gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gnezim/clawsec:clawsec-feed-v0.0.8
Branches Tags
gnezim/clawsec:main gnezim/clawsec:dependabot/npm_and_yarn/multi-eb52c55c59 gnezim/clawsec:automated/nvd-cve-update gnezim/clawsec:traffic-archive gnezim/clawsec:fix/pin-clawhub-cli gnezim/clawsec:davida-ps/fix-skillspector-release-report gnezim/clawsec:claude/practical-dirac-ji4tem gnezim/clawsec:claude/nifty-brown-bp80vr gnezim/clawsec:dependabot/github_actions/actions/checkout-6.0.3 gnezim/clawsec:dependabot/github_actions/github/codeql-action-4.36.2 gnezim/clawsec:dependabot/npm_and_yarn/vite-8.0.13 gnezim/clawsec:dependabot/npm_and_yarn/typescript-eslint/parser-8.59.4 gnezim/clawsec:dependabot/npm_and_yarn/fast-check-4.8.0 gnezim/clawsec:dependabot/npm_and_yarn/typescript-6.0.3 gnezim/clawsec:dependabot/npm_and_yarn/eslint-plugin-react-hooks-7.1.1 gnezim/clawsec:skill/hermes-attestation-guardian-hardening-v0.0.1 gnezim/clawsec:codex/readme-all-skills gnezim/clawsec:auto-claude/004-llm-based-security-analyst-skill gnezim/clawsec:auto-claude/009-add-audit-warning-when-clawsec-verify-checksum-man
gnezim/clawsec:clawsec-feed-v0.0.9 gnezim/clawsec:clawsec-nanoclaw-v0.0.8 gnezim/clawsec:soul-guardian-v0.0.7 gnezim/clawsec:clawsec-scanner-v0.0.5 gnezim/clawsec:picoclaw-self-pen-testing-v0.0.3 gnezim/clawsec:picoclaw-traffic-guardian-v0.0.1-beta3 gnezim/clawsec:hermes-traffic-guardian-v0.0.1-beta3 gnezim/clawsec:hermes-attestation-guardian-v0.1.4 gnezim/clawsec:clawtributor-v0.0.7 gnezim/clawsec:clawsec-suite-v0.1.10 gnezim/clawsec:picoclaw-security-guardian-v0.0.4 gnezim/clawsec:openclaw-audit-watchdog-v0.1.7 gnezim/clawsec:clawsec-clawhub-checker-v0.0.6 gnezim/clawsec:openclaw-traffic-guardian-v0.0.1-beta3 gnezim/clawsec:clawsec-scanner-v0.0.4 gnezim/clawsec:clawsec-nanoclaw-v0.0.7 gnezim/clawsec:clawsec-clawhub-checker-v0.0.5 gnezim/clawsec:v0.1.0 gnezim/clawsec:picoclaw-security-guardian-v0.0.3 gnezim/clawsec:hermes-attestation-guardian-v0.1.3 gnezim/clawsec:clawsec-suite-v0.1.9 gnezim/clawsec:clawsec-nanoclaw-v0.0.6 gnezim/clawsec:clawsec-feed-v0.0.8 gnezim/clawsec:openclaw-audit-watchdog-v0.1.6 gnezim/clawsec:hermes-attestation-guardian-v0.1.2 gnezim/clawsec:clawsec-suite-v0.1.8 gnezim/clawsec:soul-guardian-v0.0.6 gnezim/clawsec:hermes-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:openclaw-audit-watchdog-v0.1.5 gnezim/clawsec:picoclaw-security-guardian-v0.0.2 gnezim/clawsec:openclaw-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:picoclaw-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:nanoclaw-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:picoclaw-self-pen-testing-v0.0.2 gnezim/clawsec:clawsec-clawhub-checker-v0.0.4 gnezim/clawsec:clawsec-nanoclaw-v0.0.5 gnezim/clawsec:claw-release-v0.0.3 gnezim/clawsec:clawsec-scanner-v0.0.3 gnezim/clawsec:clawtributor-v0.0.6 gnezim/clawsec:clawsec-feed-v0.0.7 gnezim/clawsec:hermes-attestation-guardian-v0.1.1 gnezim/clawsec:nanoclaw-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:hermes-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:openclaw-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:picoclaw-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:picoclaw-self-pen-testing-v0.0.1 gnezim/clawsec:picoclaw-security-guardian-v0.0.1 gnezim/clawsec:hermes-attestation-guardian-v0.1.0 gnezim/clawsec:openclaw-audit-watchdog-v0.1.4 gnezim/clawsec:clawtributor-v0.0.5 gnezim/clawsec:clawsec-clawhub-checker-v0.0.3 gnezim/clawsec:clawsec-nanoclaw-v0.0.4 gnezim/clawsec:clawsec-suite-v0.1.7 gnezim/clawsec:openclaw-audit-watchdog-v0.1.3 gnezim/clawsec:hermes-attestation-guardian-v0.0.1 gnezim/clawsec:soul-guardian-v0.0.5 gnezim/clawsec:openclaw-audit-watchdog-v0.1.2 gnezim/clawsec:clawtributor-v0.0.4 gnezim/clawsec:clawsec-clawhub-checker-v0.0.2 gnezim/clawsec:clawsec-suite-v0.1.6 gnezim/clawsec:clawsec-feed-v0.0.6 gnezim/clawsec:clawsec-suite-v0.1.5 gnezim/clawsec:clawsec-scanner-v0.0.2 gnezim/clawsec:clawsec-scanner-v0.0.1 gnezim/clawsec:clawsec-nanoclaw-v0.0.3 gnezim/clawsec:clawsec-suite-v0.1.4 gnezim/clawsec:clawsec-feed-v0.0.5 gnezim/clawsec:clawsec-nanoclaw-v0.0.2 gnezim/clawsec:openclaw-audit-watchdog-v0.1.1 gnezim/clawsec:clawsec-suite-v0.1.3 gnezim/clawsec:clawsec-nanoclaw-v0.0.1 gnezim/clawsec:clawsec-clawhub-checker-v0.0.1 gnezim/clawsec:clawsec-suite-v0.1.2 gnezim/clawsec:openclaw-audit-watchdog-v0.1.0 gnezim/clawsec:clawsec-suite-v0.1.1 gnezim/clawsec:clawsec-suite-v0.0.10 gnezim/clawsec:clawsec-suite-v0.0.9 gnezim/clawsec:clawsec-suite-v0.0.8 gnezim/clawsec:soul-guardian-v0.0.2 gnezim/clawsec:clawsec-suite-v0.0.6 gnezim/clawsec:clawsec-suite-v0.0.5 gnezim/clawsec:clawsec-feed-v0.0.4 gnezim/clawsec:clawsec-suite-v0.0.4 gnezim/clawsec:clawsec-feed-v0.0.3 gnezim/clawsec:clawtributor-v0.0.3 gnezim/clawsec:openclaw-audit-watchdog-v0.0.4 gnezim/clawsec:openclaw-audit-watchdog-v0.0.3 gnezim/clawsec:clawtributor-v0.0.2 gnezim/clawsec:clawsec-feed-v0.0.2 gnezim/clawsec:clawsec-suite-v0.0.3 gnezim/clawsec:clawsec-suite-v0.0.2 gnezim/clawsec:clawsec-suite-v0.0.1 gnezim/clawsec:clawtributor-v0.0.1 gnezim/clawsec:clawsec-feed-v0.0.1 gnezim/clawsec:openclaw-audit-watchdog-v0.0.1
...
compare: gnezim/clawsec:fix/pin-clawhub-cli
Branches Tags
gnezim/clawsec:dependabot/npm_and_yarn/multi-eb52c55c59 gnezim/clawsec:automated/nvd-cve-update gnezim/clawsec:traffic-archive gnezim/clawsec:fix/pin-clawhub-cli gnezim/clawsec:davida-ps/fix-skillspector-release-report gnezim/clawsec:claude/practical-dirac-ji4tem gnezim/clawsec:claude/nifty-brown-bp80vr gnezim/clawsec:main gnezim/clawsec:dependabot/github_actions/actions/checkout-6.0.3 gnezim/clawsec:dependabot/github_actions/github/codeql-action-4.36.2 gnezim/clawsec:dependabot/npm_and_yarn/vite-8.0.13 gnezim/clawsec:dependabot/npm_and_yarn/typescript-eslint/parser-8.59.4 gnezim/clawsec:dependabot/npm_and_yarn/fast-check-4.8.0 gnezim/clawsec:dependabot/npm_and_yarn/typescript-6.0.3 gnezim/clawsec:dependabot/npm_and_yarn/eslint-plugin-react-hooks-7.1.1 gnezim/clawsec:skill/hermes-attestation-guardian-hardening-v0.0.1 gnezim/clawsec:codex/readme-all-skills gnezim/clawsec:auto-claude/004-llm-based-security-analyst-skill gnezim/clawsec:auto-claude/009-add-audit-warning-when-clawsec-verify-checksum-man
gnezim/clawsec:clawsec-feed-v0.0.9 gnezim/clawsec:clawsec-nanoclaw-v0.0.8 gnezim/clawsec:soul-guardian-v0.0.7 gnezim/clawsec:clawsec-scanner-v0.0.5 gnezim/clawsec:picoclaw-self-pen-testing-v0.0.3 gnezim/clawsec:picoclaw-traffic-guardian-v0.0.1-beta3 gnezim/clawsec:hermes-traffic-guardian-v0.0.1-beta3 gnezim/clawsec:hermes-attestation-guardian-v0.1.4 gnezim/clawsec:clawtributor-v0.0.7 gnezim/clawsec:clawsec-suite-v0.1.10 gnezim/clawsec:picoclaw-security-guardian-v0.0.4 gnezim/clawsec:openclaw-audit-watchdog-v0.1.7 gnezim/clawsec:clawsec-clawhub-checker-v0.0.6 gnezim/clawsec:openclaw-traffic-guardian-v0.0.1-beta3 gnezim/clawsec:clawsec-scanner-v0.0.4 gnezim/clawsec:clawsec-nanoclaw-v0.0.7 gnezim/clawsec:clawsec-clawhub-checker-v0.0.5 gnezim/clawsec:v0.1.0 gnezim/clawsec:picoclaw-security-guardian-v0.0.3 gnezim/clawsec:hermes-attestation-guardian-v0.1.3 gnezim/clawsec:clawsec-suite-v0.1.9 gnezim/clawsec:clawsec-nanoclaw-v0.0.6 gnezim/clawsec:clawsec-feed-v0.0.8 gnezim/clawsec:openclaw-audit-watchdog-v0.1.6 gnezim/clawsec:hermes-attestation-guardian-v0.1.2 gnezim/clawsec:clawsec-suite-v0.1.8 gnezim/clawsec:soul-guardian-v0.0.6 gnezim/clawsec:hermes-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:openclaw-audit-watchdog-v0.1.5 gnezim/clawsec:picoclaw-security-guardian-v0.0.2 gnezim/clawsec:openclaw-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:picoclaw-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:nanoclaw-traffic-guardian-v0.0.1-beta2 gnezim/clawsec:picoclaw-self-pen-testing-v0.0.2 gnezim/clawsec:clawsec-clawhub-checker-v0.0.4 gnezim/clawsec:clawsec-nanoclaw-v0.0.5 gnezim/clawsec:claw-release-v0.0.3 gnezim/clawsec:clawsec-scanner-v0.0.3 gnezim/clawsec:clawtributor-v0.0.6 gnezim/clawsec:clawsec-feed-v0.0.7 gnezim/clawsec:hermes-attestation-guardian-v0.1.1 gnezim/clawsec:nanoclaw-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:hermes-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:openclaw-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:picoclaw-traffic-guardian-v0.0.1-beta1 gnezim/clawsec:picoclaw-self-pen-testing-v0.0.1 gnezim/clawsec:picoclaw-security-guardian-v0.0.1 gnezim/clawsec:hermes-attestation-guardian-v0.1.0 gnezim/clawsec:openclaw-audit-watchdog-v0.1.4 gnezim/clawsec:clawtributor-v0.0.5 gnezim/clawsec:clawsec-clawhub-checker-v0.0.3 gnezim/clawsec:clawsec-nanoclaw-v0.0.4 gnezim/clawsec:clawsec-suite-v0.1.7 gnezim/clawsec:openclaw-audit-watchdog-v0.1.3 gnezim/clawsec:hermes-attestation-guardian-v0.0.1 gnezim/clawsec:soul-guardian-v0.0.5 gnezim/clawsec:openclaw-audit-watchdog-v0.1.2 gnezim/clawsec:clawtributor-v0.0.4 gnezim/clawsec:clawsec-clawhub-checker-v0.0.2 gnezim/clawsec:clawsec-suite-v0.1.6 gnezim/clawsec:clawsec-feed-v0.0.6 gnezim/clawsec:clawsec-suite-v0.1.5 gnezim/clawsec:clawsec-scanner-v0.0.2 gnezim/clawsec:clawsec-scanner-v0.0.1 gnezim/clawsec:clawsec-nanoclaw-v0.0.3 gnezim/clawsec:clawsec-suite-v0.1.4 gnezim/clawsec:clawsec-feed-v0.0.5 gnezim/clawsec:clawsec-nanoclaw-v0.0.2 gnezim/clawsec:openclaw-audit-watchdog-v0.1.1 gnezim/clawsec:clawsec-suite-v0.1.3 gnezim/clawsec:clawsec-nanoclaw-v0.0.1 gnezim/clawsec:clawsec-clawhub-checker-v0.0.1 gnezim/clawsec:clawsec-suite-v0.1.2 gnezim/clawsec:openclaw-audit-watchdog-v0.1.0 gnezim/clawsec:clawsec-suite-v0.1.1 gnezim/clawsec:clawsec-suite-v0.0.10 gnezim/clawsec:clawsec-suite-v0.0.9 gnezim/clawsec:clawsec-suite-v0.0.8 gnezim/clawsec:soul-guardian-v0.0.2 gnezim/clawsec:clawsec-suite-v0.0.6 gnezim/clawsec:clawsec-suite-v0.0.5 gnezim/clawsec:clawsec-feed-v0.0.4 gnezim/clawsec:clawsec-suite-v0.0.4 gnezim/clawsec:clawsec-feed-v0.0.3 gnezim/clawsec:clawtributor-v0.0.3 gnezim/clawsec:openclaw-audit-watchdog-v0.0.4 gnezim/clawsec:openclaw-audit-watchdog-v0.0.3 gnezim/clawsec:clawtributor-v0.0.2 gnezim/clawsec:clawsec-feed-v0.0.2 gnezim/clawsec:clawsec-suite-v0.0.3 gnezim/clawsec:clawsec-suite-v0.0.2 gnezim/clawsec:clawsec-suite-v0.0.1 gnezim/clawsec:clawtributor-v0.0.1 gnezim/clawsec:clawsec-feed-v0.0.1 gnezim/clawsec:openclaw-audit-watchdog-v0.0.1

19 Commits
clawsec-feed-v0.0.8 ... fix/pin-clawhub-cli

Author SHA1 Message Date
David Abutbul f76824bdb6 ci(skills): pin clawhub CLI by hash via committed lockfile 
Scorecard flags the skill-release workflow's npm install of the clawhub
CLI (code-scanning alerts #25/#26): version pinning alone carries no
integrity guarantee. Install it with npm ci from a committed
package-lock.json instead, so every package (clawhub + 35 transitive
deps) is verified against its sha512 hash at install time.

The publish-payload patch step now resolves the module from the local
node_modules instead of npm root -g.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-11 14:39:56 +03:00
davida-ps 9fd3059271 fix(traffic): require a traffic-capable PAT for the archive workflow (#265) 
* fix(traffic): use a traffic-capable PAT for the archive workflow

The daily Archive GitHub Traffic run has failed since creation: the
TRAFFIC_ARCHIVE_TOKEN secret was never provisioned, so the workflow fell
back to github.token, which GitHub categorically rejects on traffic
endpoints (403 "Resource not accessible by integration").

