gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-01 15:52:26 +03:00
Code Issues Packages Projects Releases Wiki Activity
206 Commits 11 Branches 78 Tags
main
Commit Graph

206 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot] 58b092d6d0 chore: update NVD/GHSA advisories - 7 NVD new, 1 NVD updated (#250) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-27T06:34:09Z to 2026-05-31T07:15:12.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-31 10:32:39 +03:00
dependabot[bot] babddfd3f2 chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (#245) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-27 14:39:47 +03:00
davida-ps 47a5696cb6 fix(workflow): wait for dispatched codeql run by sha and time (#248) 2026-05-27 10:03:29 +03:00
github-actions[bot] 5d868bf60f chore: update NVD/GHSA advisories - 9 NVD new, 9 NVD updated (#247) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-24T18:52:13Z to 2026-05-27T06:32:58.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-27 09:48:52 +03:00
davida-ps b57d0f1db2 fix(deps): avoid vulnerable brace-expansion range (#244) 
* fix(deps): avoid vulnerable brace-expansion range

* fix(deps): use patched brace-expansion release
 2026-05-27 09:23:45 +03:00
davida-ps b91e5e4c94 docs: add citation metadata (#246) 
* docs: add citation metadata

* docs: add project release metadata
v0.1.0 		2026-05-27 03:10:02 +03:00
github-actions[bot] 2e793639f2 chore: update NVD/GHSA advisories - 0 NVD new, 1 NVD updated (#241) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-16T22:02:27Z to 2026-05-24T18:50:11.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-25 00:37:22 +03:00
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
picoclaw-security-guardian-v0.0.3 hermes-attestation-guardian-v0.1.3 clawsec-suite-v0.1.9 clawsec-nanoclaw-v0.0.6 clawsec-feed-v0.0.8 		2026-05-24 21:41:59 +03:00
dependabot[bot] 8a9bdfcd23 chore(deps): bump ruff from 0.15.12 to 0.15.13 in /.github (#237) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.12 to 0.15.13.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-19 11:07:13 +03:00
github-actions[bot] 0ee0d065ec chore: CVE advisories - 0 new, 19 updated (#233) 
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-12T06:56:03Z to 2026-05-16T22:00:50.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-17 01:04:46 +03:00
dependabot[bot] 5d2173226c chore(deps-dev): bump @types/node from 25.4.0 to 25.8.0 (#223) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.4.0 to 25.8.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 00:54:40 +03:00
David Abutbul 19c5113511 fix(attestation): include runtime libs in release sbom (#235) 
* fix(attestation): include runtime libs in release sbom

* ci: verify staged skill release import closure

* fix(release): include missing skill runtime sbom files

* fix(release): require files for import closure

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
openclaw-audit-watchdog-v0.1.6 hermes-attestation-guardian-v0.1.2 clawsec-suite-v0.1.8 		2026-05-17 00:40:12 +03:00
David Abutbul 1e48a955cc fix(release): exclude tests from skill payloads (#230) 
* fix(release): exclude tests from skill payloads

