gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
217 Commits 19 Branches 95 Tags
main
Commit Graph

10 Commits

Author SHA1 Message Date
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
 2026-06-10 13:22:22 +03:00
davida-ps 3cef7aa46b fix(security): harden high scan findings (#258) 
* fix(security): harden high scan findings

* fix(security): tighten review hardening

* fix(nanoclaw): preserve prerelease advisory matching
 2026-06-07 13:00:56 +03:00
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
 2026-05-24 21:41:59 +03:00
David Abutbul 1e48a955cc fix(release): exclude tests from skill payloads (#230) 
* fix(release): exclude tests from skill payloads

* fix(release): normalize test path filtering

* fix(release): prefer GitHub artifacts for non-OpenClaw installs

* fix(release): keep legacy ClawHub publishing

* fix(release): address skill packaging review feedback

* chore(skills): bump release versions

* feat(skills): surface recommended platforms

* docs(skills): add signed release verification

* fix(skills): normalize PR version bumps

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-05-14 14:38:58 +03:00
davida-ps 9e79645536 fix(clawsec-nanoclaw): isolate file io from network scan paths (#196) 2026-04-17 02:49:47 +03:00
davida-ps 81c2e60513 fix(ci): temporary clawhub publish workaround for MIT-0 consent (#117) 
* fix(ci): patch clawhub publish payload for temporary MIT-0 consent workaround

* fix(ci): make clawhub publish patch self-contained for tag republish

* fix(clawsec-nanoclaw): harden signature verification boundaries

* chore(clawsec-nanoclaw): bump version to 0.0.3

* fix(clawsec-nanoclaw): normalize integrity policy and baseline paths
 2026-03-09 19:30:22 +02:00
davida-ps 073e771b73 Exploitability Context for CVE Advisories (#89) 
* feat(advisories): add exploitability context for CVE advisories

* fix(ci): align exploitability workflow with signing model

* docs(skills): add patch release changelog entries

* chore(clawsec-feed): bump version to 0.0.5

* chore(clawsec-suite): bump version to 0.1.4

* fix(clawsec-nanoclaw): align exploitability handling and nanoclaw integration

* chore(clawsec-nanoclaw): bump version to 0.0.2

* refactor(scripts): share feed path and mirror sync helpers

* refactor(utils): unify cvss vector parsing flow

* refactor(clawsec-nanoclaw): centralize advisory risk evaluation

* docs(exploitability): refresh release metadata dates

* fix(review): align feed signing and advisory dedupe

* chore(clawsec-feed): bump version to 0.0.6

* chore(clawsec-nanoclaw): bump version to 0.0.3

* fix(backfill): limit signing to target feed only

* fix(review): keep skill runtime verify-only and dedupe matching

* chore(clawsec-nanoclaw): bump version to 0.0.4

* chore(skills): align versions with published tags

* feat(feed): enrich local population with exploitability analysis

* docs(exploitability): mark backfill as historical flow
 2026-03-01 18:43:24 +02:00
davida-ps fefecaa60a feat(wiki): add full in-app wiki browser and llms index (#80) 
* feat(wiki): add full in-app wiki browser and llms index

* feat(wiki): auto-generate per-page llms exports

* vuln package

* fix(wiki): guard malformed route decoding

* fix(wiki): preserve markdown anchor fragments across page links

* refactor(markdown): share default render components

* fix(wiki): block unsafe markdown link schemes

* fix(wiki): block unsafe markdown image schemes

* docs(wiki): migrate root docs into wiki pages

* chore(wiki): de-track generated llms exports

* chore(wiki): ignore generated public wiki artifacts

* fix(wiki): align llms urls with per-page endpoint pattern

* fix(wiki): derive llms index from wiki index page

* refactor(markdown): share frontmatter and title helpers

* refactor(wiki): share route and llms path mapping

* ci(pages): add pr verify workflow and tighten deploy triggers
 2026-02-26 10:43:36 +02:00
Aldo Delgado 7cdb4ab7e2 fix(portability): harden cross-platform path handling and install workflows (#62) 
* docs: add agent collaboration and git safety rules to AGENTS.md