- Fall back to the existing POLL_NVD_CVES_PAT automation token instead
  of github.token, keeping TRAFFIC_ARCHIVE_TOKEN as the preferred
  override once provisioned.
- Fail fast with an actionable error when no traffic-capable token is
  configured.
- Explain token requirements in the script's 401/403 errors.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(traffic): require dedicated TRAFFIC_ARCHIVE_TOKEN, drop expired PAT fallback

A live dispatch confirmed POLL_NVD_CVES_PAT is expired (401 Bad
credentials), so falling back to it only trades one daily failure for
another. Require the dedicated secret and fail fast with setup
instructions instead.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
 2026-06-11 08:25:56 +03:00
davida-ps 1b676fd42c fix(skills): scan staged payload with SkillSpector (#264) 
* fix(skills): scan staged payload with skillspector

* fix(skills): embed skillspector report in releases

* fix(skills): use body path for release notes
 2026-06-10 17:18:54 +03:00
davida-ps 59d54ed778 fix(skills): namespace ClawHub skill slugs (#263) 
* fix(release): map ClawHub publish slugs

* fix(release): share skill platform parsing
 2026-06-10 16:39:19 +03:00
Burak Bayır d99f324f72 feat(openclaw-traffic-guardian): add social action review scope (#261) 
* feat(openclaw-traffic-guardian): add social action review scope

* fix(openclaw-traffic-guardian): cover background repeats

* fix(openclaw-traffic-guardian): address policy review release gates

* docs(openclaw-traffic-guardian): credit policy review contributor

* docs(openclaw-traffic-guardian): inline contributor credit

* docs(openclaw-traffic-guardian): reference policy review spec

* ci(skills): allow unreleased version edits

* ci(skills): use directory name for release tag checks

---------

Co-authored-by: kriptoburak <kriptoburak@users.noreply.github.com>
Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-06-10 14:46:52 +03:00
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
 2026-06-10 13:22:22 +03:00
github-actions[bot] d7312d7429 chore: update NVD/GHSA advisories - 1 NVD new, 0 NVD updated (#257) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-06-03T07:38:12Z to 2026-06-10T08:29:07.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-06-10 11:35:17 +03:00
davida-ps cb58e588c5 fix(workflow): filter dispatched codeql runs with jq (#260) 2026-06-10 11:23:30 +03:00
davida-ps 3cef7aa46b fix(security): harden high scan findings (#258) 
* fix(security): harden high scan findings

* fix(security): tighten review hardening

* fix(nanoclaw): preserve prerelease advisory matching
 2026-06-07 13:00:56 +03:00
davida-ps 11f0fc50c4 fix(deps): bump react-router (#256) 2026-06-04 11:10:54 +03:00
davida-ps cfe1b40cf2 feat(traffic): archive repository traffic metrics (#252) 
* feat(traffic): archive repository traffic metrics

* fix(traffic): address archive review feedback

* fix(traffic): keep archive output json-only

* test(traffic): centralize archive fixture dates
 2026-06-04 11:00:13 +03:00
github-actions[bot] f56a0864f7 chore: update NVD/GHSA advisories - 6 NVD new, 6 NVD updated (#251) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-31T07:16:20Z to 2026-06-03T07:36:53.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-06-03 11:10:10 +03:00
github-actions[bot] 58b092d6d0 chore: update NVD/GHSA advisories - 7 NVD new, 1 NVD updated (#250) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-27T06:34:09Z to 2026-05-31T07:15:12.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-31 10:32:39 +03:00
dependabot[bot] babddfd3f2 chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (#245) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-27 14:39:47 +03:00
davida-ps 47a5696cb6 fix(workflow): wait for dispatched codeql run by sha and time (#248) 2026-05-27 10:03:29 +03:00
github-actions[bot] 5d868bf60f chore: update NVD/GHSA advisories - 9 NVD new, 9 NVD updated (#247) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-24T18:52:13Z to 2026-05-27T06:32:58.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-27 09:48:52 +03:00
davida-ps b57d0f1db2 fix(deps): avoid vulnerable brace-expansion range (#244) 
* fix(deps): avoid vulnerable brace-expansion range

* fix(deps): use patched brace-expansion release
 2026-05-27 09:23:45 +03:00
davida-ps b91e5e4c94 docs: add citation metadata (#246) 
* docs: add citation metadata

