feat(advisories): add provisional GHSA feed (#242)

* feat(advisories): add provisional ghsa feed * fix(workflows): include advisory signatures in checksums * fix(workflows): mirror ghsa feed at release root * feat(advisories): consolidate ghsa into agent feed * ci(advisories): consolidate ghsa during nvd poll * fix(advisories): retain unreplaced ghsa feed entries * chore(skills): bump advisory feed consumers * fix(release): resolve ts import closure dry run * fix(release): preserve urls while stripping comments * fix(release): ignore skill test-only changes * fix(advisories): follow ghsa pagination links * test(advisories): add nvd ghsa pipeline dry run
2026-06-13 05:28:02 +03:00 · 2026-05-24 21:41:59 +03:00
parent 8a9bdfcd23
commit 4dbac421ab
34 changed files with 1944 additions and 81 deletions
@@ -1,5 +1,10 @@
 # Changelog

+## [0.0.8] - 2026-05-24
+
+### Changed
+- Documented the consolidated signed advisory feed as the default feed for NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.
+
 ## [0.0.7] - 2026-05-14

 ### Security
@@ -1,6 +1,6 @@
 ---
 name: clawsec-feed
-version: 0.0.7
+version: 0.0.8
 description: Security advisory feed package for OpenClaw-related threats and vulnerabilities. The upstream feed is updated daily; local automation is handled by clawsec-suite or the operator.
 homepage: https://clawsec.prompt.security
 metadata: {"openclaw":{"emoji":"📡","category":"security"}}
@@ -14,7 +14,7 @@ clawdis:

 Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence and stay informed about emerging threats.

-This feed is automatically updated daily with CVEs related to OpenClaw and Moltbot from the NIST National Vulnerability Database (NVD).
+The default `feed.json` is the consolidated agent feed. It includes NVD CVEs, approved community advisories, and provisional GitHub Security Advisories that do not have CVE IDs yet.

 ## Operational Notes

@@ -90,7 +90,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
 set -euo pipefail

 SKILL_NAME="clawsec-feed"
-VERSION="0.0.7"
+VERSION="0.0.8"
 REPO="prompt-security/clawsec"
 TAG="${SKILL_NAME}-v${VERSION}"
 BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -783,7 +783,7 @@ fi

 | Variable | Description | Default |
 |----------|-------------|---------|
-| `CLAWSEC_FEED_URL` | Custom advisory feed URL | Raw GitHub (`main` branch) |
+| `CLAWSEC_FEED_URL` | Custom advisory feed URL | Consolidated signed feed |
 | `CLAWSEC_INSTALL_DIR` | Installation directory | `~/.openclaw/skills/clawsec-feed` |

 ---
@@ -1,6 +1,6 @@
 {
  "name": "clawsec-feed",
-  "version": "0.0.7",
+  "version": "0.0.8",
  "description": "Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence.",
  "author": "prompt-security",
  "license": "AGPL-3.0-or-later",
@@ -1,5 +1,11 @@
 # Changelog

+## [0.0.6] - 2026-05-24
+
+### Changed
+- Documented that NanoClaw consumes the consolidated signed advisory feed containing NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.
+- Added advisory metadata typing for GHSA lifecycle fields used by the consolidated feed.
+
 ## [0.0.5] - 2026-05-14

 ### Security
@@ -1,6 +1,6 @@
 ---
 name: clawsec-nanoclaw
-version: 0.0.5
+version: 0.0.6
 description: Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
 ---

@@ -183,6 +183,8 @@ if (advisory.exploitability_score === 'high' || advisory.severity === 'critical'

 **Feed Source**: https://clawsec.prompt.security/advisories/feed.json

+This signed feed is consolidated. NanoClaw receives NVD CVEs, approved community advisories, and provisional GHSA-without-CVE advisories through the same default URL.
+
 **Update Frequency**: Every 6 hours (automatic)

 **Signature Verification**: Ed25519 signed feeds
@@ -208,7 +210,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
 set -euo pipefail