* fix(release): normalize test path filtering

* fix(release): prefer GitHub artifacts for non-OpenClaw installs

* fix(release): keep legacy ClawHub publishing

* fix(release): address skill packaging review feedback

* chore(skills): bump release versions

* feat(skills): surface recommended platforms

* docs(skills): add signed release verification

* fix(skills): normalize PR version bumps

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
soul-guardian-v0.0.6 picoclaw-self-pen-testing-v0.0.2 nanoclaw-traffic-guardian-v0.0.1-beta2 picoclaw-traffic-guardian-v0.0.1-beta2 openclaw-traffic-guardian-v0.0.1-beta2 picoclaw-security-guardian-v0.0.2 openclaw-audit-watchdog-v0.1.5 hermes-traffic-guardian-v0.0.1-beta2 hermes-attestation-guardian-v0.1.1 clawsec-feed-v0.0.7 clawtributor-v0.0.6 clawsec-scanner-v0.0.3 claw-release-v0.0.3 clawsec-nanoclaw-v0.0.5 clawsec-clawhub-checker-v0.0.4 		2026-05-14 14:38:58 +03:00
dependabot[bot] 0e503c3d5a chore(deps): bump github/codeql-action from 4.35.1 to 4.35.4 (#231) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...68bde559dea0fdcac2102bfdf6230c5f70eb485e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-12 10:11:49 +03:00
github-actions[bot] 382ec4971b chore: CVE advisories - 18 new, 1 updated (#232) 
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-10T13:15:38Z to 2026-05-12T06:54:54.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-12 10:08:29 +03:00
dependabot[bot] 9595dad58b chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#181) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.1.0 to 8.1.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 10:43:12 +03:00
github-actions[bot] 6e512a5e43 chore: CVE advisories - 461 new, 0 updated (#228) 
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-01-10T13:13:55.000Z to 2026-05-10T13:13:55.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-11 08:56:04 +03:00
davida-ps e4c1e07544 fix(skills-catalog): resolve platform metadata fallbacks (#229) 
* fix(skills-catalog): resolve platform metadata fallbacks

* fix(skills-catalog): harden platform metadata guards
 2026-05-10 16:07:31 +03:00
davida-ps 369745821f feat(traffic-guardian): add runtime monitoring skill baselines (#217) 
* feat(traffic-guardian): add runtime monitoring skill baselines

* fix(traffic-guardian): align changelog and i18n fallback docs

* chore(traffic-guardian): prepare beta1 release metadata
nanoclaw-traffic-guardian-v0.0.1-beta1 hermes-traffic-guardian-v0.0.1-beta1 picoclaw-traffic-guardian-v0.0.1-beta1 openclaw-traffic-guardian-v0.0.1-beta1 		2026-05-10 15:04:17 +03:00
github-actions[bot] 85caad5601 chore: CVE advisories - 461 new, 0 updated (#227) 
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-01-07T12:10:52.000Z to 2026-05-07T12:10:52.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-07 15:14:30 +03:00
davida-ps dfe62457fb Include hermes-agent in NVD queries and export keywords to environment (#226) 
* fix(workflow): expand NVD Hermes coverage and keep keyword export

* fix(workflow): export concise nvd summary keywords
 2026-05-07 14:58:08 +03:00
dependabot[bot] 95f9d758ee chore(deps): bump actions/github-script from 8.0.0 to 9.0.0 (#180) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 13:06:01 +03:00
dependabot[bot] f6afc80aa2 chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#218) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 12:58:47 +03:00
dependabot[bot] 9462fe7e1b chore(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 (#219) 
Bumps [actions/configure-pages](https://github.com/actions/configure-pages) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/configure-pages/releases)
- [Commits](https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d)

---
updated-dependencies:
- dependency-name: actions/configure-pages
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 12:43:36 +03:00
dependabot[bot] e3337d0f33 chore(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#220) 
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](https://github.com/actions/upload-pages-artifact/compare/7b1f4a764d45c48632c6b24a0339c27f5614fb0b...fc324d3547104276b827a68afc52ff2a11cc49c9)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 11:13:41 +03:00
davida-ps 72663ab80b fix(codeql): ignore generated dist artifacts (#216) 2026-05-04 11:37:37 +03:00
github-actions[bot] 4042a388a9 chore: CVE advisories - 0 new, 59 updated (#215) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-30T06:50:23Z to 2026-05-03T06:48:42.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-03 13:28:47 +03:00
dependabot[bot] d491fde73a chore(deps): bump react-dom from 19.2.4 to 19.2.5 (#188) 
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 19.2.4 to 19.2.5.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom)

---
updated-dependencies:
- dependency-name: react-dom
  dependency-version: 19.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 00:52:52 +03:00
dependabot[bot] 6e318384a9 chore(deps-dev): bump fast-check from 4.5.3 to 4.7.0 (#189) 
Bumps [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) from 4.5.3 to 4.7.0.
- [Release notes](https://github.com/dubzzz/fast-check/releases)
- [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md)
- [Commits](https://github.com/dubzzz/fast-check/commits/v4.7.0/packages/fast-check)

