d99f324f72
feat(openclaw-traffic-guardian): add social action review scope ( #261 )
...
* feat(openclaw-traffic-guardian): add social action review scope
* fix(openclaw-traffic-guardian): cover background repeats
* fix(openclaw-traffic-guardian): address policy review release gates
* docs(openclaw-traffic-guardian): credit policy review contributor
* docs(openclaw-traffic-guardian): inline contributor credit
* docs(openclaw-traffic-guardian): reference policy review spec
* ci(skills): allow unreleased version edits
* ci(skills): use directory name for release tag checks
---------
Co-authored-by: kriptoburak <kriptoburak@users.noreply.github.com >
Co-authored-by: David Abutbul <David.a@prompt.security >
2026-06-10 14:46:52 +03:00
c1d1824f86
ci(skills): publish release trust packets + expand skill installer awareness (vercel) ( #262 )
...
* ci(skills): publish release trust packets
* ci(skills): simulate beta tag releases
* ci(skills): match release version bump rules
* chore(skills): group agent skills for installer
* chore(skills): make clawtributor global
* chore(skills): bump all skills for trust release
* ci(skills): require npx install docs
* fix(skills): simulate prerelease tag versions
* fix(skills): aggregate trust artifact checksum failures
* fix(frontend): advertise npx skills suite install
* chore(frontend): drop ad hoc homepage copy test
* fix(ci): run skill release tooling tests
2026-06-10 13:22:22 +03:00
d7312d7429
chore: update NVD/GHSA advisories - 1 NVD new, 0 NVD updated ( #257 )
...
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-06-03T07:38:12Z to 2026-06-10T08:29:07.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-10 11:35:17 +03:00
3cef7aa46b
fix(security): harden high scan findings ( #258 )
...
* fix(security): harden high scan findings
* fix(security): tighten review hardening
* fix(nanoclaw): preserve prerelease advisory matching
2026-06-07 13:00:56 +03:00
f56a0864f7
chore: update NVD/GHSA advisories - 6 NVD new, 6 NVD updated ( #251 )
...
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-31T07:16:20Z to 2026-06-03T07:36:53.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-03 11:10:10 +03:00
58b092d6d0
chore: update NVD/GHSA advisories - 7 NVD new, 1 NVD updated ( #250 )
...
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-27T06:34:09Z to 2026-05-31T07:15:12.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-31 10:32:39 +03:00
5d868bf60f
chore: update NVD/GHSA advisories - 9 NVD new, 9 NVD updated ( #247 )
...
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-24T18:52:13Z to 2026-05-27T06:32:58.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-27 09:48:52 +03:00
2e793639f2
chore: update NVD/GHSA advisories - 0 NVD new, 1 NVD updated ( #241 )
...
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-16T22:02:27Z to 2026-05-24T18:50:11.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-25 00:37:22 +03:00
4dbac421ab
feat(advisories): add provisional GHSA feed ( #242 )
...
* feat(advisories): add provisional ghsa feed
* fix(workflows): include advisory signatures in checksums
* fix(workflows): mirror ghsa feed at release root
* feat(advisories): consolidate ghsa into agent feed
* ci(advisories): consolidate ghsa during nvd poll
* fix(advisories): retain unreplaced ghsa feed entries
* chore(skills): bump advisory feed consumers
* fix(release): resolve ts import closure dry run
* fix(release): preserve urls while stripping comments
* fix(release): ignore skill test-only changes
* fix(advisories): follow ghsa pagination links
* test(advisories): add nvd ghsa pipeline dry run
2026-05-24 21:41:59 +03:00
0ee0d065ec
chore: CVE advisories - 0 new, 19 updated ( #233 )
...
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-12T06:56:03Z to 2026-05-16T22:00:50.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-17 01:04:46 +03:00
19c5113511
fix(attestation): include runtime libs in release sbom ( #235 )
...
* fix(attestation): include runtime libs in release sbom
* ci: verify staged skill release import closure
* fix(release): include missing skill runtime sbom files
* fix(release): require files for import closure
---------
Co-authored-by: David Abutbul <David.a@prompt.security >
2026-05-17 00:40:12 +03:00
1e48a955cc
fix(release): exclude tests from skill payloads ( #230 )
...