* docs: add project release metadata
 2026-05-27 03:10:02 +03:00
github-actions[bot] 2e793639f2 chore: update NVD/GHSA advisories - 0 NVD new, 1 NVD updated (#241) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-16T22:02:27Z to 2026-05-24T18:50:11.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-05-25 00:37:22 +03:00
108 changed files with 25251 additions and 705 deletions
Expand all files Collapse all files
.claude-plugin/marketplace.json
+56
View File
@@ -0,0 +1,56 @@
{
"plugins": [
{
"name": "global-skills",
"source": "./",
"skills": [
"./skills/clawtributor"
]
},
{
"name": "hermes-skills",
"source": "./",
"skills": [
"./skills/hermes-attestation-guardian",
"./skills/hermes-traffic-guardian"
]
},
{
"name": "nano-claw-skills",
"source": "./",
"skills": [
"./skills/clawsec-nanoclaw",
"./skills/nanoclaw-traffic-guardian"
]
},
{
"name": "open-claw-skills",
"source": "./",
"skills": [
"./skills/clawsec-clawhub-checker",
"./skills/clawsec-feed",
"./skills/clawsec-scanner",
"./skills/clawsec-suite",
"./skills/openclaw-audit-watchdog",
"./skills/openclaw-traffic-guardian",
"./skills/soul-guardian"
]
},
{
"name": "pico-claw-skills",
"source": "./",
"skills": [
"./skills/picoclaw-security-guardian",
"./skills/picoclaw-self-pen-testing",
"./skills/picoclaw-traffic-guardian"
]
},
{
"name": "repo-internal-skills",
"source": "./",
"skills": [
"./skills/claw-release"
]
}
]
}
.github/clawhub-cli/package-lock.json
Generated
+406
View File
@@ -0,0 +1,406 @@
{
"name": "clawhub-cli-pin",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "clawhub-cli-pin",
"dependencies": {
"clawhub": "0.7.0"
}
},
"node_modules/@ark/schema": {
"version": "0.56.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/@ark/schema/-/schema-0.56.0.tgz",
"integrity": "sha512-ECg3hox/6Z/nLajxXqNhgPtNdHWC9zNsDyskwO28WinoFEnWow4IsERNz9AnXRhTZJnYIlAJ4uGn3nlLk65vZA==",
"dependencies": {
"@ark/util": "0.56.0"
}
},
"node_modules/@ark/util": {
"version": "0.56.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/@ark/util/-/util-0.56.0.tgz",
"integrity": "sha512-BghfRC8b9pNs3vBoDJhcta0/c1J1rsoS1+HgVUreMFPdhz/CRAKReAu57YEllNaSy98rWAdY1gE+gFup7OXpgA=="
},
"node_modules/@clack/core": {
"version": "0.5.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/@clack/core/-/core-0.5.0.tgz",
"integrity": "sha512-p3y0FIOwaYRUPRcMO7+dlmLh8PSRcrjuTndsiA0WAFbWES0mLZlrjVoBRZ9DzkPFJZG6KGkJmoEAY0ZcVWTkow==",
"dependencies": {
"picocolors": "^1.0.0",
"sisteransi": "^1.0.5"
}
},
"node_modules/@clack/prompts": {
"version": "0.11.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/@clack/prompts/-/prompts-0.11.0.tgz",
"integrity": "sha512-pMN5FcrEw9hUkZA4f+zLlzivQSeQf5dRGJjSUbvVYDLvpKCdQx5OaknvKzgbtXOizhP+SJJJjqEbOe55uKKfAw==",
"dependencies": {
"@clack/core": "0.5.0",
"picocolors": "^1.0.0",
"sisteransi": "^1.0.5"
}
},
"node_modules/ansi-regex": {
"version": "6.2.2",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/ansi-regex/-/ansi-regex-6.2.2.tgz",
"integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
"engines": {
"node": ">=12"
},
"funding": {
"url": "https://github.com/chalk/ansi-regex?sponsor=1"
}
},
"node_modules/arkregex": {
"version": "0.0.5",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/arkregex/-/arkregex-0.0.5.tgz",
"integrity": "sha512-ncYjBdLlh5/QnVsAA8De16Tc9EqmYM7y/WU9j+236KcyYNUXogpz3sC4ATIZYzzLxwI+0sEOaQLEmLmRleaEXw==",
"dependencies": {
"@ark/util": "0.56.0"
}
},
"node_modules/arktype": {
"version": "2.2.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/arktype/-/arktype-2.2.0.tgz",
"integrity": "sha512-t54MZ7ti5BhOEvzEkgKnWvqj+UbDfWig+DHr5I34xatymPusKLS0lQpNJd8M6DzmIto2QGszHfNKoFIT8tMCZQ==",
"dependencies": {
"@ark/schema": "0.56.0",
"@ark/util": "0.56.0",
"arkregex": "0.0.5"
}
},
"node_modules/chalk": {
"version": "5.6.2",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/chalk/-/chalk-5.6.2.tgz",
"integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==",
"engines": {
"node": "^12.17.0 || ^14.13 || >=16.0.0"
},
"funding": {
"url": "https://github.com/chalk/chalk?sponsor=1"
}
},
"node_modules/clawhub": {
"version": "0.7.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/clawhub/-/clawhub-0.7.0.tgz",
"integrity": "sha512-volW6SbX8PawlnRxxCoUTKv5Pi+N3MrBi3hlO5/m9bVaO43UFciEeYti9+01c2U5n/SKhUkw7ASvnleyNmcoSA==",
"dependencies": {
"@clack/prompts": "^0.11.0",
"arktype": "^2.1.29",
"commander": "^14.0.2",
"fflate": "^0.8.2",
"ignore": "^7.0.5",
"json5": "^2.2.3",
"mime": "^4.1.0",
"ora": "^9.0.0",
"p-retry": "^7.1.1",
"semver": "^7.7.3",
"undici": "^7.16.0"
},
"bin": {
"clawdhub": "bin/clawdhub.js",
"clawhub": "bin/clawdhub.js"
},
"engines": {
"node": ">=20"
}
},
"node_modules/cli-cursor": {
"version": "5.0.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/cli-cursor/-/cli-cursor-5.0.0.tgz",
"integrity": "sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==",
"dependencies": {
"restore-cursor": "^5.0.0"
},
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/cli-spinners": {
"version": "3.4.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/cli-spinners/-/cli-spinners-3.4.0.tgz",
"integrity": "sha512-bXfOC4QcT1tKXGorxL3wbJm6XJPDqEnij2gQ2m7ESQuE+/z9YFIWnl/5RpTiKWbMq3EVKR4fRLJGn6DVfu0mpw==",
"engines": {
"node": ">=18.20"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/commander": {
"version": "14.0.3",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/commander/-/commander-14.0.3.tgz",
"integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==",
"engines": {
"node": ">=20"
}
},
"node_modules/fflate": {
"version": "0.8.3",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/fflate/-/fflate-0.8.3.tgz",
"integrity": "sha512-tbZNuJrLwGUp3zshBtdy4W+ORxZuIh8a5ilyIEQDC5rY1f3U20JMry0Ll3WBzU58EZKsEuJFXhb5gwv8CsPvgA=="
},
"node_modules/get-east-asian-width": {
"version": "1.6.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/get-east-asian-width/-/get-east-asian-width-1.6.0.tgz",
"integrity": "sha512-QRbvDIbx6YklUe6RxeTeleMR0yv3cYH6PsPZHcnVn7xv7zO1BHN8r0XETu8n6Ye3Q+ahtSarc3WgtNWmehIBfA==",
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/ignore": {
"version": "7.0.5",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/ignore/-/ignore-7.0.5.tgz",
"integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
"engines": {
"node": ">= 4"
}
},
"node_modules/is-interactive": {
"version": "2.0.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/is-interactive/-/is-interactive-2.0.0.tgz",
"integrity": "sha512-qP1vozQRI+BMOPcjFzrjXuQvdak2pHNUMZoeG2eRbiSqyvbEf/wQtEOTOX1guk6E3t36RkaqiSt8A/6YElNxLQ==",
"engines": {
"node": ">=12"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/is-network-error": {
"version": "1.3.2",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/is-network-error/-/is-network-error-1.3.2.tgz",
"integrity": "sha512-PhBY86zaxNZUuWP6h13Vu5oFe0XY6/UlKzQnYFELzGVHygP3MxmvTfYSG7GN3aIab/iWudSMgjSnG9Dq+nHrgA==",
"engines": {
"node": ">=16"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/is-unicode-supported": {
"version": "2.1.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/is-unicode-supported/-/is-unicode-supported-2.1.0.tgz",
"integrity": "sha512-mE00Gnza5EEB3Ds0HfMyllZzbBrmLOX3vfWoj9A9PEnTfratQ/BcaJOuMhnkhjXvb2+FkY3VuHqtAGpTPmglFQ==",
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/json5": {
"version": "2.2.3",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/json5/-/json5-2.2.3.tgz",
"integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
"bin": {
"json5": "lib/cli.js"
},
"engines": {
"node": ">=6"
}
},
"node_modules/log-symbols": {
"version": "7.0.1",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/log-symbols/-/log-symbols-7.0.1.tgz",
"integrity": "sha512-ja1E3yCr9i/0hmBVaM0bfwDjnGy8I/s6PP4DFp+yP+a+mrHO4Rm7DtmnqROTUkHIkqffC84YY7AeqX6oFk0WFg==",
"dependencies": {
"is-unicode-supported": "^2.0.0",
"yoctocolors": "^2.1.1"
},
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/mime": {
"version": "4.1.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/mime/-/mime-4.1.0.tgz",
"integrity": "sha512-X5ju04+cAzsojXKes0B/S4tcYtFAJ6tTMuSPBEn9CPGlrWr8Fiw7qYeLT0XyH80HSoAoqWCaz+MWKh22P7G1cw==",
"funding": [
"https://github.com/sponsors/broofa"
],
"bin": {
"mime": "bin/cli.js"
},
"engines": {
"node": ">=16"
}
},
"node_modules/mimic-function": {
"version": "5.0.1",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/mimic-function/-/mimic-function-5.0.1.tgz",
"integrity": "sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==",
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/onetime": {
"version": "7.0.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/onetime/-/onetime-7.0.0.tgz",
"integrity": "sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==",
"dependencies": {
"mimic-function": "^5.0.0"
},
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/ora": {
"version": "9.4.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/ora/-/ora-9.4.0.tgz",
"integrity": "sha512-84cglkRILFxdtA8hAvLNdMrtBpPNBTrQ9/ulg0FA7xLMnD6mifv+enAIeRmvtv+WgdCE+LPGOfQmtJRrVaIVhQ==",
"dependencies": {
"chalk": "^5.6.2",
"cli-cursor": "^5.0.0",
"cli-spinners": "^3.2.0",
"is-interactive": "^2.0.0",
"is-unicode-supported": "^2.1.0",
"log-symbols": "^7.0.1",
"stdin-discarder": "^0.3.2",
"string-width": "^8.1.0"
},
"engines": {
"node": ">=20"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/p-retry": {
"version": "7.1.1",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/p-retry/-/p-retry-7.1.1.tgz",
"integrity": "sha512-J5ApzjyRkkf601HpEeykoiCvzHQjWxPAHhyjFcEUP2SWq0+35NKh8TLhpLw+Dkq5TZBFvUM6UigdE9hIVYTl5w==",
"dependencies": {
"is-network-error": "^1.1.0"
},
"engines": {
"node": ">=20"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/picocolors": {
"version": "1.1.1",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/picocolors/-/picocolors-1.1.1.tgz",
"integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA=="
},
"node_modules/restore-cursor": {
"version": "5.1.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/restore-cursor/-/restore-cursor-5.1.0.tgz",
"integrity": "sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==",
"dependencies": {
"onetime": "^7.0.0",
"signal-exit": "^4.1.0"
},
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/semver": {
"version": "7.8.4",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/semver/-/semver-7.8.4.tgz",
"integrity": "sha512-rUCObTnP32Q08R2uuIrt7r9PlEonuTmtuXYcW6s5kjdlj3xbnwe+21yXptAUYcMAABLkYYTtnmzb3w3EDZfueA==",
"bin": {
"semver": "bin/semver.js"
},
"engines": {
"node": ">=10"
}
},
"node_modules/signal-exit": {
"version": "4.1.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/signal-exit/-/signal-exit-4.1.0.tgz",
"integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
"engines": {
"node": ">=14"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/sisteransi": {
"version": "1.0.5",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/sisteransi/-/sisteransi-1.0.5.tgz",
"integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg=="
},
"node_modules/stdin-discarder": {
"version": "0.3.2",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/stdin-discarder/-/stdin-discarder-0.3.2.tgz",
"integrity": "sha512-eCPu1qRxPVkl5605OTWF8Wz40b4Mf45NY5LQmVPQ599knfs5QhASUm9GbJ5BDMDOXgrnh0wyEdvzmL//YMlw0A==",
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/string-width": {
"version": "8.2.1",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/string-width/-/string-width-8.2.1.tgz",
"integrity": "sha512-IIaP0g3iy9Cyy18w3M9YcaDudujEAVHKt3a3QJg1+sr/oX96TbaGUubG0hJyCjCBThFH+tFpcIyoUHUn1ogaLA==",
"dependencies": {
"get-east-asian-width": "^1.5.0",
"strip-ansi": "^7.1.2"
},
"engines": {
"node": ">=20"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/strip-ansi": {
"version": "7.2.0",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/strip-ansi/-/strip-ansi-7.2.0.tgz",
"integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
"dependencies": {
"ansi-regex": "^6.2.2"
},
"engines": {
"node": ">=12"
},
"funding": {
"url": "https://github.com/chalk/strip-ansi?sponsor=1"
}
},
"node_modules/undici": {
"version": "7.27.2",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/undici/-/undici-7.27.2.tgz",
"integrity": "sha512-uZsKNuzQxDMUY6M3pIMvy5tvlGmtq8XJ2oLAkfRKGNu+1VQAIvLy2xIVG5ATZl5wDXl/tddByAWCizRbOme+TA==",
"engines": {
"node": ">=20.18.1"
}
},
"node_modules/yoctocolors": {
"version": "2.1.2",
"resolved": "https://prompt-security-443370709039.d.codeartifact.eu-north-1.amazonaws.com/npm/npm-proxy/yoctocolors/-/yoctocolors-2.1.2.tgz",
"integrity": "sha512-CzhO+pFNo8ajLM2d2IW/R93ipy99LWjtwblvC1RsoSUMZgyLbYFr221TnSNT7GjGdYui6P459mw9JH/g/zW2ug==",
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
}
}
}
.github/clawhub-cli/package.json
+8
View File
@@ -0,0 +1,8 @@
{
"name": "clawhub-cli-pin",
"private": true,
"description": "Pins the clawhub CLI used by skill-release.yml; package-lock.json provides the integrity hashes. Bump the version here and regenerate the lockfile with: npm install --package-lock-only",
"dependencies": {
"clawhub": "0.7.0"
}
}
.github/workflows/archive-traffic.yml
+86
View File
@@ -0,0 +1,86 @@
name: Archive GitHub Traffic
on:
schedule:
- cron: '17 3 * * *'
workflow_dispatch:
permissions:
contents: write
concurrency:
group: traffic-archive
cancel-in-progress: false
env:
TRAFFIC_ARCHIVE_BRANCH: traffic-archive
TRAFFIC_ARCHIVE_DIR: ../traffic-archive/traffic
jobs:
archive:
name: Capture traffic snapshot
runs-on: ubuntu-latest
steps:
- name: Checkout source
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '20'
cache: 'npm'
- name: Prepare archive branch
env:
ARCHIVE_PUSH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
server="${GITHUB_SERVER_URL#https://}"
archive_remote="https://x-access-token:${ARCHIVE_PUSH_TOKEN}@${server}/${GITHUB_REPOSITORY}.git"
if git ls-remote --exit-code --heads "${archive_remote}" "${TRAFFIC_ARCHIVE_BRANCH}" >/dev/null 2>&1; then
git clone --branch "${TRAFFIC_ARCHIVE_BRANCH}" --depth 1 "${archive_remote}" ../traffic-archive
else
git init -b "${TRAFFIC_ARCHIVE_BRANCH}" ../traffic-archive
git -C ../traffic-archive remote add origin "${archive_remote}"
fi
mkdir -p "${TRAFFIC_ARCHIVE_DIR}"
- name: Collect traffic
env:
# Traffic endpoints reject the Actions GITHUB_TOKEN ("Resource not
# accessible by integration") — a PAT from a user with push access
# is required: classic with repo scope, or fine-grained with read
# access to Administration on this repository.
GH_TRAFFIC_TOKEN: ${{ secrets.TRAFFIC_ARCHIVE_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
run: |
set -euo pipefail
if [ -z "${GH_TRAFFIC_TOKEN}" ]; then
echo "::error::No traffic-capable token configured. Set the TRAFFIC_ARCHIVE_TOKEN secret to a PAT with push access (classic: repo scope; fine-grained: Administration read)."
exit 1
fi
node scripts/archive-github-traffic.mjs --archive-dir "${TRAFFIC_ARCHIVE_DIR}"
- name: Commit archive
run: |
set -euo pipefail
cd ../traffic-archive
git add traffic/archive.json traffic/summary.json
git rm --ignore-unmatch traffic/README.md
if git diff --cached --quiet; then
echo "No traffic archive changes."
exit 0
fi
git commit -m "chore(traffic): archive repository traffic $(date -u +%F)"
git push origin HEAD:${TRAFFIC_ARCHIVE_BRANCH}
.github/workflows/ci.yml
+8 -2
View File
@@ -111,10 +111,16 @@ jobs:
run: node scripts/test-nvd-ghsa-consolidation-workflow.mjs
- name: NVD + GHSA Pipeline Dry Run
run: node scripts/test-nvd-ghsa-pipeline-dry-run.mjs
- name: Skill Release Workflow Tests
run: node scripts/test-skill-release-workflow.mjs
- name: Skill Release Tooling Tests
run: |
set -euo pipefail
for test_file in scripts/test-skill-*.mjs; do
node "$test_file"
done
- name: Deploy Pages Advisory Checksums Tests
run: node scripts/test-deploy-pages-checksums.mjs
- name: GitHub Traffic Archive Tests
run: node scripts/test-github-traffic-archive.mjs
clawsec-suite-tests:
name: ClawSec Suite Verification Tests
.github/workflows/codeql.yml
+2 -2
View File
@@ -27,7 +27,7 @@ jobs:
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Initialize CodeQL
uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
@@ -38,4 +38,4 @@ jobs:
- name: Build project
run: npm run build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
.github/workflows/poll-nvd-cves.yml
+18 -4
View File
@@ -1055,7 +1055,10 @@ jobs:
exit 1
fi
echo "Dispatching CodeQL for branch: $BRANCH"
EXPECTED_HEAD_SHA="$(git rev-parse HEAD)"
DISPATCHED_AT="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
echo "Dispatching CodeQL for branch: $BRANCH (head: $EXPECTED_HEAD_SHA, dispatched_at: $DISPATCHED_AT)"
gh workflow run codeql.yml --ref "$BRANCH"
RUN_ID=""
@@ -1064,8 +1067,13 @@ jobs:
--workflow "CodeQL" \
--branch "$BRANCH" \
--event workflow_dispatch \
--json databaseId,createdAt \
--jq 'sort_by(.createdAt) | last | .databaseId // empty')
--limit 50 \
--json databaseId,createdAt,headSha \
| jq -r --arg since "$DISPATCHED_AT" --arg sha "$EXPECTED_HEAD_SHA" '
map(select(.createdAt >= $since and .headSha == $sha))
| sort_by(.createdAt)
| last
| .databaseId // empty')
if [ -n "$RUN_ID" ]; then
break
fi
@@ -1073,7 +1081,13 @@ jobs:
done
if [ -z "$RUN_ID" ]; then
echo "::error::Unable to locate dispatched CodeQL run for branch $BRANCH"
echo "::error::Unable to locate dispatched CodeQL run for branch $BRANCH after $DISPATCHED_AT (head: $EXPECTED_HEAD_SHA)"
gh run list \
--workflow "CodeQL" \
--branch "$BRANCH" \
--event workflow_dispatch \
--limit 5 \
--json databaseId,createdAt,headSha,status,conclusion || true
exit 1
fi
.github/workflows/scorecard.yml
+1 -1
View File
@@ -84,6 +84,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
with:
sarif_file: results.sarif
.github/workflows/skill-release.yml
+381 -52
View File
@@ -7,6 +7,9 @@ on:
pull_request:
paths:
- 'skills/**'
- '.github/workflows/skill-release.yml'
- 'scripts/ci/**'
- 'scripts/test-skill-*.mjs'
workflow_dispatch:
inputs:
tag:
@@ -16,8 +19,8 @@ on:
permissions: read-all
env:
CLAWHUB_CLI_VERSION: 0.7.0
# The clawhub CLI version is pinned (with integrity hashes) in
# .github/clawhub-cli/package-lock.json — bump it there.
concurrency:
group: skill-release-${{ github.ref }}
@@ -35,6 +38,11 @@ jobs:
with:
fetch-depth: 0
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 20
- name: Verify signing key consistency (repo + docs)
run: ./scripts/ci/verify_signing_key_consistency.sh
@@ -144,14 +152,6 @@ jobs:
md_version_changed=true
fi
if [ "${json_version_changed}" != "true" ] && [ "${md_version_changed}" != "true" ]; then
echo "::error file=${skill_dir}::Changed skill package has no version bump. Update skill.json and SKILL.md versions and add CHANGELOG.md release notes."
failures=$((failures + 1))
continue
fi
echo "Version bump detected for ${skill_dir} (skill.json changed: ${json_version_changed}, SKILL.md changed: ${md_version_changed})"