---
updated-dependencies:
- dependency-name: fast-check
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 00:49:44 +03:00
dependabot[bot] d23f1f9612 chore(deps): bump aquasecurity/trivy-action (#184) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from e368e328979b113139d6f9068e03accaed98a518 to ed142fd0673e97e23eac54620cfb913e5ce36c25.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/e368e328979b113139d6f9068e03accaed98a518...ed142fd0673e97e23eac54620cfb913e5ce36c25)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 264c9c5e188ea085e7377fd77abd17bfbd4e5926
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 18:11:57 +03:00
dependabot[bot] ef6b5f63d4 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#179) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 18:06:10 +03:00
dependabot[bot] 12afd15dd6 chore(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#182) 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 18:00:01 +03:00
github-actions[bot] 0e22d8f9bd chore: CVE advisories - 0 new, 12 updated (#214) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-29T06:48:08Z to 2026-04-30T06:49:19.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-30 15:04:42 +03:00
github-actions[bot] f8614a21b3 chore: CVE advisories - 53 new, 28 updated (#213) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-28T06:52:17Z to 2026-04-29T06:46:53.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-29 19:19:03 +03:00
David Abutbul b37162a33d feat(i18n): add multilingual wiki scaffolding, language switcher, and… (#212) 
* feat(i18n): add multilingual wiki scaffolding, language switcher, and translation QA pipeline

* docs(readme): adopt picoclaw-style multilingual link bar

* fix(i18n): repair localized index links and tighten partial-pair QA

* ci(i18n): fail on broken markdown links in README/wiki

* ci(i18n): add changed-files mode for markdown link checks

* i18n(de): use local Argos MT to fill untranslated German sections

* i18n(es,fr): fill untranslated sections via local Argos workflow

* i18n(ja): fill untranslated sections with scoped local Argos pass

* i18n(ko): fill untranslated sections with scoped local Argos pass

* fix(i18n): address review feedback

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-04-29 09:00:31 +03:00
dependabot[bot] 627d20b7e1 chore(deps): bump ruff from 0.15.9 to 0.15.12 in /.github (#210) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.9 to 0.15.12.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.9...0.15.12)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 14:37:49 +03:00
dependabot[bot] 87afa0de2f chore(deps): bump postcss from 8.5.6 to 8.5.12 (#209) 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.12.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.12)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 13:51:19 +03:00
github-actions[bot] 5e298bc1f7 chore: CVE advisories - 11 new, 16 updated (#211) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-26T11:27:34Z to 2026-04-28T06:51:12.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-28 13:29:28 +03:00
github-actions[bot] 808aefe40d chore: CVE advisories - 1 new, 1 updated (#207) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-24T06:36:58Z to 2026-04-26T11:26:31.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-26 14:38:45 +03:00
David Abutbul 0d2e38ddfd Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208) 
* Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs

* fix(feed): add picoclaw to core platform taxonomy and filters

* fix(picoclaw): resolve eslint errors in new skills

* chore(nvd): include picoclaw in CVE polling and cleanup report

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
picoclaw-self-pen-testing-v0.0.1 picoclaw-security-guardian-v0.0.1 		2026-04-26 14:19:18 +03:00
github-actions[bot] c53463c445 chore: CVE advisories - 31 new, 1 updated (#205) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-22T11:03:28Z to 2026-04-24T06:36:00.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-24 20:32:13 +03:00
github-actions[bot] 448a2bd577 chore: CVE advisories - 313 new, 0 updated (#193) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2025-12-23T11:02:04.000Z to 2026-04-22T11:02:04.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-22 20:02:11 +03:00
davida-ps 1efb813ed4 fix(nvd): support full CVE rebuild without arg overflow (#204) 
* fix(nvd): add hermes query specs to feed polling

