Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208)

* Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs * fix(feed): add picoclaw to core platform taxonomy and filters * fix(picoclaw): resolve eslint errors in new skills * chore(nvd): include picoclaw in CVE polling and cleanup report --------- Co-authored-by: David Abutbul <David.a@prompt.security>
2026-06-13 05:28:02 +03:00 · 2026-04-26 14:19:18 +03:00
parent c53463c445
commit 0d2e38ddfd
35 changed files with 1618 additions and 16 deletions
@@ -0,0 +1,44 @@
+# Picoclaw Self Pen Testing
+
+## Summary
+
+Current package version: `v0.0.1`.
+
+`picoclaw-self-pen-testing` is a standalone Picoclaw package that runs local, read-only self-pen-testing style checks from a generated Picoclaw posture profile.
+
+This package is intentionally separate from `picoclaw-security-guardian` so moderation-sensitive findings can be shipped independently.
+
+## What it checks
+
+- Public Web UI exposure
+- Disabled Web UI auth
+- Unrestricted workspace/tooling posture
+- Unsafely unsigned verification mode
+- MCP trust-boundary review needs
+- Scheduler persistence review
+- Plaintext secret markers
+- Multi-channel auth review
+
+## Usage
+
+```bash
+node skills/picoclaw-self-pen-testing/scripts/self_pen_test.mjs \
+  --profile ~/.picoclaw/security/clawsec/current-profile.json
+```
+
+## Validation
+
+```bash
+python utils/validate_skill.py skills/picoclaw-self-pen-testing
+node skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs
+```
+
+## Source references
+
+- `skills/picoclaw-self-pen-testing/skill.json`
+- `skills/picoclaw-self-pen-testing/SKILL.md`
+- `skills/picoclaw-self-pen-testing/README.md`
+- `skills/picoclaw-self-pen-testing/lib/self_pen_test.mjs`
+- `skills/picoclaw-self-pen-testing/lib/format.mjs`
+- `skills/picoclaw-self-pen-testing/scripts/self_pen_test.mjs`
+- `skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs`