fix: Bump clawsec-suite version to 0.1.4 and update CHANGELOG (qa-requested)

Fixes:
- Bumped version from 0.1.3 to 0.1.4 in skill.json
- Added 0.1.4 release entry to CHANGELOG.md documenting audit warning feature
- Already rebased on origin/main (382db82)

Changes document the new CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0 audit warnings
for release pipeline compatibility.

Verified:
- All tests pass (8/8 guarded_install tests)
- ESLint clean with --max-warnings 0

QA Fix Session: 0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

skills/clawsec-suite/CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to the ClawSec Suite will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.4]
+
+### Added
+
+- Audit warning when `CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0` is enabled in `guarded_skill_install.mjs` to match visibility pattern of `CLAWSEC_ALLOW_UNSIGNED_FEED` bypass.
+- Audit warning when `CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0` is enabled in `handler.ts` with once-only flag pattern to prevent repeated warnings.
+
+### Security
+
+- Enhanced visibility for checksum verification bypass: operators are now immediately notified when the checksum manifest verification layer is disabled, following the fail-open visibility principle.
+
 ## [0.1.3]
 
 ### Added

skills/clawsec-suite/skill.json

@@ -1,6 +1,6 @@
 {
   "name": "clawsec-suite",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.",
   "author": "prompt-security",
   "license": "AGPL-3.0-or-later",