This project is pre-1.0. Security fixes should target main until versioned releases begin.

Do not open public issues or pull requests containing:

• QQ app secrets or access tokens;
• QQ account identifiers, openids, or private group IDs;
• NapCat cookies, QR codes, tokens, or runtime files;
• generated .cc-connect state or local config files;
• chat logs, group memories, member notes, or private files.

If a vulnerability may expose credentials or private chat content, report it privately through GitHub Security Advisories after the repository is published.

If Security Advisories are not enabled yet, contact the maintainer privately and share only the minimum reproduction details needed to confirm the issue.