* fix(traffic): use a traffic-capable PAT for the archive workflow
The daily Archive GitHub Traffic run has failed since creation: the
TRAFFIC_ARCHIVE_TOKEN secret was never provisioned, so the workflow fell
back to github.token, which GitHub categorically rejects on traffic
endpoints (403 "Resource not accessible by integration").
- Fall back to the existing POLL_NVD_CVES_PAT automation token instead
of github.token, keeping TRAFFIC_ARCHIVE_TOKEN as the preferred
override once provisioned.
- Fail fast with an actionable error when no traffic-capable token is
configured.
- Explain token requirements in the script's 401/403 errors.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* fix(traffic): require dedicated TRAFFIC_ARCHIVE_TOKEN, drop expired PAT fallback
A live dispatch confirmed POLL_NVD_CVES_PAT is expired (401 Bad
credentials), so falling back to it only trades one daily failure for
another. Require the dedicated secret and fail fast with setup
instructions instead.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* fix(skills): scan staged payload with skillspector
* fix(skills): embed skillspector report in releases
* fix(skills): use body path for release notes
* ci(skills): publish release trust packets
* ci(skills): simulate beta tag releases
* ci(skills): match release version bump rules
* chore(skills): group agent skills for installer
* chore(skills): make clawtributor global
* chore(skills): bump all skills for trust release
* ci(skills): require npx install docs
* fix(skills): simulate prerelease tag versions
* fix(skills): aggregate trust artifact checksum failures
* fix(frontend): advertise npx skills suite install
* chore(frontend): drop ad hoc homepage copy test
* fix(ci): run skill release tooling tests
* feat(i18n): add multilingual wiki scaffolding, language switcher, and translation QA pipeline
* docs(readme): adopt picoclaw-style multilingual link bar
* fix(i18n): repair localized index links and tighten partial-pair QA
* ci(i18n): fail on broken markdown links in README/wiki
* ci(i18n): add changed-files mode for markdown link checks
* i18n(de): use local Argos MT to fill untranslated German sections
* i18n(es,fr): fill untranslated sections via local Argos workflow
* i18n(ja): fill untranslated sections with scoped local Argos pass
* i18n(ko): fill untranslated sections with scoped local Argos pass
* fix(i18n): address review feedback
---------
Co-authored-by: David Abutbul <David.a@prompt.security>
* Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs
* fix(feed): add picoclaw to core platform taxonomy and filters
* fix(picoclaw): resolve eslint errors in new skills
* chore(nvd): include picoclaw in CVE polling and cleanup report
---------
Co-authored-by: David Abutbul <David.a@prompt.security>
* feat: add clawsec-advisory-guardian hook for advisory monitoring and user approval
- Implemented clawsec-advisory-guardian hook to detect advisories for installed skills.
- Added handler for processing advisory matches and notifying users.
- Created scripts for setting up advisory hooks and cron jobs for periodic scans.
- Introduced guarded skill installation script requiring user confirmation for high-risk advisories.
- Updated skill.json to reflect new features and embedded components for advisory monitoring.
* chore(clawsec-suite): bump version to 0.0.8
* feat: enhance release script to support version tagging and improve install function
* fix: use globalThis for AbortController and timeout functions in loadRemoteFeed
* Update scripts/release-skill.sh
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
* Update skills/clawsec-suite/scripts/guarded_skill_install.mjs
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
* Update scripts/release-skill.sh
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
* Normalize version input by removing leading 'v' in versionMatches function
* Add dirName property to InstalledSkill and update alert message paths
* Enhance file permission handling in persistState function and add warning for chmod errors
* Refactor advisory guardian hook: modularize utility functions, version handling, and feed management
- Moved utility functions (isObject, normalizeSkillName, uniqueStrings) to lib/utils.mjs
- Created version handling functions (parseSemver, compareSemver, versionMatches) in lib/version.mjs
- Implemented feed management functions (parseAffectedSpecifier, isValidFeedPayload, loadRemoteFeed) in lib/feed.mjs
- Updated handler.ts to utilize new modular functions for improved readability and maintainability
- Added new types and state management in lib/types.ts and lib/state.ts
- Updated scripts to reflect new file structure and dependencies
* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/matching.ts
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
* Add published field to Advisory type and refine version matching logic
* Set default version to "unknown" in discoverInstalledSkills and adjust versionMatches logic
* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/version.mjs
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/matching.ts
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
* Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/version.mjs
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
---------
Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
* Refactor skill packaging and checksum generation process
- Removed .skill package creation from the skill-release workflow and scripts, focusing on checksum generation only.
- Updated README and SKILL.md files to reflect new installation methods using clawhub.
- Simplified the skill checksums generator script to only generate checksums without packaging.
- Adjusted installation instructions across various skills to promote clawhub for easier installation.
- Enhanced error handling and verification steps in the installation scripts for individual files.
* Add ext-docs to .gitignore to exclude documentation files from version control
davida-ps
Burak Bayır
David Abutbul