if [ ! -f "${json_path}" ]; then
echo "::error file=${json_path}::Missing skill.json after version bump."
failures=$((failures + 1))
@@ -182,6 +182,20 @@ jobs:
continue
fi
skill_release_name="$(basename "${skill_dir}")"
release_tag="${skill_release_name}-v${head_json_version}"
if [ "${json_version_changed}" != "true" ] && [ "${md_version_changed}" != "true" ]; then
if git show-ref --verify --quiet "refs/tags/${release_tag}"; then
echo "::error file=${skill_dir}::Changed skill package has no version bump and release tag ${release_tag} already exists. Update skill.json and SKILL.md versions and add CHANGELOG.md release notes."
failures=$((failures + 1))
continue
fi
echo "No version bump detected for ${skill_dir}, but release tag ${release_tag} does not exist; treating ${head_json_version} as unreleased."
else
echo "Version bump detected for ${skill_dir} (skill.json changed: ${json_version_changed}, SKILL.md changed: ${md_version_changed})"
fi
echo "Version parity OK for ${skill_dir}: ${head_json_version}"
changelog_path="${skill_dir}/CHANGELOG.md"
@@ -223,11 +237,17 @@ jobs:
fi
if [ "${failures}" -gt 0 ]; then
echo "::error::Found ${failures} skill metadata/release-notes issue(s) across ${checked_skills} bumped skill(s)."
echo "::error::Found ${failures} skill metadata/release-notes issue(s) across ${checked_skills} changed skill(s)."
exit 1
fi
echo "Validated ${checked_skills} bumped skill(s): version parity and changelog release notes are present."
echo "Validated ${checked_skills} changed skill(s): version parity and changelog release notes are present."
- name: Validate npx skills install docs
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
run: node scripts/ci/validate_skill_install_docs.mjs --base "$BASE_SHA" --head "$HEAD_SHA"
release:
if: github.event_name == 'pull_request'
@@ -241,6 +261,21 @@ jobs:
with:
fetch-depth: 0
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 20
- name: Install SkillSpector
run: |
set -euo pipefail
python3 -m venv /tmp/skillspector-venv
. /tmp/skillspector-venv/bin/activate
git clone --depth 1 https://github.com/NVIDIA/SkillSpector.git /tmp/skillspector
make -C /tmp/skillspector install
echo "/tmp/skillspector-venv/bin" >> "$GITHUB_PATH"
skillspector --help >/dev/null
- name: Generate test signing key for dry-run
run: |
set -euo pipefail
@@ -399,6 +434,50 @@ jobs:
[[ "$lower" == test/* || "$lower" == tests/* || "$lower" == */test/* || "$lower" == */tests/* ]]
}
generate_skillspector_report() {
local skill_dir="$1"
local report_path="$2"
set +e
skillspector scan "${skill_dir}" --no-llm --format markdown --output "${report_path}"
local status=$?
set -e
if [ ! -s "${report_path}" ]; then
echo "::error file=${skill_dir}::SkillSpector did not produce a report."
return 1
fi
if [ "${status}" -ne 0 ]; then
echo "::warning file=${report_path}::SkillSpector returned exit code ${status}; report is included for review."
fi
}
add_release_asset_checksum() {
local out_assets="$1"
local asset="$2"
local file_path="${out_assets}/${asset}"
local sha256
local size
local tmp_json
if [ ! -s "${file_path}" ]; then
echo "::error file=${file_path}::Required release trust artifact is missing or empty."
return 1
fi
sha256="$(sha256sum "${file_path}" | awk '{print $1}')"
size="$(stat -c%s "${file_path}" 2>/dev/null || stat -f%z "${file_path}")"
tmp_json="$(mktemp)"
jq \
--arg key "${asset}" \
--arg sha "${sha256}" \
--argjson sz "${size}" \
'.files += {($key): {sha256: $sha, size: $sz, path: $key}}' \
"${out_assets}/checksums.json" > "${tmp_json}"
mv "${tmp_json}" "${out_assets}/checksums.json"
}
while IFS= read -r skill_dir; do
json_path="${skill_dir}/skill.json"
md_path="${skill_dir}/SKILL.md"
@@ -622,6 +701,58 @@ jobs:
continue
fi
# --- Generate release trust packet and include it in signed checksums ---
node scripts/ci/generate_skill_release_trust_packet.mjs \
"${skill_dir}" \
"${out_assets}" \
--repository "${{ github.repository }}" \
--tag "${tag}" \
--source-ref "${HEAD_SHA}"
# --- Generate SkillSpector report ---
if ! generate_skillspector_report "${inner_dir}" "${out_assets}/skillspector-report.md"; then
failures=$((failures + 1))
rm -rf "${staging_dir}"
echo "::endgroup::"
continue
fi
if ! add_release_asset_checksum "${out_assets}" "skill-card.md"; then
failures=$((failures + 1))
rm -rf "${staging_dir}"
echo "::endgroup::"
continue
fi
if ! add_release_asset_checksum "${out_assets}" "permissions.json"; then
failures=$((failures + 1))
rm -rf "${staging_dir}"
echo "::endgroup::"
continue
fi
if ! add_release_asset_checksum "${out_assets}" "install.md"; then
failures=$((failures + 1))
rm -rf "${staging_dir}"
echo "::endgroup::"
continue
fi
if ! add_release_asset_checksum "${out_assets}" "skillspector-report.md"; then
failures=$((failures + 1))
rm -rf "${staging_dir}"
echo "::endgroup::"
continue
fi
if ! jq -e . "${out_assets}/checksums.json" >/dev/null 2>&1; then
echo "::error::Generated checksums.json is invalid JSON after adding release trust artifacts."
failures=$((failures + 1))
rm -rf "${staging_dir}"
echo "::endgroup::"
continue
fi
# --- Copy skill.json and root-level docs alongside the zip ---
cp "${json_path}" "${out_assets}/skill.json"
if [ -f "${skill_dir}/SKILL.md" ]; then
@@ -652,6 +783,56 @@ jobs:
echo "Release dry-run completed successfully for ${dry_run_count} changed skill(s)."
simulate-tag-release-build:
if: github.event_name == 'pull_request'
needs: validate-pr-version-sync
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 20
- name: Install SkillSpector
run: |
set -euo pipefail
python3 -m venv /tmp/skillspector-venv
. /tmp/skillspector-venv/bin/activate
git clone --depth 1 https://github.com/NVIDIA/SkillSpector.git /tmp/skillspector
make -C /tmp/skillspector install
echo "/tmp/skillspector-venv/bin" >> "$GITHUB_PATH"
skillspector --help >/dev/null
- name: Simulate tag release build
run: |
set -euo pipefail
mkdir -p dist/tag-release-simulation
for skill_json in skills/*/skill.json; do
skill_dir="${skill_json%/skill.json}"
skill_name="$(basename "${skill_dir}")"
echo "::group::Simulate tag release build for ${skill_name}"
node scripts/ci/simulate_skill_tag_release.mjs \
"${skill_dir}" \
"dist/tag-release-simulation/${skill_name}" \
--repository "${{ github.repository }}" \
--source-ref "${{ github.event.pull_request.head.sha }}"
jq -e '.simulated_version | test("^[0-9]+\\.[0-9]+\\.[0-9]+(-[a-zA-Z0-9]+)?$")' \
"dist/tag-release-simulation/${skill_name}/simulation-summary.json" >/dev/null
test -s "dist/tag-release-simulation/${skill_name}/release-assets/checksums.json"
test -s "dist/tag-release-simulation/${skill_name}/release-assets/checksums.sig"
test -s "dist/tag-release-simulation/${skill_name}/release-assets/signing-public.pem"
test -s "dist/tag-release-simulation/${skill_name}/release-assets/skillspector-report.md"
echo "::endgroup::"
done
release-tag:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
@@ -664,6 +845,7 @@ jobs:
publishable: ${{ steps.publishable.outputs.publishable }}
openclaw_skill: ${{ steps.publishable.outputs.openclaw_skill }}
publish_clawhub: ${{ steps.publishable.outputs.publish_clawhub }}
clawhub_slug: ${{ steps.publishable.outputs.clawhub_slug }}
steps:
- name: Parse tag
id: parse
@@ -761,16 +943,32 @@ jobs:
PUBLISH_CLAWHUB=true
fi
CLAWHUB_SLUG=$(node scripts/ci/resolve_clawhub_slug.mjs "$SKILL_PATH")
echo "internal=${INTERNAL}" >> $GITHUB_OUTPUT
echo "openclaw_skill=${OPENCLAW_SKILL}" >> $GITHUB_OUTPUT
echo "publish_clawhub=${PUBLISH_CLAWHUB}" >> $GITHUB_OUTPUT
echo "publishable=${PUBLISHABLE}" >> $GITHUB_OUTPUT
echo "clawhub_slug=${CLAWHUB_SLUG}" >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 20
- name: Validate npx skills install docs
run: node scripts/ci/validate_skill_install_docs.mjs --skills "${{ steps.parse.outputs.skill_path }}"
- name: Install SkillSpector
run: |
set -euo pipefail
python3 -m venv /tmp/skillspector-venv
. /tmp/skillspector-venv/bin/activate
git clone --depth 1 https://github.com/NVIDIA/SkillSpector.git /tmp/skillspector
make -C /tmp/skillspector install
echo "/tmp/skillspector-venv/bin" >> "$GITHUB_PATH"
skillspector --help >/dev/null
- name: Sign embedded advisory feed and verify
if: hashFiles(format('skills/{0}/advisories/feed.json', steps.parse.outputs.skill_name)) != ''
uses: ./.github/actions/sign-and-verify
@@ -870,6 +1068,49 @@ jobs:
[[ "$lower" == test/* || "$lower" == tests/* || "$lower" == */test/* || "$lower" == */tests/* ]]
}
generate_skillspector_report() {
local skill_dir="$1"
local report_path="$2"
set +e
skillspector scan "${skill_dir}" --no-llm --format markdown --output "${report_path}"
local status=$?
set -e
if [ ! -s "${report_path}" ]; then
echo "::error file=${skill_dir}::SkillSpector did not produce a report."
return 1
fi
if [ "${status}" -ne 0 ]; then
echo "::warning file=${report_path}::SkillSpector returned exit code ${status}; report is included for review."
fi
}
add_release_asset_checksum() {
local asset="$1"
local file_path="release-assets/${asset}"
local sha256
local size
local tmp_json
if [ ! -s "${file_path}" ]; then
echo "::error file=${file_path}::Required release trust artifact is missing or empty."
return 1
fi
sha256="$(sha256sum "${file_path}" | awk '{print $1}')"
size="$(stat -c%s "${file_path}" 2>/dev/null || stat -f%z "${file_path}")"
tmp_json="$(mktemp)"
jq \
--arg key "${asset}" \
--arg sha "${sha256}" \
--argjson sz "${size}" \
'.files += {($key): {sha256: $sha, size: $sz, path: $key}}' \
release-assets/checksums.json > "${tmp_json}"
mv "${tmp_json}" release-assets/checksums.json
}
# --- Stage SBOM files preserving directory structure ---
STAGING_DIR="$(mktemp -d)"
INNER_DIR="$STAGING_DIR/$SKILL_NAME"
@@ -971,6 +1212,32 @@ jobs:
files: $files
}' > "release-assets/checksums.json"
# --- Generate release trust packet and include it in signed checksums ---
node scripts/ci/generate_skill_release_trust_packet.mjs \
"$SKILL_PATH" \
release-assets \
--repository "${{ github.repository }}" \
--tag "$TAG" \
--source-ref "$TAG"
# --- Generate SkillSpector report ---
generate_skillspector_report "$INNER_DIR" "release-assets/skillspector-report.md"
test -s release-assets/skill-card.md
test -s release-assets/permissions.json
test -s release-assets/install.md
test -s release-assets/skillspector-report.md
add_release_asset_checksum "skill-card.md"
add_release_asset_checksum "permissions.json"
add_release_asset_checksum "install.md"
add_release_asset_checksum "skillspector-report.md"
if ! jq -e . "release-assets/checksums.json" >/dev/null 2>&1; then
echo "::error::Generated checksums.json is invalid JSON after adding release trust artifacts."
exit 1
fi
# --- Copy skill.json and root-level docs alongside the zip ---
cp "$SKILL_PATH/skill.json" release-assets/skill.json
if [ -f "$SKILL_PATH/SKILL.md" ]; then
@@ -1055,6 +1322,7 @@ jobs:
run: |
set -euo pipefail
SKILL_NAME="${{ steps.parse.outputs.skill_name }}"
CLAWHUB_SLUG="${{ steps.publishable.outputs.clawhub_slug }}"
VERSION="${{ steps.parse.outputs.version }}"
REPO="${{ github.repository }}"
TAG="${{ github.ref_name }}"
@@ -1062,13 +1330,33 @@ jobs:
{
echo "quick_install<<INSTALL_EOF"
cat <<EOF
### Agent Skills CLI
**Codex global install:**
\`\`\`bash
npx skills add ${REPO} --skill ${SKILL_NAME} --agent codex --global --yes
\`\`\`
**OpenClaw global install:**
\`\`\`bash
npx skills add ${REPO} --skill ${SKILL_NAME} --agent openclaw --global --yes
\`\`\`
**Update an installed skill:**
\`\`\`bash
npx skills update ${SKILL_NAME}
\`\`\`
EOF
if [ "${{ steps.publishable.outputs.publish_clawhub }}" = "true" ] && [ "${{ steps.publishable.outputs.openclaw_skill }}" = "true" ]; then
cat <<EOF
### Quick Install
**Via ClawHub (recommended):**
\`\`\`bash
npx clawhub@latest install ${SKILL_NAME}
npx clawhub@latest install ${CLAWHUB_SLUG}
\`\`\`
**If you already have \`clawsec-suite\` installed:**
@@ -1115,38 +1403,63 @@ jobs:
echo "INSTALL_EOF"
} >> "$GITHUB_OUTPUT"
- name: Prepare GitHub release body
env:
SKILL_NAME: ${{ steps.parse.outputs.skill_name }}
VERSION: ${{ steps.parse.outputs.version }}
CHANGELOG: ${{ steps.changelog.outputs.changelog }}
QUICK_INSTALL: ${{ steps.install.outputs.quick_install }}
REPO: ${{ github.repository }}
TAG: ${{ github.ref_name }}
run: |
set -euo pipefail
node -e '
const { readFileSync, writeFileSync } = require("node:fs");
const bodyPath = `${process.env.RUNNER_TEMP}/skill-release-body.md`;
const report = readFileSync("release-assets/skillspector-report.md", "utf8").trimEnd();
const body = [
`## ${process.env.SKILL_NAME} ${process.env.VERSION}`,
"",
process.env.CHANGELOG || "",
"",
process.env.QUICK_INSTALL || "",
"",
"### SkillSpector Security Report",
"",
report,
"",
`Download the generated release-payload scan: [skillspector-report.md](https://github.com/${process.env.REPO}/releases/download/${process.env.TAG}/skillspector-report.md)`,
"",
"### Verification",
"",
"`checksums.json` is cryptographically signed (`checksums.sig`) using the ClawSec CI signing key.",
"Verify the signature first, then trust hashes from `checksums.json`:",
"```bash",
`curl -sLO https://github.com/${process.env.REPO}/releases/download/${process.env.TAG}/checksums.json`,
`curl -sLO https://github.com/${process.env.REPO}/releases/download/${process.env.TAG}/checksums.sig`,
`curl -sLO https://github.com/${process.env.REPO}/releases/download/${process.env.TAG}/signing-public.pem`,
"openssl base64 -d -A -in checksums.sig -out checksums.sig.bin",
"openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json",
"```",
"",
"### Files",
"",
"See `checksums.json` for the complete file manifest with SHA256 hashes.",
"The zip archive preserves the full directory structure of the skill.",
"",
"---",
"*Released by ClawSec skill distribution pipeline*",
].join("\n");
writeFileSync(bodyPath, `${body}\n`);
'
- name: Create GitHub Release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
name: "${{ steps.parse.outputs.skill_name }} ${{ steps.parse.outputs.version }}"
tag_name: ${{ github.ref_name }}
files: release-assets/*
body: |
## ${{ steps.parse.outputs.skill_name }} ${{ steps.parse.outputs.version }}
${{ steps.changelog.outputs.changelog }}
${{ steps.install.outputs.quick_install }}
### Verification
`checksums.json` is cryptographically signed (`checksums.sig`) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from `checksums.json`:
```bash
curl -sLO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/checksums.json
curl -sLO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/checksums.sig
curl -sLO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
```
### Files
See `checksums.json` for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.
---
*Released by ClawSec skill distribution pipeline*
body_path: ${{ runner.temp }}/skill-release-body.md
draft: false
prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') || contains(github.ref_name, 'rc') }}
env:
@@ -1220,18 +1533,19 @@ jobs:
- name: Install clawhub CLI
if: needs.release-tag.outputs.publish_clawhub == 'true' && env.CLAWHUB_TOKEN != ''
run: npm install -g clawhub@${CLAWHUB_CLI_VERSION}
run: |
npm ci --prefix .github/clawhub-cli
echo "${GITHUB_WORKSPACE}/.github/clawhub-cli/node_modules/.bin" >> "$GITHUB_PATH"
- name: Patch clawhub publish payload workaround
# Temporary: clawhub@0.7.0 publish payload is missing acceptLicenseTerms.
if: needs.release-tag.outputs.publish_clawhub == 'true' && env.CLAWHUB_TOKEN != ''
run: |
node <<'NODE'
const { execSync } = require("node:child_process");
const fs = require("node:fs");
const path = require("node:path");
const npmRoot = execSync("npm root -g", { encoding: "utf8" }).trim();
const npmRoot = path.join(process.env.GITHUB_WORKSPACE, ".github", "clawhub-cli", "node_modules");
const publishScriptPath = path.join(
npmRoot,
"clawhub",
@@ -1284,23 +1598,24 @@ jobs:
SITE=${CLAWHUB_SITE:-https://clawhub.ai}
REGISTRY=${CLAWHUB_REGISTRY:-$SITE}
SKILL_NAME="${{ needs.release-tag.outputs.skill_name }}"
CLAWHUB_SLUG="${{ needs.release-tag.outputs.clawhub_slug }}"
VERSION="${{ needs.release-tag.outputs.version }}"
export CLAWHUB_CONFIG_PATH="$HOME/.clawhub-ci/config.json"
set +e
CLAWHUB_DISABLE_TELEMETRY=1 CLAWHUB_SITE="$SITE" CLAWHUB_REGISTRY="$REGISTRY" \
clawhub inspect "$SKILL_NAME" --version "$VERSION" --json \
clawhub inspect "$CLAWHUB_SLUG" --version "$VERSION" --json \
> /tmp/clawhub-existing-version.json 2> /tmp/clawhub-existing-version.err
STATUS=$?
set -e
if [ "$STATUS" -eq 0 ]; then
echo "::error::ClawHub already contains ${SKILL_NAME}@${VERSION}. Bump the version before tagging."
echo "::error::ClawHub already contains ${CLAWHUB_SLUG}@${VERSION}. Bump the version before tagging."
exit 1
fi
if grep -Eqi "Version not found|Skill not found" /tmp/clawhub-existing-version.err; then
echo "No existing ${SKILL_NAME}@${VERSION} detected in ClawHub. Proceeding."
echo "No existing ${CLAWHUB_SLUG}@${VERSION} detected in ClawHub. Proceeding."
else
echo "::error::Failed to verify ClawHub version precondition."
cat /tmp/clawhub-existing-version.err
@@ -1315,6 +1630,7 @@ jobs:
REGISTRY=${CLAWHUB_REGISTRY:-$SITE}
SKILL_PATH="${{ needs.release-tag.outputs.skill_path }}"
SKILL_NAME="${{ needs.release-tag.outputs.skill_name }}"
CLAWHUB_SLUG="${{ needs.release-tag.outputs.clawhub_slug }}"
VERSION="${{ needs.release-tag.outputs.version }}"
NAME=$(jq -r '.name' "$SKILL_PATH/skill.json")
CHANGELOG="Release ${VERSION} via CI"
@@ -1323,7 +1639,7 @@ jobs:
if ! CLAWHUB_DISABLE_TELEMETRY=1 CLAWHUB_SITE="$SITE" CLAWHUB_REGISTRY="$REGISTRY" \
clawhub publish "$SKILL_PATH" \
--slug "$SKILL_NAME" \
--slug "$CLAWHUB_SLUG" \
--name "$NAME" \
--version "$VERSION" \
--changelog "$CHANGELOG" \
@@ -1333,7 +1649,7 @@ jobs:
exit 1
fi
echo "✓ Successfully published $SKILL_NAME@$VERSION to ClawHub"
echo "✓ Successfully published $SKILL_NAME@$VERSION to ClawHub as $CLAWHUB_SLUG"
republish-clawhub:
# Manual workflow to republish a specific tag to ClawHub
@@ -1360,6 +1676,12 @@ jobs:
echo "Parsed tag: skill=${SKILL_NAME}, version=${VERSION}"
- name: Checkout workflow helpers
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Prepare ClawHub slug helper
run: cp scripts/ci/resolve_clawhub_slug.mjs "$RUNNER_TEMP/resolve_clawhub_slug.mjs"
- name: Checkout tag
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
@@ -1389,6 +1711,8 @@ jobs:
exit 1
fi
CLAWHUB_SLUG=$(node "$RUNNER_TEMP/resolve_clawhub_slug.mjs" "$SKILL_PATH")
echo "clawhub_slug=${CLAWHUB_SLUG}" >> $GITHUB_OUTPUT
echo "Skill is publishable to ClawHub"
- name: Setup Node
@@ -1396,18 +1720,22 @@ jobs:
with:
node-version: 20
- name: Validate npx skills install docs
run: node scripts/ci/validate_skill_install_docs.mjs --skills "${{ steps.parse.outputs.skill_path }}"
- name: Install clawhub CLI
run: npm install -g clawhub@${CLAWHUB_CLI_VERSION}
run: |
npm ci --prefix .github/clawhub-cli