 SKILL_NAME="clawsec-nanoclaw"
-VERSION="0.0.5"
+VERSION="0.0.6"
 REPO="prompt-security/clawsec"
 TAG="${SKILL_NAME}-v${VERSION}"
 BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -5,6 +5,11 @@

 export interface Advisory {
  id: string;
+  ghsa_id?: string;
+  cve_id?: string | null;
+  status?: 'active' | 'matured' | 'stale' | string;
+  stale?: boolean;
+  source_feed?: string;
  severity: 'critical' | 'high' | 'medium' | 'low';
  type: 'vulnerable_skill' | 'malicious_skill' | 'prompt_injection' | string;
  title: string;
@@ -14,7 +19,10 @@ export interface Advisory {
  published: string;
  references: string[];
  cvss_score?: number;
+  cvss_vector?: string | null;
  nvd_url?: string;
+  github_advisory_url?: string;
+  platforms?: string[];
  exploitability_score?: 'high' | 'medium' | 'low' | 'unknown';
  exploitability_rationale?: string;
  source?: string;
@@ -1,6 +1,6 @@
 {
  "name": "clawsec-nanoclaw",
-  "version": "0.0.5",
+  "version": "0.0.6",
  "description": "ClawSec security suite for NanoClaw - Advisory feed monitoring, MCP tools for vulnerability checking, and Ed25519 signature verification for containerized WhatsApp bot agents",
  "author": "prompt-security",
  "license": "AGPL-3.0-or-later",
@@ -5,6 +5,13 @@ All notable changes to the ClawSec Suite will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [0.1.9] - 2026-05-24
+
+### Changed
+
+- Documented the remote advisory feed as a consolidated feed containing NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.
+- Added advisory guardian type coverage for GHSA lifecycle metadata used by the consolidated feed.
+
 ## [0.1.8] - 2026-05-16

 ### Fixed
@@ -1,6 +1,6 @@
 ---
 name: clawsec-suite
-version: 0.1.8
+version: 0.1.9
 description: ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.
 homepage: https://clawsec.prompt.security
 clawdis:
@@ -28,7 +28,7 @@ This means `clawsec-suite` can:
 ## Included vs Optional Protections

 ### Built into clawsec-suite
- Embedded feed seed file: `advisories/feed.json`
+- Embedded consolidated advisory feed seed file: `advisories/feed.json`
 - Portable heartbeat workflow in `HEARTBEAT.md`
 - Advisory polling + state tracking + affected-skill checks
 - OpenClaw advisory guardian hook package: `hooks/clawsec-advisory-guardian/`
@@ -200,7 +200,8 @@ This enforces:

 The embedded feed logic uses these defaults:

- Remote feed URL: `https://clawsec.prompt.security/advisories/feed.json`
+- Remote consolidated feed URL: `https://clawsec.prompt.security/advisories/feed.json`
+- Feed contents: NVD CVEs, approved community advisories, and provisional GHSA-without-CVE advisories.
 - Remote feed signature URL: `${CLAWSEC_FEED_URL}.sig` (override with `CLAWSEC_FEED_SIG_URL`)
 - Remote checksums manifest URL: sibling `checksums.json` (override with `CLAWSEC_FEED_CHECKSUMS_URL`)
 - Local seed fallback: `~/.openclaw/skills/clawsec-suite/advisories/feed.json`
@@ -6,6 +6,11 @@ export type HookEvent = {

 export type Advisory = {
  id?: string;
+  ghsa_id?: string;
+  cve_id?: string | null;
+  status?: string;
+  stale?: boolean;
+  source_feed?: string;
  severity?: string;
  type?: string;
  application?: string | string[];
@@ -15,6 +20,10 @@ export type Advisory = {
  published?: string;
  updated?: string;
  affected?: string[];
+  platforms?: string[];
+  references?: string[];
+  nvd_url?: string | null;
+  github_advisory_url?: string;
 };

 export type FeedPayload = {
@@ -1,6 +1,6 @@
 {
  "name": "clawsec-suite",
-  "version": "0.1.8",
+  "version": "0.1.9",
  "description": "ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.",
  "author": "prompt-security",
  "license": "AGPL-3.0-or-later",
@@ -1,5 +1,10 @@
 # Changelog

+## [0.1.3] - 2026-05-24
+
+### Changed
+- Documented that the default signed advisory feed is consolidated and may include NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records while Hermes matching remains package-scoped.
+
 ## [0.1.2] - 2026-05-15

