Please email security@incredibuild.com with details. We aim to acknowledge within 2 business days. Do not file public issues for security reports.

• Never commit .env. It's gitignored. Use .env.example as a template.
• Never commit a real LLM, CRM, email-provider, or webhook key. All values in .env.example are blank or placeholders.
• Inside Islo sandboxes, prefer the gateway-profile flow over --env injection so the real secret stays on the host. See the "Credentials in the sandbox" section of the README.
• The Mission Control Cypher console is read-only by design — CREATE, MERGE, SET, DELETE, REMOVE, DROP, and CALL db are refused at the HTTP boundary. If you expose Mission Control on the public internet, put it behind your auth proxy of choice; this repo ships no built-in auth.
• Sequencer ships with SEND_ENABLED=false and SEQUENCER_DRY_RUN=true. Flip both, intentionally, to send real outbound mail.

• .gitignore excludes .env, .env.local, all caches, all per-agent ephemeral OpenClaw state, and local FalkorDB / Cognee data dirs.
• The bundled bootstrap.sh installs npm packages into $HOME/.npm-global rather than system-wide so the sandbox never needs sudo for OpenClaw.
• All graph writes from the demo runner use parameterised MERGE, never string-concatenated Cypher.