* fix(portability): harden cross-platform path handling and install workflows

- add shared path resolution utility for advisory guardian components
- expand and normalize home-path tokens: ~, $HOME, ${HOME}, %USERPROFILE%, $env:USERPROFILE
- reject unresolved/escaped home tokens to prevent literal "$HOME" directory creation
- fix install/runtime path handling in:
  - openclaw-audit-watchdog setup_cron and suppression config loader
  - clawsec-suite advisory hook handler, suppression loader, and guarded installer
- remove hardcoded Homebrew binary assumptions in watchdog scripts/tests
- add LF enforcement via .gitattributes to reduce CRLF script breakage
- expand CI Node checks to linux/macos/windows matrix
- add cross-platform test coverage for path expansion and token rejection
- update README and SKILL docs with bash/zsh/PowerShell-safe path guidance
- add compatibility deliverables:
  - docs/COMPATIBILITY_REPORT.md
  - docs/REMEDIATION_PLAN.md
  - docs/PLATFORM_VERIFICATION.md

Validation:
- node skills/clawsec-suite/test/path_resolution.test.mjs
- node skills/clawsec-suite/test/guarded_install.test.mjs
- node skills/clawsec-suite/test/advisory_suppression.test.mjs
- node skills/openclaw-audit-watchdog/test/suppression_config.test.mjs
- node skills/openclaw-audit-watchdog/test/render_report_suppression.test.mjs

* fix(advisory): avoid fail-open on invalid path vars and cover watchdog tests

* docs: move signing runbooks into docs folder

* docs: remove root-level signing runbooks after move

* chore(clawsec-suite): bump version to 0.1.3

* chore(openclaw-audit-watchdog): bump version to 0.1.1

* docs(changelog): add entries for clawsec-suite 0.1.3 and watchdog 0.1.1

* docs(changelog): credit @aldodelgado for PR #62 contributions

* feat(clawsec-suite): scope advisories to openclaw application

* fix(ci): run advisory scope tests without TypeScript loader

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-02-25 13:24:31 +02:00
David Abutbul 73dd63f714 Nanoclaw integration (#65) 
* Add NanoClaw platform support to ClawSec

## Changes

### CI/CD Pipeline Updates
- Added NanoClaw keywords to NVD CVE monitoring
- Keywords: "NanoClaw", "WhatsApp-bot", "baileys"
- GitHub pattern now matches NanoClaw repositories

### Documentation
- Added NANOCLAW.md with integration guide
- Documented platform-specific advisory schema
- Credited 8-agent team that designed the integration

### Advisory Schema Enhancement
- Added optional `platforms` field support
- Enables platform-specific advisories (openclaw/nanoclaw)
- Maintains backward compatibility (empty = all platforms)

## Team Credits

Designed and implemented by specialized agent team:
- pioneer-repo-scout: ClawSec architecture analysis
- pioneer-nanoclaw-scout: NanoClaw architecture analysis
- architect: Integration design
- advisory-specialist: Feed integration
- integrity-specialist: File integrity design
- installer-specialist: Signature verification
- tester: Test infrastructure
- documenter: Documentation

Total contribution: 3000+ lines of design + implementation code.

## Impact

ClawSec now monitors for NanoClaw-specific security issues and can
provide platform-targeted advisories. This enables NanoClaw to consume
the advisory feed out-of-the-box for security monitoring.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Add clawsec-nanoclaw skill with full security suite

Provides complete ClawSec integration for NanoClaw deployments including:

Features:
- 4 MCP tools for agent-initiated vulnerability checking
- Advisory cache service with automatic feed fetching (6h interval)
- Ed25519 signature verification for feed integrity
- Platform-specific advisory filtering (nanoclaw/openclaw)
- IPC-based container-to-host communication

Components (1,730 lines):
- MCP Tools (350 lines): clawsec_check_advisories, clawsec_check_skill_safety,
  clawsec_list_advisories, clawsec_verify_signature
- Advisory Cache Manager (492 lines): Periodic fetching, signature verification
- Signature Verification (387 lines): Ed25519 crypto utilities
- Advisory Matching (289 lines): Skill-to-vulnerability correlation
- IPC Handlers (212 lines): Host-side request processing
- Complete documentation: SKILL.md, INSTALL.md with troubleshooting

Architecture:
- Container: MCP tools invoked by agents via Claude SDK
- IPC Layer: Filesystem-based request/response for host operations
- Host Service: Advisory cache with automatic refresh and verification
- Feed Source: https://clawsec.prompt.security/advisories/feed.json

Installation:
NanoClaw users can now add ClawSec security by:
1. Copying skills/clawsec-nanoclaw to their deployment
2. Integrating MCP tools into container (3 line change)
3. Integrating IPC handlers into host (2 line change)
4. Starting cache service in host process (1 line change)

No modifications to NanoClaw core required - ClawSec provides everything
as an installable skill package, just like it does for OpenClaw.