* fix(release): exclude tests from skill payloads
* fix(release): normalize test path filtering
* fix(release): prefer GitHub artifacts for non-OpenClaw installs
* fix(release): keep legacy ClawHub publishing
* fix(release): address skill packaging review feedback
* chore(skills): bump release versions
* feat(skills): surface recommended platforms
* docs(skills): add signed release verification
* fix(skills): normalize PR version bumps
---------
Co-authored-by: David Abutbul <David.a@prompt.security >
2026-05-14 14:38:58 +03:00
382ec4971b
chore: CVE advisories - 18 new, 1 updated ( #232 )
...
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-10T13:15:38Z to 2026-05-12T06:54:54.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-12 10:08:29 +03:00
6e512a5e43
chore: CVE advisories - 461 new, 0 updated ( #228 )
...
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-01-10T13:13:55.000Z to 2026-05-10T13:13:55.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-11 08:56:04 +03:00
369745821f
feat(traffic-guardian): add runtime monitoring skill baselines ( #217 )
...
* feat(traffic-guardian): add runtime monitoring skill baselines
* fix(traffic-guardian): align changelog and i18n fallback docs
* chore(traffic-guardian): prepare beta1 release metadata
2026-05-10 15:04:17 +03:00
85caad5601
chore: CVE advisories - 461 new, 0 updated ( #227 )
...
Automated update from NVD CVE feed.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-01-07T12:10:52.000Z to 2026-05-07T12:10:52.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-07 15:14:30 +03:00
4042a388a9
chore: CVE advisories - 0 new, 59 updated ( #215 )
...
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-30T06:50:23Z to 2026-05-03T06:48:42.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-03 13:28:47 +03:00
0e22d8f9bd
chore: CVE advisories - 0 new, 12 updated ( #214 )
...
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-29T06:48:08Z to 2026-04-30T06:49:19.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-30 15:04:42 +03:00
f8614a21b3
chore: CVE advisories - 53 new, 28 updated ( #213 )
...
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-28T06:52:17Z to 2026-04-29T06:46:53.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-29 19:19:03 +03:00
5e298bc1f7
chore: CVE advisories - 11 new, 16 updated ( #211 )
...
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-26T11:27:34Z to 2026-04-28T06:51:12.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-28 13:29:28 +03:00
808aefe40d
chore: CVE advisories - 1 new, 1 updated ( #207 )
...
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-24T06:36:58Z to 2026-04-26T11:26:31.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-26 14:38:45 +03:00
0d2e38ddfd
Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs ( #208 )
...
* Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs
* fix(feed): add picoclaw to core platform taxonomy and filters
* fix(picoclaw): resolve eslint errors in new skills
* chore(nvd): include picoclaw in CVE polling and cleanup report
---------
Co-authored-by: David Abutbul <David.a@prompt.security >
2026-04-26 14:19:18 +03:00
c53463c445
chore: CVE advisories - 31 new, 1 updated ( #205 )
...
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-22T11:03:28Z to 2026-04-24T06:36:00.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-24 20:32:13 +03:00
448a2bd577
chore: CVE advisories - 313 new, 0 updated ( #193 )
...
Automated update from NVD CVE feed.
Keywords:
Poll window: 2025-12-23T11:02:04.000Z to 2026-04-22T11:02:04.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-22 20:02:11 +03:00
26af277afd
feat(hermes-attestation-guardian): v0.1.0 release hardening (verify gate + trust policy + .mjs scan context) ( #200 )
...
