gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
172 Commits 19 Branches 95 Tags
b37162a33d9deb2de3ea83a416d1a67b598e03ed
Commit Graph

172 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Abutbul b37162a33d feat(i18n): add multilingual wiki scaffolding, language switcher, and… (#212) 
* feat(i18n): add multilingual wiki scaffolding, language switcher, and translation QA pipeline

* docs(readme): adopt picoclaw-style multilingual link bar

* fix(i18n): repair localized index links and tighten partial-pair QA

* ci(i18n): fail on broken markdown links in README/wiki

* ci(i18n): add changed-files mode for markdown link checks

* i18n(de): use local Argos MT to fill untranslated German sections

* i18n(es,fr): fill untranslated sections via local Argos workflow

* i18n(ja): fill untranslated sections with scoped local Argos pass

* i18n(ko): fill untranslated sections with scoped local Argos pass

* fix(i18n): address review feedback

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-04-29 09:00:31 +03:00
dependabot[bot] 627d20b7e1 chore(deps): bump ruff from 0.15.9 to 0.15.12 in /.github (#210) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.9 to 0.15.12.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.9...0.15.12)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 14:37:49 +03:00
dependabot[bot] 87afa0de2f chore(deps): bump postcss from 8.5.6 to 8.5.12 (#209) 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.12.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.12)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 13:51:19 +03:00
github-actions[bot] 5e298bc1f7 chore: CVE advisories - 11 new, 16 updated (#211) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-26T11:27:34Z to 2026-04-28T06:51:12.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-28 13:29:28 +03:00
github-actions[bot] 808aefe40d chore: CVE advisories - 1 new, 1 updated (#207) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-24T06:36:58Z to 2026-04-26T11:26:31.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-26 14:38:45 +03:00
David Abutbul 0d2e38ddfd Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208) 
* Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs

* fix(feed): add picoclaw to core platform taxonomy and filters

* fix(picoclaw): resolve eslint errors in new skills

* chore(nvd): include picoclaw in CVE polling and cleanup report

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
picoclaw-security-guardian-v0.0.1 picoclaw-self-pen-testing-v0.0.1 		2026-04-26 14:19:18 +03:00
github-actions[bot] c53463c445 chore: CVE advisories - 31 new, 1 updated (#205) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-22T11:03:28Z to 2026-04-24T06:36:00.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-24 20:32:13 +03:00
github-actions[bot] 448a2bd577 chore: CVE advisories - 313 new, 0 updated (#193) 
Automated update from NVD CVE feed.
Keywords:
Poll window: 2025-12-23T11:02:04.000Z to 2026-04-22T11:02:04.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-22 20:02:11 +03:00
davida-ps 1efb813ed4 fix(nvd): support full CVE rebuild without arg overflow (#204) 
* fix(nvd): add hermes query specs to feed polling

* fix(nvd): derive platform fallback from matched targets

* fix(nvd): avoid arg overflow on full cve rescan

* fix(feed): add other platform filter for nonstandard slugs

* refactor(feed): centralize advisory platform badge mapping

* fix(feed): share platform normalization and fix tab callback typing

* refactor(feed): simplify platform descriptor fallback
 2026-04-22 13:58:34 +03:00
davida-ps c54f09c3a4 fix(nvd): add hermes query specs to feed polling (#203) 
* fix(nvd): add hermes query specs to feed polling

* fix(nvd): derive platform fallback from matched targets
 2026-04-21 16:18:45 +03:00
David Abutbul 26af277afd feat(hermes-attestation-guardian): v0.1.0 release hardening (verify gate + trust policy + .mjs scan context) (#200) 
* feat(hermes-attestation-guardian): release v0.0.2 hardening

* docs(wiki): add v0.0.2 hardening update note

* docs: add Hermes support coverage to README and compatibility report

* fix(hermes-attestation-guardian): address baz review on crontab detection and doc dedup

* feat(wiki): add PR-200 skill feature/platform matrix

* docs(wiki): rewrite PR-200 matrix as narrative capability mapping

* docs(readme): add skill feature matrix with requested headers

* docs(readme): replace unknowns with mapped yes/no feature matrix

* docs: move NanoClaw and CI/CD details from README to wiki modules

* docs(readme): remove platform/suite sections and keep wiki module pointers

* docs(readme): refresh project structure to match current repo

* feat(hermes-attestation-guardian): add signed advisory feed verification pipeline

