gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-23 18:31:21 +03:00
Code Issues Packages Projects Releases Wiki Activity
227 Commits 16 Branches 111 Tags
6573ee9ecfeaacf4b46692d8be02496dcc53af5a
Commit Graph

13 Commits

Author SHA1 Message Date
davida-ps 6573ee9ecf chore(release): bump all public skills (#283) 
* chore(skill): bump clawhub checker release

* chore(release): bump all public skills

* fix(release): require skillspector PR comments

* fix(release): align skill verification versions

* fix(release): checksum standalone release assets

* fix(release): narrow skillspector comment permissions
 2026-06-23 11:12:42 +03:00
davida-ps 2a76509fcf fix(release): preserve republish slug helper dependency (#282) 2026-06-23 10:15:08 +03:00
davida-ps 4a1cf246eb fix(release): install pinned clawhub CLI from npm (#281) 
* fix(release): install pinned clawhub CLI from npm

* test(release): assert public clawhub lockfile source
 2026-06-23 10:08:29 +03:00
davida-ps 4c26671dc3 chore(release): bump skill metadata for republish (#278) 
* chore(release): bump skill metadata for republish

* fix(release): keep skillspector PR comments non-blocking

* fix(release): resolve metadata review comments
 2026-06-23 09:25:50 +03:00
davida-ps de28dadd39 fix(release): update ClawHub slug pipeline deps (#277) 
* fix(release): update clawhub slug pipeline deps

* fix(release): bump clawhub cli undici lock

* fix(release): guard clawhub publish slug

* fix(release): keep suite slug releasable

* fix(release): harden clawhub slug guard

* fix(release): pass clawhub registry to slug guard
 2026-06-22 23:45:24 +03:00
github-actions[bot] 8648aad6d7 chore: update NVD/GHSA advisories - 27 NVD new, 20 NVD updated (#274) 
* chore: update NVD/GHSA advisories - 27 NVD new, 20 NVD updated

Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-06-14T07:33:37Z to 2026-06-17T07:44:37.000Z

* fix(skill-release): ignore generated advisory mirror updates

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-06-17 17:24:25 +03:00
davida-ps 4a4b547b92 ci(skills): pin clawhub CLI by hash via committed lockfile (#268) 
* ci(skills): pin clawhub CLI by hash via committed lockfile

Scorecard flags the skill-release workflow's npm install of the clawhub
CLI (code-scanning alerts #25/#26): version pinning alone carries no
integrity guarantee. Install it with npm ci from a committed
package-lock.json instead, so every package (clawhub + 35 transitive
deps) is verified against its sha512 hash at install time.

The publish-payload patch step now resolves the module from the local
node_modules instead of npm root -g.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(skill-release): authenticate pinned clawhub install

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
 2026-06-15 18:12:36 +03:00
davida-ps 6f51e53cdd fix(skill-release): report SkillSpector scans on PRs (#267) 
* fix(skill-release): report skillspector scans on PRs

* fix(skill-release): address PR report review comments

* fix(deps): update vite audit chain

* docs(wiki): document skillspector release evidence

* docs(wiki): centralize skillspector release details
 2026-06-14 19:28:11 +03:00
davida-ps 1b676fd42c fix(skills): scan staged payload with SkillSpector (#264) 
* fix(skills): scan staged payload with skillspector

* fix(skills): embed skillspector report in releases

* fix(skills): use body path for release notes
 2026-06-10 17:18:54 +03:00
davida-ps 59d54ed778 fix(skills): namespace ClawHub skill slugs (#263) 
* fix(release): map ClawHub publish slugs

* fix(release): share skill platform parsing
 2026-06-10 16:39:19 +03:00
Burak Bayır d99f324f72 feat(openclaw-traffic-guardian): add social action review scope (#261) 
* feat(openclaw-traffic-guardian): add social action review scope

* fix(openclaw-traffic-guardian): cover background repeats

* fix(openclaw-traffic-guardian): address policy review release gates

* docs(openclaw-traffic-guardian): credit policy review contributor

* docs(openclaw-traffic-guardian): inline contributor credit

* docs(openclaw-traffic-guardian): reference policy review spec

* ci(skills): allow unreleased version edits

* ci(skills): use directory name for release tag checks

---------

Co-authored-by: kriptoburak <kriptoburak@users.noreply.github.com>
Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-06-10 14:46:52 +03:00
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
 2026-06-10 13:22:22 +03:00
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
 2026-05-24 21:41:59 +03:00