Updated NANOCLAW.md with complete installation instructions and
documentation references.

Team Credits:
8-agent collaborative design and implementation:
- pioneer-repo-scout: ClawSec architecture analysis
- pioneer-nanoclaw-scout: NanoClaw architecture analysis
- architect: Integration design and coordination
- advisory-specialist: Advisory feed integration
- integrity-specialist: File integrity design
- installer-specialist: Signature verification implementation
- tester: Test infrastructure and validation
- documenter: Documentation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Add security expansion: Skill signature verification + File integrity monitoring

Implements Phase 1 (Skill Signature Verification) and Phase 2 (File Integrity
Monitoring) for NanoClaw security enhancement.

## Phase 1: Skill Signature Verification (~490 lines)

Adds Ed25519 signature verification for skill packages to prevent supply chain attacks.

**New Files:**
- host-services/skill-signature-handler.ts (217 lines): Core verification service
- mcp-tools/signature-verification.ts (200 lines): clawsec_verify_skill_package tool
- docs/SKILL_SIGNING.md (270 lines): Complete signing/verification guide

**Features:**
- Ed25519 signature verification using Node.js crypto
- Pinned ClawSec public key with custom key override support
- Auto-detection of .sig signature files
- Package SHA-256 integrity hashing
- Fail-closed error handling with detailed diagnostics
- IPC-based container-to-host verification (5s timeout)

**MCP Tool:** clawsec_verify_skill_package
- Verifies skill packages before installation
- Returns: valid, recommendation (install/block/review), signer, algorithm
- Prevents installation of tampered/malicious packages

## Phase 2: File Integrity Monitoring (~1,765 lines)

Ports OpenClaw's soul-guardian to NanoClaw for critical file protection.

**New Files:**
- guardian/integrity-monitor.ts (711 lines): Core monitoring engine
- guardian/policy.json (55 lines): NanoClaw-specific protection policy
- mcp-tools/integrity-tools.ts (260 lines): 4 MCP tools for agents
- host-services/integrity-handler.ts (349 lines): IPC handler integration
- docs/INTEGRITY.md (470 lines): User documentation

**Features:**
- SHA-256 baseline tracking with tamper-evident audit logs
- Auto-restore for critical files (registered_groups.json, CLAUDE.md)
- Alert-only mode for non-critical files
- Intentional change approval workflow
- Hash-chained audit logging
- Symlink protection and atomic file operations
- Unified diff generation for drift analysis

**MCP Tools:**
- clawsec_check_integrity: Check files for unauthorized changes
- clawsec_approve_change: Approve legitimate modifications
- clawsec_integrity_status: View monitoring status
- clawsec_verify_audit: Verify audit log integrity

**Protected Files:**
- CRITICAL: registered_groups.json (prevents group hijacking)
- HIGH: CLAUDE.md files (prevents instruction poisoning)
- MEDIUM: Container/host code (alerts on changes)
- IGNORED: Conversations (expected to change)

## Shared Enhancements (+129 lines)

**Updated: lib/signatures.ts**
Added 5 new crypto utilities:
- verifyDetachedSignature(): File-based Ed25519 verification
- verifyDetachedSignatureWithDetails(): Diagnostic variant with error details
- loadPublicKey(): PEM validation and security enforcement
- sha256File(): File hashing (shared utility)
- verifyFileHashes(): Batch drift detection

**Updated: lib/types.ts**
Added TypeScript interfaces for:
- VerifySkillSignatureRequest/Response (Phase 1 IPC)
- IntegrityCheckRequest/Response (Phase 2 IPC)
- VerifySkillPackageParams (Phase 1 MCP tool)

**Updated: host-services/ipc-handlers.ts**
Added IPC handlers:
- verify_skill_signature (Phase 1)
- integrity_check, integrity_approve, integrity_status, integrity_verify_audit (Phase 2)

## Total Delivery

- **New Code**: ~2,958 lines
- **Files Created**: 11 new files
- **Files Modified**: 3 existing files
- **Documentation**: 740 lines across 2 comprehensive guides

## Architecture

**Phase 1:** Container agents → MCP tool → IPC → Host verifier → Ed25519 crypto
**Phase 2:** Container agents → MCP tools → IPC → Host service → File monitoring