echo "${GITHUB_WORKSPACE}/.github/clawhub-cli/node_modules/.bin" >> "$GITHUB_PATH"
- name: Patch clawhub publish payload workaround
# Temporary: clawhub@0.7.0 publish payload is missing acceptLicenseTerms.
run: |
node <<'NODE'
const { execSync } = require("node:child_process");
const fs = require("node:fs");
const path = require("node:path");
const npmRoot = execSync("npm root -g", { encoding: "utf8" }).trim();
const npmRoot = path.join(process.env.GITHUB_WORKSPACE, ".github", "clawhub-cli", "node_modules");
const publishScriptPath = path.join(
npmRoot,
"clawhub",
@@ -1464,18 +1792,19 @@ jobs:
REGISTRY=${CLAWHUB_REGISTRY:-$SITE}
SKILL_PATH="${{ steps.parse.outputs.skill_path }}"
SKILL_NAME="${{ steps.parse.outputs.skill_name }}"
CLAWHUB_SLUG="${{ steps.publishable.outputs.clawhub_slug }}"
VERSION="${{ steps.parse.outputs.version }}"
NAME=$(jq -r '.name' "$SKILL_PATH/skill.json")
CHANGELOG="Manual republish of ${VERSION} via workflow_dispatch"
export CLAWHUB_CONFIG_PATH="$HOME/.clawhub-ci/config.json"
echo "Publishing $SKILL_NAME@$VERSION to ClawHub..."
echo "Publishing $SKILL_NAME@$VERSION to ClawHub as $CLAWHUB_SLUG..."
# Publish with idempotent retry handling
if ! CLAWHUB_DISABLE_TELEMETRY=1 CLAWHUB_SITE="$SITE" CLAWHUB_REGISTRY="$REGISTRY" \
clawhub publish "$SKILL_PATH" \
--slug "$SKILL_NAME" \
--slug "$CLAWHUB_SLUG" \
--name "$NAME" \
--version "$VERSION" \
--changelog "$CHANGELOG" \
CITATION.cff
+30
View File
@@ -0,0 +1,30 @@
cff-version: 1.2.0
message: "If you use ClawSec in research or security tooling, please cite it as below."
title: "ClawSec"
version: "0.1.0"
date-released: "2026-05-26"
abstract: >-
ClawSec is a security skill suite for AI agent platforms. It provides
advisory monitoring, cryptographic signature verification, guarded skill
installation, file integrity checks, and platform-specific security
capabilities for OpenClaw, NanoClaw, Hermes, and Picoclaw deployments.
type: software
license: "AGPL-3.0-or-later"
url: "https://clawsec.prompt.security/"
repository-code: "https://github.com/prompt-security/clawsec"
keywords:
- ai-security
- agent-security
- prompt-injection
- security-advisories
- software-supply-chain
- integrity-verification
- openclaw
- nanoclaw
- hermes
- picoclaw
authors:
- given-names: David
family-names: Abutbul
affiliation: "Prompt Security"
orcid: "https://orcid.org/0009-0001-7883-3593"
README.md
+1 -1
View File
@@ -58,7 +58,7 @@ ClawSec is a **complete security skill suite for AI agent platforms**. It provid
| clawsec-nanoclaw | NanoClaw | Yes | Yes | Yes | Yes | No |
| clawsec-scanner | OpenClaw | Yes | No | Yes | Yes | No |
| clawsec-suite | OpenClaw | Yes | Yes | No | Yes | No |
| clawtributor | OpenClaw | Yes | No | No | No | No |
| clawtributor | All core platforms | No | No | No | No | No |
| hermes-attestation-guardian | Hermes | Yes (signed advisory feed verification) | Yes | No | Limited (advisory preflight gating only; no artifact signature/provenance install verification) | No |
| hermes-traffic-guardian | Hermes | No | Planned posture export only | No | No | Spec baseline |
| nanoclaw-traffic-guardian | NanoClaw | No | No | No | No | Spec baseline |
advisories/feed.json
+7120 -28
View File
File diff suppressed because one or more lines are too long
advisories/feed.json.sig
+1 -1
View File
@@ -1 +1 @@
0XMKs0QnzZYtU1YeMVNVpqzLecu8buTcBx+60hi7puHKARdshGlOSHZ8E27fo6qhz6MJx6/7zoIjCz6y+q1zBA==
agiAAFvzM1vNHxH2+bGtyeKqFScLWJHnNreBcPpTODUqD0xqFi0cnyP/ZaZX+Rsw1Y9uZ7pGdFdA93pD4lh2BQ==
advisories/ghsa-without-cve.json
+6148 -2
View File
File diff suppressed because one or more lines are too long
advisories/ghsa-without-cve.json.sig
+1
View File
@@ -0,0 +1 @@
q1EyZ75QcdG2X6FVDkUoAyBtQE3ONA+7k9cmNFmXFgOOuGRPOpSDFUtbSvy86HPqnii26DMoeFJ1hatWJ0lBCQ==
index.html
+2 -2
View File
@@ -7,7 +7,7 @@
ClawSec
Security skill suite for AI agents (integrity checks, drift detection, advisory feed).
Agent install:
Available via clawhub: npx clawhub@latest install clawsec-suite
Available via npx skills: npx skills add prompt-security/clawsec --skill clawsec-suite -a openclaw -y
OR
curl -sL https://clawsec.prompt.security/releases/latest/download/SKILL.md
-->
@@ -141,7 +141,7 @@
ClawSec
Security skill suite for AI agents (integrity checks, drift detection, advisory feed).
Agent install:
Available via clawhub: npx clawhub@latest install clawsec-suite
Available via npx skills: npx skills add prompt-security/clawsec --skill clawsec-suite -a openclaw -y
OR
curl -sL https://clawsec.prompt.security/releases/latest/download/SKILL.md
</noscript>
package-lock.json
Generated
+17 -15
View File
@@ -13,7 +13,7 @@
"react": "^19.2.4",
"react-dom": "^19.2.5",
"react-markdown": "^10.1.0",
"react-router-dom": "^7.13.1",
"react-router-dom": "^7.16.0",
"remark-gfm": "^4.0.1"
},
"devDependencies": {
@@ -1997,10 +1997,11 @@
}
},
"node_modules/brace-expansion": {
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"version": "5.0.6",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
"dev": true,
"license": "MIT",
"dependencies": {
"balanced-match": "^4.0.2"
},
@@ -4652,12 +4653,13 @@
]
},
"node_modules/minimatch": {
"version": "10.2.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
"integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
"version": "10.2.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
"integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
"dev": true,
"license": "BlueOak-1.0.0",
"dependencies": {
"brace-expansion": "^5.0.2"
"brace-expansion": "^5.0.5"
},
"engines": {
"node": "18 || 20 || >=22"
@@ -5073,9 +5075,9 @@
}
},
"node_modules/react-router": {
"version": "7.13.1",
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.13.1.tgz",
"integrity": "sha512-td+xP4X2/6BJvZoX6xw++A2DdEi++YypA69bJUV5oVvqf6/9/9nNlD70YO1e9d3MyamJEBQFEzk6mbfDYbqrSA==",
"version": "7.16.0",
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.16.0.tgz",
"integrity": "sha512-wArC8lVyJb3+jM9OpDyW6hLCizACWkvQR/sSGqSs+o5uEXEtGlqdZ4v8hENR3Jad6i+LRkK93q/+bQAcvl6V1A==",
"license": "MIT",
"dependencies": {
"cookie": "^1.0.1",
@@ -5095,12 +5097,12 @@
}
},
"node_modules/react-router-dom": {
"version": "7.13.1",
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.13.1.tgz",
"integrity": "sha512-UJnV3Rxc5TgUPJt2KJpo1Jpy0OKQr0AjgbZzBFjaPJcFOb2Y8jA5H3LT8HUJAiRLlWrEXWHbF1Z4SCZaQjWDHw==",
"version": "7.16.0",
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.16.0.tgz",
"integrity": "sha512-kMUAbimWB5FVbF4Bce4bJsiKJWLIUHq/mEG8+CFDnCSgltptBiG5nguducmsJeGKytlCvQud9Qhzpn49iduTlA==",
"license": "MIT",
"dependencies": {
"react-router": "7.13.1"
"react-router": "7.16.0"
},
"engines": {
"node": ">=20.0.0"
package.json
+3 -3
View File
@@ -23,7 +23,7 @@
"react": "^19.2.4",
"react-dom": "^19.2.5",
"react-markdown": "^10.1.0",
"react-router-dom": "^7.13.1",
"react-router-dom": "^7.16.0",
"remark-gfm": "^4.0.1"
},
"devDependencies": {
@@ -42,8 +42,8 @@
"overrides": {
"ajv": "6.14.0",
"balanced-match": "4.0.3",
"brace-expansion": "5.0.5",
"minimatch": "10.2.4",
"brace-expansion": "5.0.6",
"minimatch": "10.2.5",
"picomatch": "4.0.4"
}
}
pages/Home.tsx
+14 -2
View File
@@ -13,7 +13,7 @@ export const Home: React.FC = () => {
const [currentFileIndex, setCurrentFileIndex] = useState(0);
const [currentPlatformIndex, setCurrentPlatformIndex] = useState(0);
const curlCommand = `npx clawhub@latest install clawsec-suite`;
const curlCommand = `npx skills add prompt-security/clawsec --skill clawsec-suite -a openclaw -y`;
// Rotate file names every 2-3 seconds
useEffect(() => {
@@ -44,7 +44,7 @@ export const Home: React.FC = () => {
};
}, []);
const humanInstruction = `Please install clawsec-suite from clawhubnpx clawhub@latest install clawsec-suite`;
const humanInstruction = `Please install clawsec-suite with npx skills add prompt-security/clawsec --skill clawsec-suite -a openclaw -y`;
const handleCopyCurl = () => {
navigator.clipboard.writeText(curlCommand);
@@ -285,6 +285,18 @@ export const Home: React.FC = () => {
</div>
</>
)}
<p className="mt-4 text-center text-xs leading-relaxed text-gray-500">
* For harnesses other than OpenClaw, consult the{' '}
<a
href="https://github.com/prompt-security/clawsec#skill-feature-matrix"
target="_blank"
rel="noreferrer"
className="text-clawd-accent hover:text-clawd-accent/80 underline underline-offset-2"
>
README Skill Feature Matrix
</a>
.
</p>
</div>
</div>
</section>
scripts/archive-github-traffic.mjs
+493
View File
@@ -0,0 +1,493 @@
#!/usr/bin/env node
import { promises as fs } from 'node:fs';
import path from 'node:path';
import { fileURLToPath, pathToFileURL } from 'node:url';
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const REPO_ROOT = path.resolve(__dirname, '..');
const API_ROOT = 'https://api.github.com';
const GITHUB_API_VERSION = '2022-11-28';
const ARCHIVE_VERSION = 1;
const DAY_MS = 24 * 60 * 60 * 1000;
const SUMMARY_WINDOWS = [
['last_14_days', 14],
['last_30_days', 30],
['last_90_days', 90],
['last_365_days', 365],
];
const toIsoString = (value, label) => {
const date = new Date(value);
if (Number.isNaN(date.getTime())) {
throw new Error(`Invalid ${label}: ${value}`);
}
return date.toISOString();
};
const toDailyTimestamp = (value) => `${toIsoString(value, 'traffic timestamp').slice(0, 10)}T00:00:00Z`;
const toDateKey = (value) => toIsoString(value, 'capture timestamp').slice(0, 10);
const toNonNegativeInteger = (value, label) => {
const number = Number(value);
if (!Number.isFinite(number) || number < 0) {
throw new Error(`Invalid ${label}: ${value}`);
}
return Math.trunc(number);
};
const toRequiredString = (value, label) => {
if (typeof value !== 'string') {
throw new Error(`${label} must be a non-empty string`);
}
const trimmed = value.trim();
if (!trimmed) {
throw new Error(`${label} must be a non-empty string`);
}
return trimmed;
};
const normalizeRepository = (repo) => {
const normalized = String(repo || '').trim();
if (!/^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/.test(normalized)) {
throw new Error(`Repository must be in owner/name form, received: ${repo || '(empty)'}`);
}
return normalized;
};
const normalizeDailyEntries = (entries, label) => {
if (!Array.isArray(entries)) {
throw new Error(`${label} must be an array`);
}
return entries
.map((entry) => ({
timestamp: toDailyTimestamp(entry.timestamp),
count: toNonNegativeInteger(entry.count, `${label}.count`),
uniques: toNonNegativeInteger(entry.uniques, `${label}.uniques`),
}))
.sort((a, b) => a.timestamp.localeCompare(b.timestamp));
};
const normalizeReferrers = (entries) => {
if (!Array.isArray(entries)) {
throw new Error('referrers must be an array');
}
return entries.map((entry) => ({
referrer: toRequiredString(entry.referrer, 'referrers.referrer'),
count: toNonNegativeInteger(entry.count, 'referrers.count'),
uniques: toNonNegativeInteger(entry.uniques, 'referrers.uniques'),
}));
};
const normalizePaths = (entries) => {
if (!Array.isArray(entries)) {
throw new Error('paths must be an array');
}
return entries.map((entry) => ({
path: toRequiredString(entry.path, 'paths.path'),
title: toRequiredString(entry.title, 'paths.title'),
count: toNonNegativeInteger(entry.count, 'paths.count'),
uniques: toNonNegativeInteger(entry.uniques, 'paths.uniques'),
}));
};
const upsertByKey = (existing, incoming, key) => {
const entriesByKey = new Map();
for (const entry of existing || []) {
entriesByKey.set(entry[key], entry);
}
for (const entry of incoming || []) {
entriesByKey.set(entry[key], entry);
}
return [...entriesByKey.values()].sort((a, b) => String(a[key]).localeCompare(String(b[key])));
};
const latestEntry = (entries) => {
if (!entries?.length) {
return null;
}
return entries[entries.length - 1];
};
const sumSeries = (entries) => entries.reduce(
(totals, entry) => ({
count: totals.count + entry.count,
sum_daily_uniques: totals.sum_daily_uniques + entry.uniques,
}),
{ count: 0, sum_daily_uniques: 0 },
);
const startOfUtcDay = (date) => Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate());
const summarizeWindow = (entries, days, now) => {
const cutoff = new Date(startOfUtcDay(now) - ((days - 1) * DAY_MS));
const filtered = entries.filter((entry) => new Date(entry.timestamp) >= cutoff);
const totals = sumSeries(filtered);
return {
days,
count: totals.count,
sum_daily_uniques: totals.sum_daily_uniques,
unique_semantics: 'sum_of_daily_uniques',
first_date: filtered[0]?.timestamp.slice(0, 10) ?? null,
last_date: filtered.at(-1)?.timestamp.slice(0, 10) ?? null,
};
};
const summarizeAllTime = (entries) => {
const totals = sumSeries(entries);
return {
count: totals.count,
sum_daily_uniques: totals.sum_daily_uniques,
unique_semantics: 'sum_of_daily_uniques',
first_date: entries[0]?.timestamp.slice(0, 10) ?? null,
last_date: entries.at(-1)?.timestamp.slice(0, 10) ?? null,
};
};
const normalizeExistingArchive = (archive, repository, capturedAt) => {
if (!archive) {
return {
version: ARCHIVE_VERSION,
repository,
archive_started_at: capturedAt,
updated_at: capturedAt,
daily: {
views: [],
clones: [],
},
snapshots: {
referrers: [],
paths: [],
},
captures: [],
};
}
if (archive.repository && archive.repository !== repository) {
throw new Error(`Archive repository mismatch: ${archive.repository} != ${repository}`);
}
return {
version: ARCHIVE_VERSION,
repository,
archive_started_at: archive.archive_started_at || capturedAt,
updated_at: archive.updated_at || capturedAt,
daily: {
views: normalizeDailyEntries(archive.daily?.views || [], 'daily.views'),
clones: normalizeDailyEntries(archive.daily?.clones || [], 'daily.clones'),
},
snapshots: {
referrers: (archive.snapshots?.referrers || []).map((snapshot) => ({
captured_at: toIsoString(snapshot.captured_at, 'referrer snapshot timestamp'),
date: snapshot.date || toDateKey(snapshot.captured_at),
entries: normalizeReferrers(snapshot.entries || []),
})),
paths: (archive.snapshots?.paths || []).map((snapshot) => ({
captured_at: toIsoString(snapshot.captured_at, 'path snapshot timestamp'),
date: snapshot.date || toDateKey(snapshot.captured_at),
entries: normalizePaths(snapshot.entries || []),
})),
},
captures: (archive.captures || []).map((capture) => ({
captured_at: toIsoString(capture.captured_at, 'capture timestamp'),
date: capture.date || toDateKey(capture.captured_at),
views_window: {
count: toNonNegativeInteger(capture.views_window?.count || 0, 'captures.views_window.count'),
uniques: toNonNegativeInteger(capture.views_window?.uniques || 0, 'captures.views_window.uniques'),
},
clones_window: {
count: toNonNegativeInteger(capture.clones_window?.count || 0, 'captures.clones_window.count'),
uniques: toNonNegativeInteger(capture.clones_window?.uniques || 0, 'captures.clones_window.uniques'),
},
})),
};
};
export const mergeTrafficArchive = (existingArchive, snapshot) => {
const repository = normalizeRepository(snapshot.repository);
const capturedAt = toIsoString(snapshot.captured_at, 'capture timestamp');
const captureDate = toDateKey(capturedAt);
const archive = normalizeExistingArchive(existingArchive, repository, capturedAt);
const views = normalizeDailyEntries(snapshot.views?.views || [], 'views');
const clones = normalizeDailyEntries(snapshot.clones?.clones || [], 'clones');
const referrerSnapshot = {
captured_at: capturedAt,
date: captureDate,
entries: normalizeReferrers(snapshot.referrers || []),
};
const pathSnapshot = {
captured_at: capturedAt,
date: captureDate,
entries: normalizePaths(snapshot.paths || []),
};
const capture = {
captured_at: capturedAt,
date: captureDate,
views_window: {
count: toNonNegativeInteger(snapshot.views?.count ?? sumSeries(views).count, 'views.count'),
uniques: toNonNegativeInteger(snapshot.views?.uniques ?? sumSeries(views).sum_daily_uniques, 'views.uniques'),
},
clones_window: {
count: toNonNegativeInteger(snapshot.clones?.count ?? sumSeries(clones).count, 'clones.count'),
uniques: toNonNegativeInteger(snapshot.clones?.uniques ?? sumSeries(clones).sum_daily_uniques, 'clones.uniques'),
},
};
return {
...archive,
updated_at: capturedAt,
daily: {
views: upsertByKey(archive.daily.views, views, 'timestamp'),
clones: upsertByKey(archive.daily.clones, clones, 'timestamp'),
},
snapshots: {
referrers: upsertByKey(archive.snapshots.referrers, [referrerSnapshot], 'date'),
paths: upsertByKey(archive.snapshots.paths, [pathSnapshot], 'date'),
},
captures: upsertByKey(archive.captures, [capture], 'date'),
};
};
export const buildTrafficSummary = (archive, options = {}) => {
const now = new Date(options.now || new Date().toISOString());
if (Number.isNaN(now.getTime())) {
throw new Error(`Invalid summary date: ${options.now}`);
}
const views = archive.daily?.views || [];
const clones = archive.daily?.clones || [];
const buildMetrics = (entries) => {
const metrics = Object.fromEntries(SUMMARY_WINDOWS.map(([key, days]) => [
key,
summarizeWindow(entries, days, now),
]));
metrics.all_time = summarizeAllTime(entries);
return metrics;
};
return {
version: ARCHIVE_VERSION,
repository: archive.repository,
generated_at: now.toISOString(),
archive_started_at: archive.archive_started_at || null,
updated_at: archive.updated_at || null,
source: {
api: 'GitHub REST repository traffic endpoints',
retention_limit: 'GitHub exposes roughly the last 14 days; this archive keeps daily snapshots long term.',
unique_semantics: 'GitHub daily unique values are retained as sum_daily_uniques for longer windows, not deduplicated visitors.',
},
metrics: {
views: buildMetrics(views),
clones: buildMetrics(clones),
},
daily: {
views,
clones,
},
latest_snapshots: {
referrers: latestEntry(archive.snapshots?.referrers || []),
paths: latestEntry(archive.snapshots?.paths || []),
},
snapshot_counts: {
referrers: archive.snapshots?.referrers?.length || 0,
paths: archive.snapshots?.paths?.length || 0,
captures: archive.captures?.length || 0,
},
};
};
const fetchJson = async ({ repo, token, pathname, fetchImpl }) => {
const url = new URL(pathname, API_ROOT);
const response = await fetchImpl(url, {
headers: {
Accept: 'application/vnd.github+json',
Authorization: `Bearer ${token}`,
'User-Agent': 'clawsec-traffic-archive',
'X-GitHub-Api-Version': GITHUB_API_VERSION,
},
});
if (!response.ok) {
const body = await response.text().catch(() => '');
const suffix = body ? ` ${body.slice(0, 500)}` : '';
const lacksPushAccess = response.status === 403
&& /resource not accessible|must have push access/i.test(body);
const hint = lacksPushAccess
? ' Traffic endpoints require a token with push access to the repository; the Actions GITHUB_TOKEN is always rejected. Use a classic PAT with the repo scope or a fine-grained PAT with read access to Administration.'
: response.status === 401
? ' The token was rejected as invalid — it may be expired or revoked. Rotate the TRAFFIC_ARCHIVE_TOKEN secret.'
: '';