* fix(nvd): derive platform fallback from matched targets

* fix(nvd): avoid arg overflow on full cve rescan

* fix(feed): add other platform filter for nonstandard slugs

* refactor(feed): centralize advisory platform badge mapping

* fix(feed): share platform normalization and fix tab callback typing

* refactor(feed): simplify platform descriptor fallback
 2026-04-22 13:58:34 +03:00
davida-ps c54f09c3a4 fix(nvd): add hermes query specs to feed polling (#203) 
* fix(nvd): add hermes query specs to feed polling

* fix(nvd): derive platform fallback from matched targets
 2026-04-21 16:18:45 +03:00
David Abutbul 26af277afd feat(hermes-attestation-guardian): v0.1.0 release hardening (verify gate + trust policy + .mjs scan context) (#200) 
* feat(hermes-attestation-guardian): release v0.0.2 hardening

* docs(wiki): add v0.0.2 hardening update note

* docs: add Hermes support coverage to README and compatibility report

* fix(hermes-attestation-guardian): address baz review on crontab detection and doc dedup

* feat(wiki): add PR-200 skill feature/platform matrix

* docs(wiki): rewrite PR-200 matrix as narrative capability mapping

* docs(readme): add skill feature matrix with requested headers

* docs(readme): replace unknowns with mapped yes/no feature matrix

* docs: move NanoClaw and CI/CD details from README to wiki modules

* docs(readme): remove platform/suite sections and keep wiki module pointers

* docs(readme): refresh project structure to match current repo

* feat(hermes-attestation-guardian): add signed advisory feed verification pipeline

* feat(hermes-attestation-guardian): add advisory-gated guarded skill verification

* feat(hermes-attestation-guardian): add advisory scheduler helper and phase-3 parity docs

* docs(wiki): expand hermes attestation guardian capability coverage

* fix(pr-200): address Baz review findings across Hermes parity rollout

* test(sandbox): extend Hermes regression to cover feed, guarded verify, and advisory scheduler

* fix(pr-200): address Baz semver parsing and feed-state fallback visibility

* fix(ci): suppress shellcheck false positives in sandbox inline docker script

* fix(hermes-attestation-guardian): fail closed on unsupported advisory ranges

* fix(hermes-attestation-guardian): restore safe install verdict in sandbox

* fix(sandbox): capture guarded verify exit under set -e

* fix(semver): fail closed on malformed affected specifiers

* docs(readme): clarify hermes capability matrix wording

* refactor(feed): share signed artifact verification flow

* refactor(cron): share managed block helpers across setup scripts

* fix(feed): require checksum manifest artifacts when enabled

* chore(hermes-skill): relocate sandbox test, refresh docs, and add v0.1.0 release notes

* chore(docs): remove remaining hermes parity plan file

* chore(release): roll hermes-attestation-guardian to v0.1.0

* chore(release): remove standalone v0.1.0 release notes file

* docs(hermes): update README status to v0.1.0

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
hermes-attestation-guardian-v0.1.0 		2026-04-21 13:56:50 +03:00
davida-ps d0fe8c59c4 fix(release): guard duplicate clawhub versions and bump watchdog to 0.1.4 (#201) openclaw-audit-watchdog-v0.1.4 2026-04-17 10:07:45 +03:00
davida-ps 4d3fe1bf10 fix(clawtributor): switch to manual approval-gated reporting flow (#198) clawtributor-v0.0.5 2026-04-17 03:05:18 +03:00
davida-ps f0f33b8121 fix(clawsec-clawhub-checker): remove suspicious install patterns (#197) 
* fix(clawsec-clawhub-checker): remove mutating setup and install scraping

* fix(clawsec-clawhub-checker): harden fail-closed reputation paths
clawsec-clawhub-checker-v0.0.3 		2026-04-17 03:01:08 +03:00
davida-ps 9e79645536 fix(clawsec-nanoclaw): isolate file io from network scan paths (#196) clawsec-nanoclaw-v0.0.4 2026-04-17 02:49:47 +03:00
davida-ps e47d1e2d69 fix(clawsec-suite): reduce moderation false positives in publish payload (#195) clawsec-suite-v0.1.7 2026-04-17 02:43:57 +03:00