feat: add clawsec-advisory-guardian hook for advisory monitoring and … (#9)

* feat: add clawsec-advisory-guardian hook for advisory monitoring and user approval

- Implemented clawsec-advisory-guardian hook to detect advisories for installed skills.
- Added handler for processing advisory matches and notifying users.
- Created scripts for setting up advisory hooks and cron jobs for periodic scans.
- Introduced guarded skill installation script requiring user confirmation for high-risk advisories.
- Updated skill.json to reflect new features and embedded components for advisory monitoring.

* chore(clawsec-suite): bump version to 0.0.8

* feat: enhance release script to support version tagging and improve install function

* fix: use globalThis for AbortController and timeout functions in loadRemoteFeed

* Update scripts/release-skill.sh

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

* Update skills/clawsec-suite/scripts/guarded_skill_install.mjs

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

* Update scripts/release-skill.sh

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

* Normalize version input by removing leading 'v' in versionMatches function

* Add dirName property to InstalledSkill and update alert message paths

* Enhance file permission handling in persistState function and add warning for chmod errors

* Refactor advisory guardian hook: modularize utility functions, version handling, and feed management

- Moved utility functions (isObject, normalizeSkillName, uniqueStrings) to lib/utils.mjs
- Created version handling functions (parseSemver, compareSemver, versionMatches) in lib/version.mjs
- Implemented feed management functions (parseAffectedSpecifier, isValidFeedPayload, loadRemoteFeed) in lib/feed.mjs
- Updated handler.ts to utilize new modular functions for improved readability and maintainability
- Added new types and state management in lib/types.ts and lib/state.ts
- Updated scripts to reflect new file structure and dependencies

* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/matching.ts

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

* Add published field to Advisory type and refine version matching logic

* Set default version to "unknown" in discoverInstalledSkills and adjust versionMatches logic

* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/version.mjs

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/matching.ts

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/version.mjs

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

---------

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

advisories/feed.json

@@ -1,12 +1,13 @@
 {
-  "version": "0.0.2",
-  "updated": "2026-02-08T06:16:28Z",
+  "version": "0.0.3",
+  "updated": "2026-02-08T18:42:58Z",
   "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
   "advisories": [
     {
       "id": "CVE-2026-25593",
       "severity": "high",
-      "type": "vulnerable_skill",
+      "type": "missing_authentication_for_critical_function",
+      "nvd_category_id": "CWE-306",
       "title": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use t...",
       "description": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.",
       "affected": [],
@@ -21,7 +22,8 @@
     {
       "id": "CVE-2026-25475",
       "severity": "medium",
-      "type": "vulnerable_skill",
+      "type": "exposure_of_sensitive_information",
+      "nvd_category_id": "CWE-200",
       "title": "OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/...",
       "description": "OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30.",
       "affected": [],
@@ -36,7 +38,8 @@
     {
       "id": "CVE-2026-25157",
       "severity": "high",
-      "type": "vulnerable_skill",
+      "type": "os_command_injection",
+      "nvd_category_id": "CWE-78",
       "title": "OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vu...",
       "description": "OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbitrary command execution on the remote SSH host. The parseSSHTarget function did not validate that SSH target strings could not begin with a dash. An attacker-supplied target like -oProxyCommand=... would be interpreted as an SSH configuration flag rather than a hostname, allowing arbitrary command execution on the local machine. This issue has been patched in version 2026.1.29.",
       "affected": [],
@@ -51,7 +54,8 @@
     {
       "id": "CVE-2026-24763",
       "severity": "high",
-      "type": "vulnerable_skill",
+      "type": "os_command_injection",
+      "nvd_category_id": "CWE-78",
       "title": "OpenClaw (formerly  Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026....",
       "description": "OpenClaw (formerly  Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.",
       "affected": [],
@@ -68,7 +72,8 @@
     {
       "id": "CVE-2026-25253",
       "severity": "high",
-      "type": "vulnerable_skill",
+      "type": "incorrect_resource_transfer_between_spheres",
+      "nvd_category_id": "CWE-669",
       "title": "OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string a...",
       "description": "OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.",
       "affected": [],