throw new Error(`GitHub traffic API request failed for ${repo}: ${url.pathname}${url.search} returned ${response.status}.${suffix}${hint}`);
}
return response.json();
};
export const fetchGitHubTraffic = async ({
repo,
token,
capturedAt = new Date().toISOString(),
fetchImpl = globalThis.fetch,
}) => {
const repository = normalizeRepository(repo);
if (!token) {
throw new Error('A GitHub token is required to read repository traffic.');
}
if (typeof fetchImpl !== 'function') {
throw new Error('fetch is not available in this Node runtime.');
}
const encodedRepo = repository.split('/').map(encodeURIComponent).join('/');
const request = (pathname) => fetchJson({
repo: repository,
token,
pathname: `/repos/${encodedRepo}${pathname}`,
fetchImpl,
});
const [views, clones, referrers, paths] = await Promise.all([
request('/traffic/views?per=day'),
request('/traffic/clones?per=day'),
request('/traffic/popular/referrers'),
request('/traffic/popular/paths'),
]);
return {
repository,
captured_at: toIsoString(capturedAt, 'capture timestamp'),
views,
clones,
referrers,
paths,
};
};
const readJsonIfPresent = async (file) => {
try {
return JSON.parse(await fs.readFile(file, 'utf8'));
} catch (error) {
if (error?.code === 'ENOENT') {
return undefined;
}
throw error;
}
};
const writeTextAtomic = async (file, content) => {
const dir = path.dirname(file);
const tempFile = path.join(dir, `.${path.basename(file)}.${process.pid}.${Date.now()}.tmp`);
let handle;
await fs.mkdir(dir, { recursive: true });
try {
handle = await fs.open(tempFile, 'w');
await handle.writeFile(content, 'utf8');
await handle.sync();
await handle.close();
handle = undefined;
await fs.rename(tempFile, file);
} catch (error) {
if (handle) {
await handle.close().catch(() => {});
}
await fs.unlink(tempFile).catch(() => {});
throw error;
}
};
export const writeJson = async (file, value) => {
await writeTextAtomic(file, `${JSON.stringify(value, null, 2)}\n`);
};
const parseArgs = (args) => {
const options = {};
for (let index = 0; index < args.length; index += 1) {
const arg = args[index];
if (arg === '--archive-dir') {
options.archiveDir = args[index + 1];
index += 1;
} else if (arg === '--repo') {
options.repo = args[index + 1];
index += 1;
} else if (arg === '--captured-at') {
options.capturedAt = args[index + 1];
index += 1;
} else if (arg === '--help' || arg === '-h') {
options.help = true;
} else {
throw new Error(`Unknown argument: ${arg}`);
}
}
return options;
};
const printHelp = () => {
console.log(`Usage: node scripts/archive-github-traffic.mjs [options]
Options:
--archive-dir <dir> Directory that will receive archive.json and summary.json.
--repo <owner/repo> Repository to archive. Defaults to GITHUB_REPOSITORY.
--captured-at <iso> Override capture time for tests or backfills.
`);
};
const main = async () => {
const options = parseArgs(process.argv.slice(2));
if (options.help) {
printHelp();
return;
}
const archiveDir = path.resolve(
REPO_ROOT,
options.archiveDir || process.env.TRAFFIC_ARCHIVE_DIR || 'traffic',
);
const archiveFile = path.join(archiveDir, 'archive.json');
const summaryFile = path.join(archiveDir, 'summary.json');
const repository = normalizeRepository(options.repo || process.env.GITHUB_REPOSITORY);
const token = process.env.GH_TRAFFIC_TOKEN
|| process.env.TRAFFIC_ARCHIVE_TOKEN
|| process.env.GITHUB_TOKEN
|| process.env.GH_TOKEN;
const capturedAt = options.capturedAt || new Date().toISOString();
const snapshot = await fetchGitHubTraffic({
repo: repository,
token,
capturedAt,
});
const existingArchive = await readJsonIfPresent(archiveFile);
const archive = mergeTrafficArchive(existingArchive, snapshot);
const summary = buildTrafficSummary(archive, { now: archive.updated_at });
await writeJson(archiveFile, archive);
await writeJson(summaryFile, summary);
console.log(`Archived GitHub traffic for ${repository} at ${archive.updated_at}`);
console.log(`Daily views retained: ${archive.daily.views.length}`);
console.log(`Daily clones retained: ${archive.daily.clones.length}`);
console.log(`Referrer snapshots retained: ${archive.snapshots.referrers.length}`);
console.log(`Path snapshots retained: ${archive.snapshots.paths.length}`);
};
if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
try {
await main();
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
console.error(`Failed to archive GitHub traffic: ${message}`);
process.exit(1);
}
}
scripts/ci/generate_skill_release_trust_packet.mjs
+359
View File
@@ -0,0 +1,359 @@
#!/usr/bin/env node
import { mkdir, readFile, writeFile } from "node:fs/promises";
import path from "node:path";
import { installAgentForSkill, PLATFORM_KEYS } from "./skill_platforms.mjs";
const KNOWN_AGENT_TYPES = new Set(["codex", "hermes-agent", "openclaw", "universal"]);
function usage() {
return [
"Usage: node scripts/ci/generate_skill_release_trust_packet.mjs <skill-dir> <output-dir> [options]",
"",
"Options:",
" --repository <owner/repo> Source repository used in install instructions",
" --tag <tag> Release tag for this skill",
" --source-ref <ref> Source ref for npx skills examples",
].join("\n");
}
function parseArgs(argv) {
const positional = [];
const options = {
repository: "prompt-security/clawsec",
tag: "",
sourceRef: "main",
};
for (let i = 0; i < argv.length; i += 1) {
const token = argv[i];
if (token === "--repository") {
options.repository = argv[++i];
} else if (token === "--tag") {
options.tag = argv[++i];
} else if (token === "--source-ref") {
options.sourceRef = argv[++i];
} else if (token === "--help" || token === "-h") {
console.log(usage());
process.exit(0);
} else if (token.startsWith("--")) {
throw new Error(`Unknown option: ${token}`);
} else {
positional.push(token);
}
}
if (positional.length !== 2) {
throw new Error(usage());
}
return {
skillDir: positional[0],
outputDir: positional[1],
...options,
};
}
function parseFrontmatter(markdown) {
if (!markdown.startsWith("---\n")) {
return {};
}
const end = markdown.indexOf("\n---", 4);
if (end === -1) {
return {};
}
const result = {};
const frontmatter = markdown.slice(4, end).split("\n");
for (const line of frontmatter) {
const match = line.match(/^([A-Za-z0-9_-]+):\s*(.*)$/);
if (match) {
result[match[1]] = match[2].replace(/^["']|["']$/g, "").trim();
}
}
return result;
}
function asArray(value) {
if (Array.isArray(value)) {
return value.filter((item) => item !== null && item !== undefined).map(String);
}
if (typeof value === "string" && value.trim()) {
return [value.trim()];
}
return [];
}
function unique(values) {
return [...new Set(values.filter(Boolean))];
}
function detectPlatform(skill) {
for (const key of PLATFORM_KEYS) {
if (skill[key] && typeof skill[key] === "object") {
return key;
}
}
return skill.platform || "agent-skills";
}
function platformMetadata(skill, platform) {
const direct = skill[platform];
return direct && typeof direct === "object" ? direct : {};
}
function collectRequiredBinaries(metadata) {
const requires = metadata.requires && typeof metadata.requires === "object" ? metadata.requires : {};
const bins = asArray(requires.bins);
for (const [key, value] of Object.entries(requires)) {
if (key !== "bins" && typeof value === "string") {
bins.push(key);
}
}
return unique(bins);
}
function collectOptionalBinaries(metadata) {
return unique([
...asArray(metadata.runtime?.optional_bins),
...asArray(metadata.runtime?.optionalBins),
]);
}
function collectRequiredEnv(metadata) {
const requires = metadata.requires && typeof metadata.requires === "object" ? metadata.requires : {};
return unique([
...asArray(requires.env),
...asArray(metadata.runtime?.required_env),
...asArray(metadata.runtime?.requiredEnv),
]);
}
function collectOptionalEnv(metadata) {
return unique([
...asArray(metadata.runtime?.optional_env),
...asArray(metadata.runtime?.optionalEnv),
]);
}
function stringifyCapabilities(skill, metadata) {
const capabilities = metadata.capabilities ?? skill.capabilities ?? {};
if (Array.isArray(capabilities)) {
return capabilities;
}
if (capabilities && typeof capabilities === "object") {
return Object.entries(capabilities).map(([key, value]) => `${key}: ${String(value)}`);
}
if (typeof capabilities === "string") {
return [capabilities];
}
return [];
}
function requireField(skill, fieldName) {
if (!skill[fieldName] || typeof skill[fieldName] !== "string" || !skill[fieldName].trim()) {
throw new Error(`skill.json missing required trust-packet field: ${fieldName}`);
}
return skill[fieldName].trim();
}
function codeBlock(command) {
return ["```bash", command, "```"].join("\n");
}
function buildPermissions({ skill, metadata, platform, generatedAt }) {
const execution = metadata.execution && typeof metadata.execution === "object" ? metadata.execution : {};
const permissions = {
schema_version: "1",
generated_at: generatedAt,
skill: skill.name,
version: skill.version,
platform,
required_binaries: collectRequiredBinaries(metadata),
optional_binaries: collectOptionalBinaries(metadata),
required_env: collectRequiredEnv(metadata),
optional_env: collectOptionalEnv(metadata),
network_egress: execution.network_egress || "Not declared in skill metadata.",
persistence: execution.persistence || "Not declared in skill metadata.",
automatic_execution: typeof execution.always === "boolean" ? execution.always : "Not declared in skill metadata.",
capabilities: stringifyCapabilities(skill, metadata),
operator_review: asArray(metadata.operator_review),
};
return permissions;
}
function buildSkillCard({ skill, frontmatter, permissions, repository, tag, sourceRef }) {
const homepage = skill.homepage || frontmatter.homepage || `https://github.com/${repository}`;
const supportRef = `${repository}@${tag || sourceRef}`;
const licenseRef = `https://github.com/${repository}/blob/${tag || sourceRef}/LICENSE`;
const outputTypes = ["Markdown instructions", "release artifact files"];
if (permissions.capabilities.length > 0) {
outputTypes.push("local security findings or status reports");
}
return `# Skill Card
## Description
The \`${skill.name}\` skill provides this capability: ${skill.description}
This skill is intended for operator-reviewed security workflows, not unattended production mutation without the review steps declared in the skill instructions.
## Owner
prompt-security
## License/Terms of Use
${skill.license}
License reference: ${licenseRef}
Project homepage: ${homepage}
## Use Case
Use this skill for ${permissions.platform} workflows where an agent or operator needs the capability described in \`${skill.name}\`.
## Deployment Geography for Use
Global, subject to the operator's local compliance, network, and data-handling requirements.
## Known Risks and Mitigations
Risk: The skill may run commands, inspect local files, install hooks, or fetch remote security metadata depending on the workflow.
Mitigation: Review \`permissions.json\`, \`SKILL.md\`, and the signed \`checksums.json\` before enabling the skill. Keep high-impact actions approval-gated.
Risk: Security findings and remediation guidance can be incomplete or wrong.
Mitigation: Treat output as operator guidance. Review proposed removals, installs, configuration changes, and reports before acting.
## References
- Source release: ${supportRef}
- Skill instructions: SKILL.md
- Permission summary: permissions.json
- SkillSpector scan: skillspector-report.md
- Signed release manifest: checksums.json and checksums.sig
## Skill Output
Output type(s): ${outputTypes.join(", ")}
Output format: Markdown, JSON, shell commands, or local files as documented by the skill.
Output parameters: See \`SKILL.md\`, \`permissions.json\`, and release checksums for exact files and side effects.
Other properties: Release assets are covered by signed SHA-256 checksums.
## Skill Version
${skill.version}${tag ? ` (${tag})` : ""}
## Ethical Considerations
Use this skill only on systems, agents, repositories, and workspaces where you have authorization. Review generated security reports before sharing them because they may contain operational details.
`;
}
function buildInstallDoc({ skill, repository, tag, sourceRef }) {
const refSuffix = sourceRef && sourceRef !== "main" ? `#${sourceRef}` : "";
const source = `${repository}${refSuffix}`;
const releaseUrl = tag ? `https://github.com/${repository}/releases/tag/${tag}` : `https://github.com/${repository}`;
const agent = installAgentForSkill(skill, KNOWN_AGENT_TYPES);
return `# Install and Update ${skill.name}
## Install With Agent Skills CLI
Harness-aware global install:
${codeBlock(`npx skills add ${source} --skill ${skill.name} --agent ${agent} --global --yes`)}
Project-local install for compatible agents:
${codeBlock(`npx skills add ${source} --skill ${skill.name} --yes`)}
## Update
Update this skill when installed through the Skills CLI:
${codeBlock(`npx skills update ${skill.name}`)}
List installed skills:
${codeBlock("npx skills list")}
## Verify Release Artifact
When installing from a GitHub release instead of the Skills CLI, download the archive, \`checksums.json\`, \`checksums.sig\`, and \`signing-public.pem\` from:
${releaseUrl}
Verify \`checksums.json\` before trusting the archive or standalone files.
`;
}
async function main() {
const args = parseArgs(process.argv.slice(2));
const skillDir = path.resolve(args.skillDir);
const outputDir = path.resolve(args.outputDir);
const skillJsonPath = path.join(skillDir, "skill.json");
const skillMdPath = path.join(skillDir, "SKILL.md");
const [skillJsonRaw, skillMdRaw] = await Promise.all([
readFile(skillJsonPath, "utf8"),
readFile(skillMdPath, "utf8"),
]);
const skill = JSON.parse(skillJsonRaw);
const frontmatter = parseFrontmatter(skillMdRaw);
skill.name = requireField(skill, "name");
skill.version = requireField(skill, "version");
skill.description = requireField(skill, "description");
skill.license = requireField(skill, "license");
const platform = detectPlatform(skill);
const metadata = platformMetadata(skill, platform);
const generatedAt = new Date().toISOString();
const permissions = buildPermissions({ skill, metadata, platform, generatedAt });
await mkdir(outputDir, { recursive: true });
await Promise.all([
writeFile(
path.join(outputDir, "permissions.json"),
`${JSON.stringify(permissions, null, 2)}\n`,
),
writeFile(
path.join(outputDir, "skill-card.md"),
buildSkillCard({
skill,
frontmatter,
permissions,
repository: args.repository,
tag: args.tag,
sourceRef: args.sourceRef,
}),
),
writeFile(
path.join(outputDir, "install.md"),
buildInstallDoc({
skill,
repository: args.repository,
tag: args.tag,
sourceRef: args.sourceRef,
}),
),
]);
console.log(`Generated release trust packet for ${skill.name} in ${outputDir}`);
}
main().catch((error) => {
console.error(error.message);
process.exit(1);
});
scripts/ci/resolve_clawhub_slug.mjs
+79
View File
@@ -0,0 +1,79 @@
#!/usr/bin/env node
import { existsSync, readFileSync } from "node:fs";
import path from "node:path";
import { collectDeclaredPlatforms, PLATFORM_KEYS } from "./skill_platforms.mjs";
const EXPLICIT_SLUGS = new Map([
["openclaw-traffic-guardian", "clawsec-openclaw-traffic-guardian"],
["openclaw-audit-watchdog", "clawsec-openclaw-audit-watchdog"],
["soul-guardian", "clawsec-openclaw-soul-guardian"],
["hermes-attestation-guardian", "clawsec-hermes-attestation-guardian"],
["hermes-traffic-guardian", "clawsec-hermes-traffic-guardian"],
["nanoclaw-traffic-guardian", "clawsec-nanoclaw-traffic-guardian"],
["picoclaw-security-guardian", "clawsec-picoclaw-security-guardian"],
["picoclaw-self-pen-testing", "clawsec-picoclaw-self-pen-testing"],
["picoclaw-traffic-guardian", "clawsec-picoclaw-traffic-guardian"],
["clawtributor", "clawsec-clawtributor"],
]);
function usage() {
return [
"Usage: node scripts/ci/resolve_clawhub_slug.mjs <skill-dir-or-name>",
"",
"Prints the ClawHub slug for a skill without changing the GitHub release tag or skill package name.",
].join("\n");
}
function loadSkill(input) {
const skillJsonPath = existsSync(path.join(input, "skill.json")) ? path.join(input, "skill.json") : null;
if (!skillJsonPath) {
return { name: input, platforms: [] };
}
const skill = JSON.parse(readFileSync(skillJsonPath, "utf8"));
if (!skill.name || typeof skill.name !== "string") {
throw new Error(`${skillJsonPath} missing string field: name`);
}
return { name: skill.name, platforms: collectDeclaredPlatforms(skill) };
}
export function resolveClawHubSlug({ name, platforms = [] }) {
if (!/^[a-z0-9-]+$/.test(name)) {
throw new Error(`Invalid skill name for ClawHub slug mapping: ${name}`);
}
if (name.startsWith("clawsec-")) {
return name;
}
if (EXPLICIT_SLUGS.has(name)) {
return EXPLICIT_SLUGS.get(name);
}
if (PLATFORM_KEYS.some((platform) => name.startsWith(`${platform}-`))) {
return `clawsec-${name}`;
}
const declaredPlatforms = collectDeclaredPlatforms({ platforms });
if (declaredPlatforms.length === 1 && PLATFORM_KEYS.includes(declaredPlatforms[0])) {
return `clawsec-${declaredPlatforms[0]}-${name}`;
}
return `clawsec-${name}`;
}
if (import.meta.url === `file://${process.argv[1]}`) {
const input = process.argv[2];
if (!input || input === "--help" || input === "-h") {
console.log(usage());
process.exit(input ? 0 : 1);
}
try {
console.log(resolveClawHubSlug(loadSkill(input)));
} catch (error) {
console.error(error instanceof Error ? error.message : String(error));
process.exit(1);
}
}
scripts/ci/simulate_skill_tag_release.mjs
+520
View File
@@ -0,0 +1,520 @@
#!/usr/bin/env node
import { createHash } from "node:crypto";
import { spawnSync } from "node:child_process";
import {
cp,
mkdir,
mkdtemp,
readFile,
rm,
stat,
writeFile,
} from "node:fs/promises";
import { existsSync } from "node:fs";
import { tmpdir } from "node:os";
import path from "node:path";
const TRUST_ARTIFACTS = [
"skill-card.md",
"permissions.json",
"install.md",
"skillspector-report.md",
];
function usage() {
return [
"Usage: node scripts/ci/simulate_skill_tag_release.mjs <skill-dir> <output-dir> [options]",
"",
"Options:",
" --repository <owner/repo> Source repository used in release metadata",
" --source-ref <ref> Source ref used in npx skills examples",
" --skillspector-bin <path> SkillSpector executable to run",
].join("\n");
}
function parseArgs(argv) {
const positional = [];
const options = {
repository: "prompt-security/clawsec",
sourceRef: "main",
skillspectorBin: "skillspector",
};
for (let i = 0; i < argv.length; i += 1) {
const token = argv[i];
if (token === "--repository") {
options.repository = argv[++i];
} else if (token === "--source-ref") {
options.sourceRef = argv[++i];
} else if (token === "--skillspector-bin") {
options.skillspectorBin = argv[++i];
} else if (token === "--help" || token === "-h") {
console.log(usage());
process.exit(0);
} else if (token.startsWith("--")) {
throw new Error(`Unknown option: ${token}`);
} else {
positional.push(token);
}
}
if (positional.length !== 2) {
throw new Error(usage());
}
return {
skillDir: positional[0],
