs with tokens, IDs, and personal information removed
- A safe way to contact you for follow-up
Security reports may concern:
- The AntiLink Discord bot
- The dashboard
- The marketing website
- The documentation website
- The public status platform
- AntiLink authentication or authorization behavior
Third-party platforms and services should be reported to their respective owners unless the issue is caused by AntiLink's integration.
Do not:
- Access data that does not belong to you
- Disrupt AntiLink or Discord services
- Test against Discord servers without permission
- Use social engineering, credential theft, spam, or denial-of-service attacks
- Retain or disclose sensitive data
AntiLink does not currently promise a bug bounty or payment for reports. Responsible reports are still appreciated and will be reviewed in good faith.