* feat(hermes-attestation-guardian): add advisory-gated guarded skill verification

* feat(hermes-attestation-guardian): add advisory scheduler helper and phase-3 parity docs

* docs(wiki): expand hermes attestation guardian capability coverage

* fix(pr-200): address Baz review findings across Hermes parity rollout

* test(sandbox): extend Hermes regression to cover feed, guarded verify, and advisory scheduler

* fix(pr-200): address Baz semver parsing and feed-state fallback visibility

* fix(ci): suppress shellcheck false positives in sandbox inline docker script

* fix(hermes-attestation-guardian): fail closed on unsupported advisory ranges

* fix(hermes-attestation-guardian): restore safe install verdict in sandbox

* fix(sandbox): capture guarded verify exit under set -e

* fix(semver): fail closed on malformed affected specifiers

* docs(readme): clarify hermes capability matrix wording

* refactor(feed): share signed artifact verification flow

* refactor(cron): share managed block helpers across setup scripts

* fix(feed): require checksum manifest artifacts when enabled

* chore(hermes-skill): relocate sandbox test, refresh docs, and add v0.1.0 release notes

* chore(docs): remove remaining hermes parity plan file

* chore(release): roll hermes-attestation-guardian to v0.1.0

* chore(release): remove standalone v0.1.0 release notes file

* docs(hermes): update README status to v0.1.0

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
hermes-attestation-guardian-v0.1.0 		2026-04-21 13:56:50 +03:00
davida-ps d0fe8c59c4 fix(release): guard duplicate clawhub versions and bump watchdog to 0.1.4 (#201) openclaw-audit-watchdog-v0.1.4 2026-04-17 10:07:45 +03:00
davida-ps 4d3fe1bf10 fix(clawtributor): switch to manual approval-gated reporting flow (#198) clawtributor-v0.0.5 2026-04-17 03:05:18 +03:00
davida-ps f0f33b8121 fix(clawsec-clawhub-checker): remove suspicious install patterns (#197) 
* fix(clawsec-clawhub-checker): remove mutating setup and install scraping

* fix(clawsec-clawhub-checker): harden fail-closed reputation paths
clawsec-clawhub-checker-v0.0.3 		2026-04-17 03:01:08 +03:00
davida-ps 9e79645536 fix(clawsec-nanoclaw): isolate file io from network scan paths (#196) clawsec-nanoclaw-v0.0.4 2026-04-17 02:49:47 +03:00
davida-ps e47d1e2d69 fix(clawsec-suite): reduce moderation false positives in publish payload (#195) clawsec-suite-v0.1.7 2026-04-17 02:43:57 +03:00
davida-ps e6a1765a7f fix(openclaw-audit-watchdog): avoid dangerous-exec gate false positives (#194) 
* fix(openclaw-audit-watchdog): avoid dangerous-exec gate false positives

* fix(openclaw-audit-watchdog): align frontmatter runtime metadata

* fix(openclaw-audit-watchdog): normalize release version to 0.1.3
openclaw-audit-watchdog-v0.1.3 		2026-04-17 02:34:45 +03:00
David Abutbul 600c945fe2 feat(hermes-attestation-guardian): harden attestation verification and drift controls (#192) 
* feat(hermes-attestation-guardian): harden attestation verification and drift controls

* docs(wiki): add human-friendly claim mapping for hermes attestation guardian

* docs(wiki): expand hermes attestation claim narratives and archive draft

* fix(attestation): address Baz review findings for schema and verifier

* fix(attestation): reject broken symlink output paths

* docs(attestation): pass clean community install guard without force

* fix(attestation): harden writes and fail-closed config parsing

* feat(ui): add Hermes to rotating platform text

* test(attestation): add sandboxed Hermes regression runner script

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
hermes-attestation-guardian-v0.0.1 		2026-04-16 17:59:18 +03:00
davida-ps caad6f698c chore(skills): harden openclaw skill metadata (#191) 
* chore(skills): harden openclaw skill metadata