**Storage:**
- Phase 1: Stateless (no persistent storage)
- Phase 2: /workspace/project/data/soul-guardian/ (host-only)

**Security Model:**
- Ed25519 signatures verified with pinned ClawSec public key
- SHA-256 baselines stored on host (containers cannot modify)
- Hash-chained audit logs for tamper detection
- Fail-closed error handling throughout
- IPC-only access (no direct container mounts)

## Team Credits

Designed and implemented by 5-agent Opus 4.6 team:
- signature-verification-lead: Phase 1 implementation
- integrity-monitoring-lead: Phase 2 implementation
- shared-crypto: Cryptographic utilities
- mcp-tools-architect: MCP tool schema standards
- ipc-handler-architect: IPC protocol standards

Coordination approach:
1. Design phase: Each agent analyzed and proposed solutions
2. Coordination phase: Aligned on shared components (crypto, IPC, storage)
3. Implementation phase: Parallel execution with peer support
4. Result: Zero conflicts, exceeded targets, complete documentation

## Integration

NanoClaw users can now install ClawSec security features:

**1. MCP Tools** (container):
```typescript
import { clawsecTools } from '../../../skills/clawsec-nanoclaw/mcp-tools/advisory-tools.js';
import { verifySkillPackage } from '../../../skills/clawsec-nanoclaw/mcp-tools/signature-verification.js';
import { integrityTools } from '../../../skills/clawsec-nanoclaw/mcp-tools/integrity-tools.js';
```

**2. IPC Handlers** (host):
```typescript
import { registerClawSecHandlers } from '../skills/clawsec-nanoclaw/host-services/ipc-handlers.js';
```

**3. Services** (host):
```typescript
import { SkillSignatureVerifier } from '../skills/clawsec-nanoclaw/host-services/skill-signature-handler.js';
import { IntegrityService } from '../skills/clawsec-nanoclaw/host-services/integrity-handler.js';
```

See docs/SKILL_SIGNING.md and docs/INTEGRITY.md for complete integration guides.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Fix SKILL.md format: proper YAML frontmatter, remove ASCII diagrams, focus on when-to-use

* chore: align with contributors guidelines - set version 0.0.1, add version to SKILL.md frontmatter, complete SBOM

* fix: use specific NanoClaw repo URL instead of wildcard pattern

Change github.com/*/NanoClaw to github.com/qwibitai/NanoClaw to avoid
matching unrelated projects in CVE advisory scanning.

* docs: merge NanoClaw support into main README, move NANOCLAW.md to skill README

- Add NanoClaw platform section in main README
- Update supported platforms list (OpenClaw + NanoClaw)
- Add monitored keywords for NanoClaw (WhatsApp-bot, baileys)
- Document platform-specific advisory schema
- Move NANOCLAW.md to skills/clawsec-nanoclaw/README.md

* fix: resolve ESLint and TypeScript errors in clawsec-nanoclaw skill

Fix all CI failures from prepare-to-push.sh for the nanoclaw-integration branch:

ESLint fixes:
- Add missing Node.js globals (Buffer, AbortController, clearTimeout,
  RequestInit) to eslint.config.js for TypeScript files
- Add ambient declarations for host-provided variables (server, writeIpcFile,
  TASKS_DIR, groupFolder) in MCP tool template files
- Wrap bare case statements in ipc-handlers.ts in a proper exported function
- Replace @ts-ignore with @ts-expect-error in signatures.ts
- Prefix unused variables with underscore (affectedVersion, keyDer,
  safeBasename, groupFolder)
- Add eslint-disable directives for intentional any usage in template files
- Change any to unknown in types.ts where appropriate

TypeScript fixes:
- Replace glob import with ambient namespace declaration (glob not in repo deps)
- Fix Hash.hexdigest() to Hash.digest('hex') in integrity-monitor.ts
- Fix unreachable type comparison (recommendation === 'install') in
  advisory-tools.ts

Comment syntax fixes:
- Convert block comments containing '*/30 * * * *' cron expressions to
  line comments to prevent premature comment termination in
  integrity-handler.ts and integrity-tools.ts

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: implement missing MCP tools and align documentation with code

- Rewrote signature-verification.ts with actual server.tool() implementation (was template string)
- Fixed tool naming: clawsec_verify_signature -> clawsec_verify_skill_package
- Added missing clawsec_refresh_cache to all documentation
- Updated skill.json mcp_tools array from 4 to 9 tools (added Phase 1 & 2 tools)
- All 9 MCP tools now verified: 4 advisory + 1 signature + 4 integrity

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-25 12:11:35 +02:00