outputDir: positional[1],
...options,
};
}
function run(command, args, options = {}) {
const result = spawnSync(command, args, {
encoding: "utf8",
...options,
});
if (result.status !== 0) {
throw new Error(
[
`Command failed: ${command} ${args.join(" ")}`,
result.stdout ? `stdout:\n${result.stdout}` : "",
result.stderr ? `stderr:\n${result.stderr}` : "",
].filter(Boolean).join("\n"),
);
}
return result.stdout;
}
function runAllowFailure(command, args, options = {}) {
return spawnSync(command, args, {
encoding: "utf8",
...options,
});
}
function nextSimulatedReleaseVersion(version) {
const versionMatch = version.match(/^(\d+)\.(\d+)\.(\d+)(?:-([a-zA-Z0-9]+))?$/);
if (!versionMatch) {
throw new Error(`Cannot derive simulated release version from unsupported version: ${version}`);
}
const [, major, minor, patch, prerelease] = versionMatch;
if (!prerelease) {
return `${major}.${minor}.${Number(patch) + 1}`;
}
const prereleaseMatch = prerelease.match(/^(.*?)(\d+)$/);
if (prereleaseMatch) {
const [, label, number] = prereleaseMatch;
return `${major}.${minor}.${patch}-${label}${Number(number) + 1}`;
}
return `${major}.${minor}.${patch}-${prerelease}1`;
}
function normalizeReleasePath(rawPath) {
let releasePath = rawPath.replaceAll("\\", "/");
while (releasePath.startsWith("./")) {
releasePath = releasePath.slice(2);
}
while (releasePath.includes("//")) {
releasePath = releasePath.replaceAll("//", "/");
}
if (
releasePath === "" ||
releasePath.startsWith("/") ||
/^[A-Za-z]:/.test(releasePath) ||
releasePath === ".." ||
releasePath.startsWith("../") ||
releasePath.endsWith("/..") ||
releasePath.includes("/../")
) {
throw new Error(`Unsafe release path: ${rawPath}`);
}
return releasePath;
}
function isTestReleasePath(releasePath) {
const lower = releasePath.toLowerCase();
return lower === "test" ||
lower === "tests" ||
lower.startsWith("test/") ||
lower.startsWith("tests/") ||
lower.includes("/test/") ||
lower.includes("/tests/");
}
async function sha256File(filePath) {
const buffer = await readFile(filePath);
return createHash("sha256").update(buffer).digest("hex");
}
async function fileSize(filePath) {
return (await stat(filePath)).size;
}
async function checksumEntry(filePath, releasePath) {
return {
sha256: await sha256File(filePath),
size: await fileSize(filePath),
path: releasePath,
};
}
function replaceSkillMarkdownVersion(markdown, version) {
if (!markdown.startsWith("---\n")) {
throw new Error("SKILL.md is missing YAML frontmatter");
}
const end = markdown.indexOf("\n---", 4);
if (end === -1) {
throw new Error("SKILL.md frontmatter is not closed");
}
const frontmatter = markdown.slice(0, end);
if (!/^version:\s*.+$/m.test(frontmatter)) {
throw new Error("SKILL.md frontmatter is missing a version field");
}
return markdown.replace(/^version:\s*.+$/m, `version: ${version}`);
}
async function addSimulatedChangelogEntry(skillDir, version) {
const changelogPath = path.join(skillDir, "CHANGELOG.md");
if (!existsSync(changelogPath)) {
return;
}
const today = new Date().toISOString().slice(0, 10);
const original = await readFile(changelogPath, "utf8");
if (original.includes(`## [${version}] -`)) {
return;
}
const entry = [
`## [${version}] - ${today}`,
"",
"- Simulated prerelease build for release-pipeline validation.",
"",
"---",
"",
].join("\n");
await writeFile(changelogPath, `${entry}${original}`);
}
async function writeJson(filePath, value) {
await writeFile(filePath, `${JSON.stringify(value, null, 2)}\n`);
}
async function signFileBase64({ keyPath, inputPath, outputPath, tempRoot }) {
const sigBin = path.join(tempRoot, `${path.basename(outputPath)}.bin`);
run("openssl", ["pkeyutl", "-sign", "-rawin", "-inkey", keyPath, "-in", inputPath, "-out", sigBin]);
run("openssl", ["base64", "-A", "-in", sigBin, "-out", outputPath]);
await rm(sigBin, { force: true });
}
async function verifyFileBase64Signature({ publicKeyPath, inputPath, signaturePath, tempRoot }) {
const sigBin = path.join(tempRoot, `${path.basename(signaturePath)}.verify.bin`);
run("openssl", ["base64", "-d", "-A", "-in", signaturePath, "-out", sigBin]);
run("openssl", [
"pkeyutl",
"-verify",
"-rawin",
"-pubin",
"-inkey",
publicKeyPath,
"-sigfile",
sigBin,
"-in",
inputPath,
]);
await rm(sigBin, { force: true });
}
async function createSigningKeyPair(tempRoot) {
const keyDir = await mkdtemp(path.join(tempRoot, "signing-"));
const privateKeyPath = path.join(keyDir, "private.pem");
const publicKeyPath = path.join(keyDir, "public.pem");
run("openssl", ["genpkey", "-algorithm", "ED25519", "-out", privateKeyPath]);
run("openssl", ["pkey", "-in", privateKeyPath, "-pubout", "-out", publicKeyPath]);
return { privateKeyPath, publicKeyPath };
}
async function signAdvisoryArtifacts(skillDir, tempRoot) {
const advisoryDir = path.join(skillDir, "advisories");
const feedPath = path.join(advisoryDir, "feed.json");
if (!existsSync(feedPath)) {
return;
}
const { privateKeyPath, publicKeyPath } = await createSigningKeyPair(tempRoot);
const feedSignaturePath = path.join(advisoryDir, "feed.json.sig");
const checksumsPath = path.join(advisoryDir, "checksums.json");
const checksumsSignaturePath = path.join(advisoryDir, "checksums.json.sig");
const publicKeyOutputPath = path.join(advisoryDir, "feed-signing-public.pem");
await signFileBase64({
keyPath: privateKeyPath,
inputPath: feedPath,
outputPath: feedSignaturePath,
tempRoot,
});
await verifyFileBase64Signature({
publicKeyPath,
inputPath: feedPath,
signaturePath: feedSignaturePath,
tempRoot,
});
await writeJson(checksumsPath, {
schema_version: "1",
algorithm: "sha256",
version: "simulation",
generated_at: new Date().toISOString(),
files: {
"advisories/feed.json": await checksumEntry(feedPath, "advisories/feed.json"),
"advisories/feed.json.sig": await checksumEntry(feedSignaturePath, "advisories/feed.json.sig"),
},
});
await signFileBase64({
keyPath: privateKeyPath,
inputPath: checksumsPath,
outputPath: checksumsSignaturePath,
tempRoot,
});
await verifyFileBase64Signature({
publicKeyPath,
inputPath: checksumsPath,
signaturePath: checksumsSignaturePath,
tempRoot,
});
await cp(publicKeyPath, publicKeyOutputPath);
}
async function addReleaseAssetChecksum({ releaseAssetsDir, manifest, asset }) {
const filePath = path.join(releaseAssetsDir, asset);
if (!existsSync(filePath) || (await fileSize(filePath)) === 0) {
throw new Error(`Required release trust artifact is missing or empty: ${filePath}`);
}
manifest.files[asset] = await checksumEntry(filePath, asset);
}
async function stageSbomFiles({ skillDir, innerDir, sbomFiles }) {
for (const entry of sbomFiles) {
const releasePath = normalizeReleasePath(entry.path);
if (isTestReleasePath(releasePath)) {
continue;
}
const fullPath = path.join(skillDir, releasePath);
if (!existsSync(fullPath)) {
throw new Error(`SBOM references missing file: ${releasePath}`);
}
const destination = path.join(innerDir, releasePath);
await mkdir(path.dirname(destination), { recursive: true });
await cp(fullPath, destination);
}
}
async function buildFilesManifest({ skillDir, skillJsonPath, sbomFiles }) {
const files = {};
for (const entry of sbomFiles) {
const releasePath = normalizeReleasePath(entry.path);
if (isTestReleasePath(releasePath)) {
continue;
}
const fullPath = path.join(skillDir, releasePath);
if (existsSync(fullPath)) {
files[releasePath] = await checksumEntry(fullPath, releasePath);
}
}
files["skill.json"] = {
sha256: await sha256File(skillJsonPath),
size: await fileSize(skillJsonPath),
};
return files;
}
async function runSkillSpector({ skillspectorBin, skillDir, reportPath }) {
const result = runAllowFailure(skillspectorBin, [
"scan",
skillDir,
"--no-llm",
"--format",
"markdown",
"--output",
reportPath,
]);
if (!existsSync(reportPath) || (await fileSize(reportPath)) === 0) {
throw new Error(
[
"SkillSpector did not produce a report.",
result.stdout ? `stdout:\n${result.stdout}` : "",
result.stderr ? `stderr:\n${result.stderr}` : "",
].filter(Boolean).join("\n"),
);
}
if (result.status !== 0) {
console.warn(`SkillSpector returned exit code ${result.status}; report is included for review.`);
}
}
async function main() {
const args = parseArgs(process.argv.slice(2));
const sourceSkillDir = path.resolve(args.skillDir);
const outputDir = path.resolve(args.outputDir);
const releaseAssetsDir = path.join(outputDir, "release-assets");
const tempRoot = await mkdtemp(path.join(tmpdir(), "clawsec-release-sim-"));
try {
const skillName = path.basename(sourceSkillDir);
const tempSkillDir = path.join(tempRoot, skillName);
await cp(sourceSkillDir, tempSkillDir, { recursive: true });
const skillJsonPath = path.join(tempSkillDir, "skill.json");
const skillMdPath = path.join(tempSkillDir, "SKILL.md");
const skill = JSON.parse(await readFile(skillJsonPath, "utf8"));
const originalVersion = skill.version;
const simulatedVersion = nextSimulatedReleaseVersion(originalVersion);
const tag = `${skillName}-v${simulatedVersion}`;
const zipName = `${tag}.zip`;
skill.version = simulatedVersion;
await writeJson(skillJsonPath, skill);
await writeFile(
skillMdPath,
replaceSkillMarkdownVersion(await readFile(skillMdPath, "utf8"), simulatedVersion),
);
await addSimulatedChangelogEntry(tempSkillDir, simulatedVersion);
await signAdvisoryArtifacts(tempSkillDir, tempRoot);
if (!skill.sbom || !Array.isArray(skill.sbom.files)) {
throw new Error(`skill.json missing required release field: sbom.files`);
}
await mkdir(releaseAssetsDir, { recursive: true });
const stagingDir = await mkdtemp(path.join(tempRoot, "staging-"));
const innerDir = path.join(stagingDir, skillName);
await mkdir(innerDir, { recursive: true });
await stageSbomFiles({
skillDir: tempSkillDir,
innerDir,
sbomFiles: skill.sbom.files,
});
await cp(skillJsonPath, path.join(innerDir, "skill.json"));
run("python3", ["scripts/ci/verify_skill_release_import_closure.py", innerDir], {
cwd: process.cwd(),
});
run("zip", ["-qr", path.join(releaseAssetsDir, zipName), "."], {
cwd: stagingDir,
});
const zipContents = run("unzip", ["-Z1", path.join(releaseAssetsDir, zipName)]);
if (zipContents.split("\n").some((entry) => /(^|\/)(test|tests)\//i.test(entry))) {
throw new Error(`Simulated release archive contains test-only files: ${zipName}`);
}
const manifest = {
skill: skillName,
version: simulatedVersion,
generated_at: new Date().toISOString(),
repository: args.repository,
tag,
archive: {
filename: zipName,
sha256: await sha256File(path.join(releaseAssetsDir, zipName)),
size: await fileSize(path.join(releaseAssetsDir, zipName)),
url: `https://github.com/${args.repository}/releases/download/${tag}/${zipName}`,
},
files: await buildFilesManifest({
skillDir: tempSkillDir,
skillJsonPath,
sbomFiles: skill.sbom.files,
}),
};
await writeJson(path.join(releaseAssetsDir, "checksums.json"), manifest);
run(process.execPath, [
"scripts/ci/generate_skill_release_trust_packet.mjs",
tempSkillDir,
releaseAssetsDir,
"--repository",
args.repository,
"--tag",
tag,
"--source-ref",
args.sourceRef,
]);
await runSkillSpector({
skillspectorBin: args.skillspectorBin,
skillDir: innerDir,
reportPath: path.join(releaseAssetsDir, "skillspector-report.md"),
});
for (const artifact of TRUST_ARTIFACTS) {
await addReleaseAssetChecksum({ releaseAssetsDir, manifest, asset: artifact });
}
await writeJson(path.join(releaseAssetsDir, "checksums.json"), manifest);
await cp(skillJsonPath, path.join(releaseAssetsDir, "skill.json"));
await cp(skillMdPath, path.join(releaseAssetsDir, "SKILL.md"));
if (existsSync(path.join(tempSkillDir, "README.md"))) {
await cp(path.join(tempSkillDir, "README.md"), path.join(releaseAssetsDir, "README.md"));
}
const { privateKeyPath, publicKeyPath } = await createSigningKeyPair(tempRoot);
await signFileBase64({
keyPath: privateKeyPath,
inputPath: path.join(releaseAssetsDir, "checksums.json"),
outputPath: path.join(releaseAssetsDir, "checksums.sig"),
tempRoot,
});
await verifyFileBase64Signature({
publicKeyPath,
inputPath: path.join(releaseAssetsDir, "checksums.json"),
signaturePath: path.join(releaseAssetsDir, "checksums.sig"),
tempRoot,
});
await cp(publicKeyPath, path.join(releaseAssetsDir, "signing-public.pem"));
await writeJson(path.join(outputDir, "simulation-summary.json"), {
skill: skillName,
original_version: originalVersion,
simulated_version: simulatedVersion,
tag,
release_assets: path.relative(outputDir, releaseAssetsDir),
archive: `release-assets/${zipName}`,
});
console.log(`Simulated tag release build for ${skillName}: ${tag}`);
} finally {
await rm(tempRoot, { recursive: true, force: true });
}
}
main().catch((error) => {
console.error(error.message);
process.exit(1);
});
scripts/ci/skill_platforms.mjs
+52
View File
@@ -0,0 +1,52 @@
export const PLATFORM_KEYS = Object.freeze(["openclaw", "nanoclaw", "hermes", "picoclaw"]);
const PLATFORM_AGENT_ALIASES = new Map([["hermes", "hermes-agent"]]);
function asStringArray(value) {
if (Array.isArray(value)) {
return value.filter((item) => typeof item === "string" && item.trim()).map((item) => item.trim());
}
if (typeof value === "string" && value.trim()) {
return [value.trim()];
}
return [];
}
export function collectDeclaredPlatforms(skill) {
const platforms = new Set([
...asStringArray(skill.platform),
...asStringArray(skill.platforms),
]);
for (const key of PLATFORM_KEYS) {
if (skill[key] && typeof skill[key] === "object") {
platforms.add(key);
}
}
return [...platforms];
}
export function installAgentForSkill(skill, agentTypes, fallback = "openclaw") {
const platforms = collectDeclaredPlatforms(skill);
if (platforms.length === 0) {
return fallback;
}
const matchedAgents = new Set();
let allPlatformsMatched = true;
for (const platform of platforms) {
const candidate = PLATFORM_AGENT_ALIASES.get(platform) || platform;
if (agentTypes.has(candidate)) {
matchedAgents.add(candidate);
} else {
allPlatformsMatched = false;
}
}
if (allPlatformsMatched && matchedAgents.size === 1) {
return [...matchedAgents][0];
}
return fallback;
}
scripts/ci/validate_skill_install_docs.mjs
+266
View File
@@ -0,0 +1,266 @@
#!/usr/bin/env node
import { readFile, readdir } from "node:fs/promises";
import { existsSync } from "node:fs";
import { spawnSync } from "node:child_process";
import https from "node:https";
import path from "node:path";
import { installAgentForSkill } from "./skill_platforms.mjs";
const DEFAULT_REPOSITORY = "prompt-security/clawsec";
const DEFAULT_AGENT_TYPES_URL = "https://raw.githubusercontent.com/vercel-labs/skills/main/src/types.ts";
const DOC_FILENAMES = ["README.md", "SKILL.md"];
function usage() {
return [
"Usage: node scripts/ci/validate_skill_install_docs.mjs [options]",
"",
"Options:",
" --root <dir> Repository root. Defaults to current working directory.",
" --repository <owner/repo> Expected npx skills source. Defaults to prompt-security/clawsec.",
" --base <sha> Base ref for changed-skill detection.",
" --head <sha> Head ref for changed-skill detection.",
" --skills <dir[,dir...]> Skill directories to validate.",
" --all Validate every skill directory with skill.json.",
" --agent-types-file <path> Read Vercel AgentType source from a local file.",
" --agent-types-url <url> Read Vercel AgentType source from a URL.",
].join("\n");
}
function parseArgs(argv) {
const options = {
root: process.cwd(),
repository: DEFAULT_REPOSITORY,
base: process.env.BASE_SHA || "",
head: process.env.HEAD_SHA || "",
skillDirs: [],
all: false,
agentTypesFile: "",
agentTypesUrl: DEFAULT_AGENT_TYPES_URL,
};
for (let i = 0; i < argv.length; i += 1) {
const token = argv[i];
if (token === "--root") {
options.root = argv[++i];
} else if (token === "--repository") {
options.repository = argv[++i];
} else if (token === "--base") {
options.base = argv[++i];
} else if (token === "--head") {
options.head = argv[++i];
} else if (token === "--skills") {
options.skillDirs.push(...argv[++i].split(",").map((item) => item.trim()).filter(Boolean));
} else if (token === "--all") {
options.all = true;
} else if (token === "--agent-types-file") {
options.agentTypesFile = argv[++i];
} else if (token === "--agent-types-url") {
options.agentTypesUrl = argv[++i];
} else if (token === "--help" || token === "-h") {
console.log(usage());
process.exit(0);
} else {
throw new Error(`Unknown option: ${token}\n${usage()}`);
}
}
return {
...options,
root: path.resolve(options.root),
};
}
function fetchText(url) {
return new Promise((resolve, reject) => {
https
.get(url, (response) => {
if (response.statusCode !== 200) {
reject(new Error(`Failed to fetch ${url}: HTTP ${response.statusCode}`));
response.resume();
return;
}
response.setEncoding("utf8");
let body = "";
response.on("data", (chunk) => {
body += chunk;
});
response.on("end", () => resolve(body));
})
.on("error", reject);
});
}
async function readAgentTypeSource(options) {
if (options.agentTypesFile) {
return readFile(path.resolve(options.agentTypesFile), "utf8");
}
return fetchText(options.agentTypesUrl);
}
function parseAgentTypes(source) {
const match = source.match(/export\s+type\s+AgentType\s*=\s*([\s\S]*?);/);
if (!match) {
throw new Error("Could not find export type AgentType in Vercel skills type source.");
}
const agents = new Set();
const agentTypeBody = match[1];
for (const agentMatch of agentTypeBody.matchAll(/['"]([^'"]+)['"]/g)) {
agents.add(agentMatch[1]);
}
if (agents.size === 0) {
throw new Error("Vercel AgentType list was empty.");
}
return agents;
}
async function listAllSkillDirs(root) {
const skillsRoot = path.join(root, "skills");
const entries = await readdir(skillsRoot, { withFileTypes: true });
return entries
.filter((entry) => entry.isDirectory())
.map((entry) => `skills/${entry.name}`)
.filter((skillDir) => existsSync(path.join(root, skillDir, "skill.json")))
.sort();
}
function changedSkillDirs({ root, base, head }) {
if (!base || !head) {
throw new Error("Provide --skills, --all, or both --base and --head for changed-skill detection.");
}
const result = spawnSync(
"git",
[
"-C",
root,
"diff",
"--name-only",
`${base}...${head}`,
"--",
"skills/*/**",
":(exclude)skills/*/test/**",
":(exclude)skills/*/tests/**",
],
{ encoding: "utf8" },
);
if (result.status !== 0) {
throw new Error(`git diff failed\nstdout:\n${result.stdout}\nstderr:\n${result.stderr}`);
}
return [
...new Set(
result.stdout
.split("\n")
.map((line) => line.trim())
.filter(Boolean)
.map((filePath) => filePath.split("/").slice(0, 2).join("/"))
.filter((skillDir) => /^skills\/[^/]+$/.test(skillDir)),
),
].sort();
}
async function readJson(filePath) {
return JSON.parse(await readFile(filePath, "utf8"));
}
function hasRequiredCommand(markdown, { repository, skillName, agent }) {
return markdown
.split("\n")
.map((line) => line.replace(/\s+/g, " ").trim())
.filter((line) => line.includes("npx skills add"))
.some((line) => {
return (
line.includes(`npx skills add ${repository}`) &&