* feat(hermes-attestation-guardian): release v0.0.2 hardening
* docs(wiki): add v0.0.2 hardening update note
* docs: add Hermes support coverage to README and compatibility report
* fix(hermes-attestation-guardian): address baz review on crontab detection and doc dedup
* feat(wiki): add PR-200 skill feature/platform matrix
* docs(wiki): rewrite PR-200 matrix as narrative capability mapping
* docs(readme): add skill feature matrix with requested headers
* docs(readme): replace unknowns with mapped yes/no feature matrix
* docs: move NanoClaw and CI/CD details from README to wiki modules
* docs(readme): remove platform/suite sections and keep wiki module pointers
* docs(readme): refresh project structure to match current repo
* feat(hermes-attestation-guardian): add signed advisory feed verification pipeline
* feat(hermes-attestation-guardian): add advisory-gated guarded skill verification
* feat(hermes-attestation-guardian): add advisory scheduler helper and phase-3 parity docs
* docs(wiki): expand hermes attestation guardian capability coverage
* fix(pr-200): address Baz review findings across Hermes parity rollout
* test(sandbox): extend Hermes regression to cover feed, guarded verify, and advisory scheduler
* fix(pr-200): address Baz semver parsing and feed-state fallback visibility
* fix(ci): suppress shellcheck false positives in sandbox inline docker script
* fix(hermes-attestation-guardian): fail closed on unsupported advisory ranges
* fix(hermes-attestation-guardian): restore safe install verdict in sandbox
* fix(sandbox): capture guarded verify exit under set -e
* fix(semver): fail closed on malformed affected specifiers
* docs(readme): clarify hermes capability matrix wording
* refactor(feed): share signed artifact verification flow
* refactor(cron): share managed block helpers across setup scripts
* fix(feed): require checksum manifest artifacts when enabled
* chore(hermes-skill): relocate sandbox test, refresh docs, and add v0.1.0 release notes
* chore(docs): remove remaining hermes parity plan file
* chore(release): roll hermes-attestation-guardian to v0.1.0
* chore(release): remove standalone v0.1.0 release notes file
* docs(hermes): update README status to v0.1.0
---------
Co-authored-by: David Abutbul <David.a@prompt.security >
2026-04-21 13:56:50 +03:00
d0fe8c59c4
fix(release): guard duplicate clawhub versions and bump watchdog to 0.1.4 ( #201 )
2026-04-17 10:07:45 +03:00
4d3fe1bf10
fix(clawtributor): switch to manual approval-gated reporting flow ( #198 )
2026-04-17 03:05:18 +03:00
f0f33b8121
fix(clawsec-clawhub-checker): remove suspicious install patterns ( #197 )
...
* fix(clawsec-clawhub-checker): remove mutating setup and install scraping
* fix(clawsec-clawhub-checker): harden fail-closed reputation paths
2026-04-17 03:01:08 +03:00
9e79645536
fix(clawsec-nanoclaw): isolate file io from network scan paths ( #196 )
2026-04-17 02:49:47 +03:00
e47d1e2d69
fix(clawsec-suite): reduce moderation false positives in publish payload ( #195 )
2026-04-17 02:43:57 +03:00
e6a1765a7f
fix(openclaw-audit-watchdog): avoid dangerous-exec gate false positives ( #194 )
...
* fix(openclaw-audit-watchdog): avoid dangerous-exec gate false positives
* fix(openclaw-audit-watchdog): align frontmatter runtime metadata
* fix(openclaw-audit-watchdog): normalize release version to 0.1.3
2026-04-17 02:34:45 +03:00
600c945fe2
feat(hermes-attestation-guardian): harden attestation verification and drift controls ( #192 )
...
* feat(hermes-attestation-guardian): harden attestation verification and drift controls
* docs(wiki): add human-friendly claim mapping for hermes attestation guardian
* docs(wiki): expand hermes attestation claim narratives and archive draft
* fix(attestation): address Baz review findings for schema and verifier
* fix(attestation): reject broken symlink output paths
* docs(attestation): pass clean community install guard without force
* fix(attestation): harden writes and fail-closed config parsing
* feat(ui): add Hermes to rotating platform text
* test(attestation): add sandboxed Hermes regression runner script
---------
Co-authored-by: David Abutbul <David.a@prompt.security >
2026-04-16 17:59:18 +03:00
caad6f698c
chore(skills): harden openclaw skill metadata ( #191 )
...
