diff --git a/advisories/feed.json b/advisories/feed.json
index b24b16f..aec4ea2 100644
--- a/advisories/feed.json
+++ b/advisories/feed.json
@@ -1,8 +1,23 @@
 {
   "version": "0.0.2",
-  "updated": "2026-02-05T12:53:37Z",
+  "updated": "2026-02-08T06:16:28Z",
   "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
   "advisories": [
+    {
+      "id": "CVE-2026-25593",
+      "severity": "high",
+      "type": "vulnerable_skill",
+      "title": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use t...",
+      "description": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.",
+      "affected": [],
+      "action": "Review and update affected components. See NVD for remediation details.",
+      "published": "2026-02-06T21:16:17.790",
+      "references": [
+        "https://github.com/openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg"
+      ],
+      "cvss_score": 8.4,
+      "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25593"
+    },
     {
       "id": "CVE-2026-25475",
       "severity": "medium",
diff --git a/skills/clawsec-feed/advisories/feed.json b/skills/clawsec-feed/advisories/feed.json
index b24b16f..aec4ea2 100644
--- a/skills/clawsec-feed/advisories/feed.json
+++ b/skills/clawsec-feed/advisories/feed.json
@@ -1,8 +1,23 @@
 {
   "version": "0.0.2",
-  "updated": "2026-02-05T12:53:37Z",
+  "updated": "2026-02-08T06:16:28Z",
   "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
   "advisories": [
+    {
+      "id": "CVE-2026-25593",
+      "severity": "high",
+      "type": "vulnerable_skill",
+      "title": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use t...",
+      "description": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.",
+      "affected": [],
+      "action": "Review and update affected components. See NVD for remediation details.",
+      "published": "2026-02-06T21:16:17.790",
+      "references": [
+        "https://github.com/openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg"
+      ],
+      "cvss_score": 8.4,
+      "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25593"
+    },
     {
       "id": "CVE-2026-25475",
       "severity": "medium",