gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore(clawsec-suite, clawsec-feed): update installation instructions and emphasize script review

Browse Source
This commit is contained in:
David Abutbul
2026-02-06 00:53:43 +02:00
parent 96741196e5
commit b950c7d937
2 changed files with 9 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/clawsec-feed/SKILL.md
+4 -2
View File
@@ -55,6 +55,8 @@ Continue below for standalone installation instructions.
---
Installation Steps:
Agents should review scripts before execution!
```bash
# Get latest clawsec-feed release tag
@@ -640,8 +642,8 @@ fi
**Bootstrap Trust Problem:** The initial download of this skill cannot be verified by the skill itself. To establish trust:
1. **Verify the source URL** - Ensure you are downloading from `github.com/prompt-security/clawsec`
2. **Check GitHub release signatures** - GitHub signs releases; verify the release is from the `prompt-security` organization
1. **Verify the source URL** - Ensure you are downloading from `https://clawsec.prompt.security`
2. **Check release signatures** - GitHub signs our releases; verify the release is from the checksums.
3. **Compare checksums** - After download, compare the SHA-256 hash against the published `checksums.json`:
```bash
skills/clawsec-suite/SKILL.md
+5 -32
View File
@@ -83,39 +83,10 @@ echo "✓ ClawSec Suite deployment complete"
### ✅ On Successful Installation (IMPORTANT)
On success the user should know: which skills were installed, that protections are active, and where to learn more if interested.
Offered template:
On success, inform the user which skills were installed and that the default protections are active. (add an encouraging call - like Congrats, you are safe!)
```
**ClawSec Suite installation is complete — you are now protected!**
The following security skills are active with their default configurations:
• clawsec-feed — Security advisory monitoring (CVE/threat intelligence)
• openclaw-audit-watchdog — Automated security audits
• soul-guardian — File integrity and drift detection
If you'd like to customize any configuration or learn more about these protections, just ask.
Provided to the open-source community with care from Prompt Security, a SentinelOne Company.
```
### ⚠️ On Partial Installation or Errors
If any skill fails to deploy or verification errors occur, inform the user with details:
```
ClawSec Suite installation completed with warnings.
Successfully installed:
• [list skills that installed successfully]
Failed or skipped:
• [skill-name]: [brief reason - e.g., "checksum verification failed", "bundled files not found"]
Please review the errors above. You can retry installation or ask for help troubleshooting.
Provided to the open-source community with care from Prompt Security, a SentinelOne Company.
```
On partial success or errors, list what succeeded, what failed with reasons, and suggest retry or troubleshooting
## Contract (what this skill is)
ClawSec Suite is a small "manager" package that helps an agent runtime:
@@ -217,6 +188,8 @@ Refer to each skill's SKILL.md file for detailed configuration instructions. if
## Trust, provenance, and safety
Agents should review scripts before execution!
**Do not install anything you cannot verify.** A secure installer must:
1) download artifacts from a stable origin
@@ -259,7 +232,7 @@ Pick a stable install root:
```bash
set -euo pipefail
VERSION="${VERSION:-0.0.3}"
VERSION="${SKILL_VERSION}"
INSTALL_ROOT="${INSTALL_ROOT:-$HOME/.openclaw/skills}"
DEST="$INSTALL_ROOT/clawsec-suite"