* chore(skills): harden openclaw skill metadata
* fix(openclaw-audit-watchdog): add dated release note heading
* chore(skills): normalize openclaw naming
* fix(soul-guardian): preserve legacy launchd state dir
* fix(soul-guardian): clean up legacy launchd labels
2026-04-14 15:43:04 +03:00
6c33384947
chore: CVE advisories - 0 new, 29 updated ( #190 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-12T06:30:25Z to 2026-04-14T06:33:41.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-14 14:09:51 +03:00
a11314faa9
chore: CVE advisories - 58 new, 0 updated ( #178 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-09T07:33:03Z to 2026-04-12T06:29:44.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-12 13:22:37 +03:00
969a902fa6
chore: CVE advisories - 1 new, 0 updated ( #176 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-08T20:59:34Z to 2026-04-09T07:32:24.000Z
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-09 10:47:15 +03:00
0cfb9b4784
chore: CVE advisories - 0 new, 4 updated ( #175 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-05T06:25:01Z to 2026-04-08T20:58:56.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-04-09 00:00:14 +03:00
9827f08769
chore(clawsec-suite): add 0.1.5 changelog entry ( #174 )
...
* chore(clawsec-suite): add 0.1.5 changelog release notes
* fix(ci): enforce release notes for bumped skills
2026-04-08 23:35:16 +03:00
b996cff4bd
fix(clawsec-suite): use release metadata for heartbeat version check ( #173 )
...
* fix(clawsec-suite): stop false heartbeat update alerts
* chore(deps): remediate npm audit vulnerabilities
* docs(heartbeats): harden release lookup and fallback behavior
* chore(skills): remove prompt-agent
* chore(clawsec-suite): bump version to 0.1.5
* fix(ci): skip removed skills in skill-release validation
2026-04-08 23:18:58 +03:00
bd6e9e284a
chore: CVE advisories - 24 new, 20 updated ( #167 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-30T06:34:41Z to 2026-04-05T06:24:22.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-04-05 12:16:06 +03:00
e0083353cf
chore: CVE advisories - 19 new, 0 updated ( #157 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-29T06:22:49Z to 2026-03-30T06:34:03.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-30 10:13:00 +03:00
01f651d6aa
chore: CVE advisories - 1 new, 32 updated ( #155 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-25T06:21:11Z to 2026-03-29T06:22:11.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-29 11:20:51 +03:00
bd17103892
chore: CVE advisories - 0 new, 25 updated ( #150 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-24T06:21:41Z to 2026-03-25T06:20:32.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-25 11:12:02 +02:00
28bf775d47
chore: CVE advisories - 28 new, 34 updated ( #149 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-20T06:16:32Z to 2026-03-24T06:21:01.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-24 13:57:22 +02:00
30bcb96a23
chore: CVE advisories - 60 new, 14 updated ( #143 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-18T06:21:47Z to 2026-03-20T06:15:50.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-23 00:39:24 +02:00
0a320d18d4
chore: CVE advisories - 16 new, 13 updated ( #141 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-15T06:18:51Z to 2026-03-18T06:21:06.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-18 12:56:05 +02:00
eb124b5f11
chore: CVE advisories - 3 new, 1 updated ( #133 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-12T06:16:01Z to 2026-03-15T06:18:13.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-15 12:23:09 +02:00
277c0abe17
chore: CVE advisories - 6 new, 20 updated ( #130 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-10T06:12:56Z to 2026-03-12T06:15:22.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-12 14:03:19 +02:00
f0f0f1db97
fix(clawsec-scanner): release 0.0.2 with real OpenClaw DAST harness ( #128 )
...
* fix(clawsec-scanner): ship real openclaw dast harness in 0.0.2
* fix(clawsec-scanner): classify ts harness limits as info coverage
* docs(wiki): add clawsec-scanner module documentation
* docs(release): add clawsec-suite install guidance to quick install text
* docs(readme): clarify standalone installs and suite optionality
* docs(readme): remove standalone quick-install block
* docs(readme): rename skill section and clarify suite start point
2026-03-10 19:27:22 +02:00
1cced651a0
chore: CVE advisories - 0 new, 20 updated ( #127 )
...
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-09T06:19:31Z to 2026-03-10T06:12:16.000Z
Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com >
2026-03-10 09:07:06 +02:00
Burak Bayır
davida-ps
github-actions[bot]
David Abutbul