* fix(openclaw-audit-watchdog): add dated release note heading

* chore(skills): normalize openclaw naming

* fix(soul-guardian): preserve legacy launchd state dir

* fix(soul-guardian): clean up legacy launchd labels
clawtributor-v0.0.4 soul-guardian-v0.0.5 clawsec-feed-v0.0.6 clawsec-suite-v0.1.6 clawsec-clawhub-checker-v0.0.2 openclaw-audit-watchdog-v0.1.2 		2026-04-14 15:43:04 +03:00
github-actions[bot] 6c33384947 chore: CVE advisories - 0 new, 29 updated (#190) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-12T06:30:25Z to 2026-04-14T06:33:41.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-14 14:09:51 +03:00
github-actions[bot] a11314faa9 chore: CVE advisories - 58 new, 0 updated (#178) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-09T07:33:03Z to 2026-04-12T06:29:44.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-12 13:22:37 +03:00
github-actions[bot] 969a902fa6 chore: CVE advisories - 1 new, 0 updated (#176) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-08T20:59:34Z to 2026-04-09T07:32:24.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-09 10:47:15 +03:00
davida-ps c72f366354 fix(ci): harden nvd/scorecard dependency guardrails (#177) 
* fix(ci): harden nvd/scorecard dependency guardrails

* fix(ci): upsert nvd advisory PRs and dedupe stale branches

* fix(ci): paginate NVD PR lookup and expand scorecard triggers
 2026-04-09 10:30:20 +03:00
dependabot[bot] 6c17509c80 chore(deps): bump actions/setup-python from 5.4.0 to 6.2.0 (#108) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.4.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.4.0...a309ff8b426b58ec0e2a45f0f869d46889d02405)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-09 00:22:37 +03:00
dependabot[bot] b28fd02841 chore(deps-dev): bump @eslint/js from 9.28.0 to 9.39.4 (#124) 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.28.0 to 9.39.4.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.4/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-09 00:13:46 +03:00
dependabot[bot] 0373a137ee chore(deps-dev): bump eslint from 9.39.3 to 9.39.4 (#122) 
Bumps [eslint](https://github.com/eslint/eslint) from 9.39.3 to 9.39.4.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.3...v9.39.4)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.39.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-09 00:10:50 +03:00
dependabot[bot] e2f4303fcc chore(deps-dev): bump @typescript-eslint/parser from 8.56.1 to 8.57.1 (#137) 
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.56.1 to 8.57.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.57.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.57.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-09 00:04:39 +03:00
github-actions[bot] 0cfb9b4784 chore: CVE advisories - 0 new, 4 updated (#175) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-04-05T06:25:01Z to 2026-04-08T20:58:56.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-04-09 00:00:14 +03:00
dependabot[bot] eeb1a5d632 chore(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#135) 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.5.0 to 2.6.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...153bb8e04406b158c6c84fc1615b65b24149a1fe)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 23:58:19 +03:00
dependabot[bot] b39fe73e45 chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 (#159) 
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 4.0.5 to 5.0.0.
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128)

---
updated-dependencies:
- dependency-name: actions/deploy-pages
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 23:53:52 +03:00
dependabot[bot] 7cafbd7d77 chore(deps): bump github/codeql-action from 4.32.4 to 4.35.1 (#160) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.4 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...c10b8064de6f491fea524254123dbe5e09572f13)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 23:50:56 +03:00
dependabot[bot] a7a0993029 chore(deps): bump ruff from 0.15.6 to 0.15.9 in /.github (#169) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.6 to 0.15.9.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.6...0.15.9)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 23:41:52 +03:00
davida-ps 9827f08769 chore(clawsec-suite): add 0.1.5 changelog entry (#174) 
* chore(clawsec-suite): add 0.1.5 changelog release notes

* fix(ci): enforce release notes for bumped skills
clawsec-suite-v0.1.5 		2026-04-08 23:35:16 +03:00
davida-ps b996cff4bd fix(clawsec-suite): use release metadata for heartbeat version check (#173) 
* fix(clawsec-suite): stop false heartbeat update alerts