 ### Fixed
@@ -1,6 +1,6 @@
 ---
 name: hermes-attestation-guardian
-version: 0.1.2
+version: 0.1.3
 description: Hermes-only runtime security attestation and drift detection skill for operator-managed Hermes infrastructure.
 homepage: https://clawsec.prompt.security
 hermes:
@@ -24,7 +24,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
 set -euo pipefail

 SKILL_NAME="hermes-attestation-guardian"
-VERSION="0.1.2"
+VERSION="0.1.3"
 REPO="prompt-security/clawsec"
 TAG="${SKILL_NAME}-v${VERSION}"
 BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -207,6 +207,8 @@ Severity messages are emitted as INFO / WARNING / CRITICAL style lines.

 ## Advisory feed override knobs

+The default signed advisory feed is consolidated: it can contain NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records. Hermes matching still gates on affected package names and supported version ranges.
+
 - Source selection: `HERMES_ADVISORY_FEED_SOURCE=auto|remote|local`
 - Remote artifacts: `HERMES_ADVISORY_FEED_URL`, `HERMES_ADVISORY_FEED_SIG_URL`, `HERMES_ADVISORY_FEED_CHECKSUMS_URL`, `HERMES_ADVISORY_FEED_CHECKSUMS_SIG_URL`
 - Local artifacts: `HERMES_LOCAL_ADVISORY_FEED`, `HERMES_LOCAL_ADVISORY_FEED_SIG`, `HERMES_LOCAL_ADVISORY_FEED_CHECKSUMS`, `HERMES_LOCAL_ADVISORY_FEED_CHECKSUMS_SIG`
@@ -1,6 +1,6 @@
 {
  "name": "hermes-attestation-guardian",
-  "version": "0.1.2",
+  "version": "0.1.3",
  "description": "Hermes-only runtime security attestation and drift detection skill. Generates deterministic posture artifacts, verifies integrity fail-closed, and classifies baseline drift severity.",
  "author": "prompt-security",
  "license": "AGPL-3.0-or-later",
@@ -1,5 +1,10 @@
 # Changelog

+## [0.0.3] - 2026-05-24
+
+### Changed
+- Documented that Picoclaw advisory checks consume the consolidated signed advisory feed, including NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.
+
 ## [0.0.2] - 2026-05-13

 ### Security
@@ -1,6 +1,6 @@
 ---
 name: picoclaw-security-guardian
-version: 0.0.2
+version: 0.0.3
 description: Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.
 homepage: https://clawsec.prompt.security
 author: prompt-security
@@ -27,7 +27,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
 set -euo pipefail

 SKILL_NAME="picoclaw-security-guardian"
-VERSION="0.0.2"
+VERSION="0.0.3"
 REPO="prompt-security/clawsec"
 TAG="${SKILL_NAME}-v${VERSION}"
 BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -127,6 +127,7 @@ node scripts/check_advisories.mjs   --feed ~/.picoclaw/security/clawsec/feed.jso
 ```

 The script filters advisories for `picoclaw`, `ai-gateway`, empty/all-platform advisories, or affected package entries containing `picoclaw`.
+The expected feed input is the consolidated signed ClawSec advisory feed, so it can contain NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.

 ## Drift protection

@@ -184,4 +185,3 @@ skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regres
 ```

 The regression installs the skill through Picoclaw's own `find_skills` / `install_skill` path from a local ClawHub-compatible registry into an isolated Docker-hosted Picoclaw workspace with isolated `HOME`, `PICOCLAW_HOME`, and `PICOCLAW_WORKSPACE`. It verifies signed release-artifact preflight inputs, confirms Picoclaw's skill loader can list/load the installed skill, then runs the installed copy's profile, drift, advisory fail-closed, advisory filtering, and supply-chain verification paths against Picoclaw-style `config.json` and `launcher-config.json` files.
-
@@ -1,6 +1,6 @@
 {
  "name": "picoclaw-security-guardian",
-  "version": "0.0.2",
+  "version": "0.0.3",
  "description": "Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.",
  "author": "prompt-security",
  "license": "AGPL-3.0-or-later",