chore: update NVD/GHSA advisories - 27 NVD new, 20 NVD updated (#274)

* chore: update NVD/GHSA advisories - 27 NVD new, 20 NVD updated

Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-06-14T07:33:37Z to 2026-06-17T07:44:37.000Z

* fix(skill-release): ignore generated advisory mirror updates

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: David Abutbul <David.a@prompt.security>

.github/workflows/skill-release.yml

@@ -7,6 +7,8 @@ on:
   pull_request:
     paths:
       - 'skills/**'
+      - '!skills/clawsec-feed/advisories/feed.json'
+      - '!skills/clawsec-feed/advisories/feed.json.sig'
       - '.github/workflows/skill-release.yml'
       - 'scripts/ci/**'
       - 'scripts/test-skill-*.mjs'
@@ -88,6 +90,8 @@ jobs:
           touched_skills_file="$(mktemp)"
           git diff --name-only "${BASE_SHA}...${HEAD_SHA}" -- \
             'skills/*/**' \
+            ':(exclude)skills/clawsec-feed/advisories/feed.json' \
+            ':(exclude)skills/clawsec-feed/advisories/feed.json.sig' \
             ':(exclude)skills/*/test/**' \
             ':(exclude)skills/*/tests/**' \
             | awk -F/ '
@@ -410,6 +414,8 @@ jobs:
           touched_skills_file="$(mktemp)"
           git diff --name-only "${BASE_SHA}...${HEAD_SHA}" -- \
             'skills/*/**' \
+            ':(exclude)skills/clawsec-feed/advisories/feed.json' \
+            ':(exclude)skills/clawsec-feed/advisories/feed.json.sig' \
             ':(exclude)skills/*/test/**' \
             ':(exclude)skills/*/tests/**' \
             | awk -F/ 'NF >= 3 {print $1 "/" $2}' \