* chore(deps): remediate npm audit vulnerabilities

* docs(heartbeats): harden release lookup and fallback behavior

* chore(skills): remove prompt-agent

* chore(clawsec-suite): bump version to 0.1.5

* fix(ci): skip removed skills in skill-release validation
 2026-04-08 23:18:58 +03:00
github-actions[bot] bd6e9e284a chore: CVE advisories - 24 new, 20 updated (#167) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-30T06:34:41Z to 2026-04-05T06:24:22.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-04-05 12:16:06 +03:00
github-actions[bot] e0083353cf chore: CVE advisories - 19 new, 0 updated (#157) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-29T06:22:49Z to 2026-03-30T06:34:03.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-30 10:13:00 +03:00
github-actions[bot] 01f651d6aa chore: CVE advisories - 1 new, 32 updated (#155) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-25T06:21:11Z to 2026-03-29T06:22:11.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-29 11:20:51 +03:00
github-actions[bot] bd17103892 chore: CVE advisories - 0 new, 25 updated (#150) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-24T06:21:41Z to 2026-03-25T06:20:32.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-25 11:12:02 +02:00
dependabot[bot] eedcb8b85c chore(deps-dev): bump flatted from 3.4.1 to 3.4.2 (#144) 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.4.1 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.4.1...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-24 14:51:03 +02:00
github-actions[bot] 28bf775d47 chore: CVE advisories - 28 new, 34 updated (#149) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-20T06:16:32Z to 2026-03-24T06:21:01.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-24 13:57:22 +02:00
github-actions[bot] 30bcb96a23 chore: CVE advisories - 60 new, 14 updated (#143) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-18T06:21:47Z to 2026-03-20T06:15:50.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-23 00:39:24 +02:00
github-actions[bot] 0a320d18d4 chore: CVE advisories - 16 new, 13 updated (#141) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-15T06:18:51Z to 2026-03-18T06:21:06.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-18 12:56:05 +02:00
dependabot[bot] 989ea41198 chore(deps): bump ruff from 0.15.2 to 0.15.5 in /.github (#121) 
* chore(deps): bump ruff from 0.15.2 to 0.15.5 in /.github

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.2 to 0.15.5.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.2...0.15.5)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(ci): update flatted lockfile resolution for npm audit

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-03-15 13:11:08 +02:00
github-actions[bot] eb124b5f11 chore: CVE advisories - 3 new, 1 updated (#133) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-12T06:16:01Z to 2026-03-15T06:18:13.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-15 12:23:09 +02:00
github-actions[bot] 277c0abe17 chore: CVE advisories - 6 new, 20 updated (#130) 
Automated update from NVD CVE feed.
Keywords: OpenClaw clawdbot Moltbot NanoClaw WhatsApp-bot baileys
Poll window: 2026-03-10T06:12:56Z to 2026-03-12T06:15:22.000Z

Co-authored-by: davida-ps <232346510+davida-ps@users.noreply.github.com>
 2026-03-12 14:03:19 +02:00
davida-ps f0f0f1db97 fix(clawsec-scanner): release 0.0.2 with real OpenClaw DAST harness (#128) 
* fix(clawsec-scanner): ship real openclaw dast harness in 0.0.2

* fix(clawsec-scanner): classify ts harness limits as info coverage

* docs(wiki): add clawsec-scanner module documentation

* docs(release): add clawsec-suite install guidance to quick install text

* docs(readme): clarify standalone installs and suite optionality

* docs(readme): remove standalone quick-install block

* docs(readme): rename skill section and clarify suite start point
clawsec-scanner-v0.0.2 		2026-03-10 19:27:22 +02:00
dependabot[bot] 687822b6cb chore(deps-dev): bump typescript from 5.8.3 to 5.9.3 (#109) 
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.8.3 to 5.9.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.8.3...v5.9.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 5.9.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 17:10:33 +02:00
dependabot[bot] e715c8a625 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#120) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...53b83947a5a98c8d113130e565377fae1a50d02f)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 16:51:09 +02:00
dependabot[bot] bd54393ed4 chore(deps-dev): bump @types/node from 25.2.3 to 25.4.0 (#125) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.2.3 to 25.4.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 13:59:08 +02:00
dependabot[bot] 0fcc6e6b6d chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#107) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 13:55:23 +02:00