line.includes(`--skill ${skillName}`) &&
(line.includes(`-a ${agent}`) || line.includes(`--agent ${agent}`)) &&
(line.includes(" -y") || line.includes(" --yes"))
);
});
}
async function validateSkill({ root, skillDir, repository, agentTypes }) {
const skillJsonPath = path.join(root, skillDir, "skill.json");
const skill = await readJson(skillJsonPath);
const skillName = skill.name || path.basename(skillDir);
const agent = installAgentForSkill(skill, agentTypes);
const command = `npx skills add ${repository} --skill ${skillName} -a ${agent} -y`;
const failures = [];
for (const filename of DOC_FILENAMES) {
const docPath = path.join(root, skillDir, filename);
if (!existsSync(docPath)) {
failures.push(`Missing required install documentation file: ${path.join(skillDir, filename)}`);
continue;
}
const markdown = await readFile(docPath, "utf8");
if (!hasRequiredCommand(markdown, { repository, skillName, agent })) {
failures.push(`Missing required npx skills install command in ${path.join(skillDir, filename)}: ${command}`);
}
}
return {
skillDir,
skillName,
agent,
failures,
};
}
async function main() {
const options = parseArgs(process.argv.slice(2));
const agentTypes = parseAgentTypes(await readAgentTypeSource(options));
let skillDirs = options.skillDirs;
if (options.all) {
skillDirs = await listAllSkillDirs(options.root);
} else if (skillDirs.length === 0) {
skillDirs = changedSkillDirs(options);
}
if (skillDirs.length === 0) {
console.log("No skill install docs to validate.");
return;
}
const results = [];
for (const skillDir of skillDirs) {
const skillJsonPath = path.join(options.root, skillDir, "skill.json");
if (!existsSync(skillJsonPath)) {
console.log(`Skipping removed skill directory: ${skillDir}`);
continue;
}
results.push(
await validateSkill({
root: options.root,
skillDir,
repository: options.repository,
agentTypes,
}),
);
}
const failures = results.flatMap((result) => result.failures);
if (failures.length > 0) {
for (const failure of failures) {
console.error(`::error::${failure}`);
}
throw new Error(`Found ${failures.length} npx skills install documentation issue(s).`);
}
for (const result of results) {
console.log(`npx skills install docs OK for ${result.skillName}: -a ${result.agent}`);
}
}
main().catch((error) => {
console.error(error.message);
process.exit(1);
});
scripts/test-github-traffic-archive.mjs
+276
View File
@@ -0,0 +1,276 @@
import assert from 'node:assert/strict';
import { mkdtemp, readdir, readFile } from 'node:fs/promises';
import os from 'node:os';
import path from 'node:path';
import test from 'node:test';
import {
buildTrafficSummary,
fetchGitHubTraffic,
mergeTrafficArchive,
writeJson,
} from './archive-github-traffic.mjs';
const TEST_REPOSITORY = 'prompt-security/clawsec';
const TEST_CAPTURE_DATE = Date.UTC(2026, 5, 3);
const utcDay = (offsetFromCaptureDate = 0) => {
const date = new Date(TEST_CAPTURE_DATE);
date.setUTCDate(date.getUTCDate() + offsetFromCaptureDate);
return `${date.toISOString().slice(0, 10)}T00:00:00Z`;
};
const captureAt = ({
offsetFromCaptureDate = 0,
hour = 3,
minute = 17,
} = {}) => {
const date = new Date(TEST_CAPTURE_DATE);
date.setUTCDate(date.getUTCDate() + offsetFromCaptureDate);
date.setUTCHours(hour, minute, 0, 0);
return date.toISOString();
};
const capturedAt = captureAt();
test('fetchGitHubTraffic requests the daily GitHub traffic endpoints with auth', async () => {
const calls = [];
const responses = {
[`/repos/${TEST_REPOSITORY}/traffic/views?per=day`]: {
count: 30,
uniques: 18,
views: [{ timestamp: utcDay(-1), count: 30, uniques: 18 }],
},
[`/repos/${TEST_REPOSITORY}/traffic/clones?per=day`]: {
count: 7,
uniques: 5,
clones: [{ timestamp: utcDay(-1), count: 7, uniques: 5 }],
},
[`/repos/${TEST_REPOSITORY}/traffic/popular/referrers`]: [
{ referrer: 'github.com', count: 12, uniques: 9 },
],
[`/repos/${TEST_REPOSITORY}/traffic/popular/paths`]: [
{ path: `/${TEST_REPOSITORY}`, title: TEST_REPOSITORY, count: 16, uniques: 10 },
],
};
const fetchImpl = async (url, options) => {
calls.push({ url: String(url), headers: options.headers });
const pathname = new URL(url).pathname;
const search = new URL(url).search;
const payload = responses[`${pathname}${search}`];
assert.ok(payload, `unexpected traffic endpoint: ${pathname}${search}`);
return new globalThis.Response(JSON.stringify(payload), { status: 200 });
};
const snapshot = await fetchGitHubTraffic({
repo: TEST_REPOSITORY,
token: 'test-token',
capturedAt,
fetchImpl,
});
assert.equal(calls.length, 4);
assert.ok(calls.every((call) => call.headers.Authorization === 'Bearer test-token'));
assert.deepEqual(snapshot.views.views, responses[`/repos/${TEST_REPOSITORY}/traffic/views?per=day`].views);
assert.deepEqual(snapshot.clones.clones, responses[`/repos/${TEST_REPOSITORY}/traffic/clones?per=day`].clones);
});
test('fetchGitHubTraffic explains traffic token requirements on 403', async () => {
const fetchImpl = async () => new globalThis.Response(
JSON.stringify({ message: 'Resource not accessible by integration' }),
{ status: 403 },
);
await assert.rejects(
fetchGitHubTraffic({
repo: TEST_REPOSITORY,
token: 'installation-token',
capturedAt,
fetchImpl,
}),
/returned 403\..*push access/,
);
});
test('fetchGitHubTraffic flags invalid tokens on 401', async () => {
const fetchImpl = async () => new globalThis.Response(
JSON.stringify({ message: 'Bad credentials' }),
{ status: 401 },
);
await assert.rejects(
fetchGitHubTraffic({
repo: TEST_REPOSITORY,
token: 'expired-token',
capturedAt,
fetchImpl,
}),
/returned 401\..*expired or revoked/,
);
});
test('mergeTrafficArchive upserts daily views and clones without double-counting overlapping windows', () => {
const archive = mergeTrafficArchive(
{
version: 1,
repository: TEST_REPOSITORY,
updated_at: captureAt({ offsetFromCaptureDate: -1 }),
daily: {
views: [
{ timestamp: utcDay(-2), count: 10, uniques: 6 },
{ timestamp: utcDay(-1), count: 20, uniques: 12 },
],
clones: [
{ timestamp: utcDay(-2), count: 2, uniques: 1 },
],
},
snapshots: {
referrers: [],
paths: [],
},
captures: [],
},
{
repository: TEST_REPOSITORY,
captured_at: capturedAt,
views: {
views: [
{ timestamp: utcDay(-1), count: 25, uniques: 14 },
{ timestamp: utcDay(), count: 35, uniques: 21 },
],
},
clones: {
clones: [
{ timestamp: utcDay(-1), count: 3, uniques: 2 },
{ timestamp: utcDay(), count: 5, uniques: 4 },
],
},
referrers: [{ referrer: 'github.com', count: 12, uniques: 9 }],
paths: [{ path: `/${TEST_REPOSITORY}`, title: TEST_REPOSITORY, count: 16, uniques: 10 }],
},
);
assert.deepEqual(archive.daily.views, [
{ timestamp: utcDay(-2), count: 10, uniques: 6 },
{ timestamp: utcDay(-1), count: 25, uniques: 14 },
{ timestamp: utcDay(), count: 35, uniques: 21 },
]);
assert.deepEqual(archive.daily.clones, [
{ timestamp: utcDay(-2), count: 2, uniques: 1 },
{ timestamp: utcDay(-1), count: 3, uniques: 2 },
{ timestamp: utcDay(), count: 5, uniques: 4 },
]);
});
test('mergeTrafficArchive keeps one referrer/path snapshot per capture date', () => {
const first = mergeTrafficArchive(undefined, {
repository: TEST_REPOSITORY,
captured_at: capturedAt,
views: { views: [] },
clones: { clones: [] },
referrers: [{ referrer: 'github.com', count: 12, uniques: 9 }],
paths: [{ path: `/${TEST_REPOSITORY}`, title: TEST_REPOSITORY, count: 16, uniques: 10 }],
});
const second = mergeTrafficArchive(first, {
repository: TEST_REPOSITORY,
captured_at: captureAt({ hour: 4, minute: 0 }),
views: { views: [] },
clones: { clones: [] },
referrers: [{ referrer: 'google.com', count: 8, uniques: 6 }],
paths: [{ path: `/${TEST_REPOSITORY}/wiki`, title: 'Wiki', count: 11, uniques: 7 }],
});
assert.equal(second.snapshots.referrers.length, 1);
assert.equal(second.snapshots.paths.length, 1);
assert.deepEqual(second.snapshots.referrers[0].entries, [
{ referrer: 'google.com', count: 8, uniques: 6 },
]);
assert.deepEqual(second.snapshots.paths[0].entries, [
{ path: `/${TEST_REPOSITORY}/wiki`, title: 'Wiki', count: 11, uniques: 7 },
]);
});
test('mergeTrafficArchive rejects blank referrer and path fields instead of archiving empty strings', () => {
assert.throws(
() => mergeTrafficArchive(undefined, {
repository: TEST_REPOSITORY,
captured_at: capturedAt,
views: { views: [] },
clones: { clones: [] },
referrers: [{ count: 12, uniques: 9 }],
paths: [],
}),
/referrers\.referrer must be a non-empty string/,
);
assert.throws(
() => mergeTrafficArchive(undefined, {
repository: TEST_REPOSITORY,
captured_at: capturedAt,
views: { views: [] },
clones: { clones: [] },
referrers: [],
paths: [{ path: `/${TEST_REPOSITORY}`, title: ' ', count: 16, uniques: 10 }],
}),
/paths\.title must be a non-empty string/,
);
});
test('writeJson replaces JSON through a same-directory temporary file', async () => {
const dir = await mkdtemp(path.join(os.tmpdir(), 'clawsec-traffic-json-'));
const file = path.join(dir, 'summary.json');
await writeJson(file, { version: 1, count: 1 });
await writeJson(file, { version: 1, count: 2 });
assert.equal(await readFile(file, 'utf8'), '{\n "version": 1,\n "count": 2\n}\n');
assert.deepEqual(await readdir(dir), ['summary.json']);
});
test('buildTrafficSummary reports count totals and labels summed daily uniques accurately', () => {
const archive = mergeTrafficArchive(undefined, {
repository: TEST_REPOSITORY,
captured_at: capturedAt,
views: {
views: [
{ timestamp: utcDay(-33), count: 100, uniques: 80 },
{ timestamp: utcDay(-1), count: 30, uniques: 18 },
{ timestamp: utcDay(), count: 40, uniques: 22 },
],
},
clones: {
clones: [
{ timestamp: utcDay(-1), count: 7, uniques: 5 },
{ timestamp: utcDay(), count: 9, uniques: 6 },
],
},
referrers: [],
paths: [],
});
const summary = buildTrafficSummary(archive, { now: captureAt({ hour: 12, minute: 0 }) });
assert.equal(summary.metrics.views.last_30_days.count, 70);
assert.equal(summary.metrics.views.last_30_days.sum_daily_uniques, 40);
assert.equal(summary.metrics.views.last_30_days.unique_semantics, 'sum_of_daily_uniques');
assert.equal(summary.metrics.views.all_time.count, 170);
assert.equal(summary.metrics.clones.last_30_days.count, 16);
assert.equal(summary.daily.views.length, 3);
});
test('traffic archive workflow uses a daily schedule and a dedicated archive branch', async () => {
const workflowPath = new URL('../.github/workflows/archive-traffic.yml', import.meta.url);
const workflow = await readFile(workflowPath, 'utf8');
assert.match(workflow, /cron:\s+'17 3 \* \* \*'/);
assert.match(workflow, /TRAFFIC_ARCHIVE_BRANCH:\s+traffic-archive/);
assert.match(workflow, /GH_TRAFFIC_TOKEN:\s*\$\{\{\s*secrets\.TRAFFIC_ARCHIVE_TOKEN\b/);
assert.doesNotMatch(workflow, /GH_TRAFFIC_TOKEN:[^\n]*github\.token/);
assert.match(workflow, /node scripts\/archive-github-traffic\.mjs/);
assert.match(workflow, /git add traffic\/archive\.json traffic\/summary\.json/);
assert.match(workflow, /git rm --ignore-unmatch traffic\/README\.md/);
assert.doesNotMatch(workflow, /git add .*traffic\/README\.md/);
assert.match(workflow, /git push origin HEAD:\$\{TRAFFIC_ARCHIVE_BRANCH\}/);
});
scripts/test-nvd-ghsa-consolidation-workflow.mjs
+10
View File
@@ -47,6 +47,16 @@ assert.match(
/git add "\$FEED_PATH" "\$FEED_SIG_PATH" "\$GHSA_FEED_PATH" "\$GHSA_FEED_SIG_PATH" "\$SKILL_FEED_PATH" "\$SKILL_FEED_SIG_PATH"/,
'NVD workflow PR must include both NVD and GHSA feed artifacts',
);
assert.doesNotMatch(
workflow,
/gh run list[\s\S]*--jq --arg/,
'CodeQL run lookup must not pass jq CLI flags through gh --jq',
);
assert.match(
workflow,
/gh run list[\s\S]*--json databaseId,createdAt,headSha \\\s*\n\s+\| jq -r --arg since "\$DISPATCHED_AT" --arg sha "\$EXPECTED_HEAD_SHA"/,
'CodeQL run lookup must filter the gh JSON output with jq variables',
);
assert.match(
ciWorkflow,
/name: NVD \+ GHSA Pipeline Dry Run[\s\S]*node scripts\/test-nvd-ghsa-pipeline-dry-run\.mjs/,
scripts/test-skill-clawhub-slug.mjs
+45
View File
@@ -0,0 +1,45 @@
import assert from "node:assert/strict";
import { resolveClawHubSlug } from "./ci/resolve_clawhub_slug.mjs";
import { collectDeclaredPlatforms, installAgentForSkill } from "./ci/skill_platforms.mjs";
const cases = [
["openclaw-traffic-guardian", ["openclaw"], "clawsec-openclaw-traffic-guardian"],
["openclaw-audit-watchdog", ["openclaw"], "clawsec-openclaw-audit-watchdog"],
["soul-guardian", ["openclaw"], "clawsec-openclaw-soul-guardian"],
["hermes-attestation-guardian", ["hermes"], "clawsec-hermes-attestation-guardian"],
["hermes-traffic-guardian", ["hermes"], "clawsec-hermes-traffic-guardian"],
["nanoclaw-traffic-guardian", ["nanoclaw"], "clawsec-nanoclaw-traffic-guardian"],
["picoclaw-security-guardian", ["picoclaw"], "clawsec-picoclaw-security-guardian"],
["picoclaw-self-pen-testing", ["picoclaw"], "clawsec-picoclaw-self-pen-testing"],
["picoclaw-traffic-guardian", ["picoclaw"], "clawsec-picoclaw-traffic-guardian"],
["clawtributor", ["openclaw", "nanoclaw", "hermes", "picoclaw"], "clawsec-clawtributor"],
["clawsec-feed", ["openclaw"], "clawsec-feed"],
["clawsec-suite", ["openclaw"], "clawsec-suite"],
];
for (const [name, platforms, expected] of cases) {
assert.equal(resolveClawHubSlug({ name, platforms }), expected, `${name} should map to ${expected}`);
assert.equal(resolveClawHubSlug({ name }), expected, `${name} should map to ${expected} without metadata`);
}
assert.throws(
() => resolveClawHubSlug({ name: "../openclaw-traffic-guardian", platforms: ["openclaw"] }),
/Invalid skill name/,
"unsafe skill names must be rejected",
);
assert.deepEqual(
collectDeclaredPlatforms({
platform: "openclaw",
platforms: ["hermes", "openclaw", ""],
picoclaw: { requires: {} },
}),
["openclaw", "hermes", "picoclaw"],
"declared platform parsing should combine legacy fields, arrays, and platform metadata keys",
);
assert.equal(
installAgentForSkill({ platform: "hermes" }, new Set(["codex", "hermes-agent", "openclaw"])),
"hermes-agent",
"install agent selection should reuse platform aliases",
);
scripts/test-skill-install-docs.mjs
+137
View File
@@ -0,0 +1,137 @@
import assert from "node:assert/strict";
import { mkdir, mkdtemp, readFile, rm, writeFile } from "node:fs/promises";
import { tmpdir } from "node:os";
import path from "node:path";
import { spawnSync } from "node:child_process";
const validator = "scripts/ci/validate_skill_install_docs.mjs";
const workflow = await readFile(".github/workflows/skill-release.yml", "utf8");
const tempRoot = await mkdtemp(path.join(tmpdir(), "clawsec-install-docs-"));
const agentTypesPath = path.join(tempRoot, "vercel-types.ts");
function runValidator(args) {
return spawnSync(
process.execPath,
[validator, "--root", tempRoot, "--agent-types-file", agentTypesPath, ...args],
{
encoding: "utf8",
},
);
}
async function writeSkill({ name, metadata, readme, skillMd }) {
const skillDir = path.join(tempRoot, "skills", name);
await mkdir(skillDir, { recursive: true });
await writeFile(
path.join(skillDir, "skill.json"),
JSON.stringify(
{
name,
version: "1.0.0",
description: `${name} test skill`,
license: "AGPL-3.0-or-later",
...metadata,
},
null,
2,
),
);
await writeFile(path.join(skillDir, "README.md"), readme);
await writeFile(path.join(skillDir, "SKILL.md"), skillMd);
}
try {
await writeFile(
agentTypesPath,
"export type AgentType = | 'codex' | 'hermes-agent' | 'openclaw' | 'universal';\n",
);
await writeSkill({
name: "hermes-example",
metadata: { hermes: { category: "security" } },
readme: "# Hermes Example\n\n## Installation\n\nMissing the Skills CLI command.\n",
skillMd: "---\nname: hermes-example\nversion: 1.0.0\n---\n\n## Installation\n\nMissing the Skills CLI command.\n",
});
const missingHermes = runValidator(["--skills", "skills/hermes-example"]);
assert.equal(missingHermes.status, 1, "missing Hermes install docs must fail validation");
assert.match(
missingHermes.stderr,
/npx skills add prompt-security\/clawsec --skill hermes-example -a hermes-agent -y/,
"Hermes skills must require the hermes-agent installer target",
);
await writeSkill({
name: "hermes-example",
metadata: { hermes: { category: "security" } },
readme:
"# Hermes Example\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill hermes-example -a hermes-agent -y\n```\n",
skillMd:
"---\nname: hermes-example\nversion: 1.0.0\n---\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill hermes-example -a hermes-agent -y\n```\n",
});
const validHermes = runValidator(["--skills", "skills/hermes-example"]);
assert.equal(
validHermes.status,
0,
`valid Hermes install docs should pass\nstdout:\n${validHermes.stdout}\nstderr:\n${validHermes.stderr}`,
);
await writeSkill({
name: "codex-example",
metadata: { platform: "codex" },
readme:
"# Codex Example\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill codex-example -a openclaw -y\n```\n",
skillMd:
"---\nname: codex-example\nversion: 1.0.0\n---\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill codex-example -a openclaw -y\n```\n",
});
const wrongExactTarget = runValidator(["--skills", "skills/codex-example"]);
assert.equal(wrongExactTarget.status, 1, "exact AgentType matches must use their matched target");
assert.match(
wrongExactTarget.stderr,
/npx skills add prompt-security\/clawsec --skill codex-example -a codex -y/,
"Exact AgentType matches must not fall back to openclaw",
);
await writeSkill({
name: "nanoclaw-example",
metadata: { platform: "nanoclaw", nanoclaw: { category: "security" } },
readme:
"# NanoClaw Example\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill nanoclaw-example -a hermes-agent -y\n```\n",
skillMd:
"---\nname: nanoclaw-example\nversion: 1.0.0\n---\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill nanoclaw-example -a hermes-agent -y\n```\n",
});
const wrongNanoTarget = runValidator(["--skills", "skills/nanoclaw-example"]);
assert.equal(wrongNanoTarget.status, 1, "NanoClaw docs must fail when they use the Hermes target");
assert.match(
wrongNanoTarget.stderr,
/npx skills add prompt-security\/clawsec --skill nanoclaw-example -a openclaw -y/,
"NanoClaw skills must install through the openclaw target",
);
await writeSkill({
name: "nanoclaw-example",
metadata: { platform: "nanoclaw", nanoclaw: { category: "security" } },
readme:
"# NanoClaw Example\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill nanoclaw-example -a openclaw -y\n```\n",
skillMd:
"---\nname: nanoclaw-example\nversion: 1.0.0\n---\n\n## Vercel Skills Installation\n\n```bash\nnpx skills add prompt-security/clawsec --skill nanoclaw-example -a openclaw -y\n```\n",
});
const validNano = runValidator(["--skills", "skills/nanoclaw-example"]);
assert.equal(
validNano.status,
0,
`valid NanoClaw install docs should pass\nstdout:\n${validNano.stdout}\nstderr:\n${validNano.stderr}`,
);
assert.match(
workflow,
/Validate npx skills install docs/,
"Skill release workflow must run the install-doc validator",
);
} finally {
await rm(tempRoot, { recursive: true, force: true });
}
scripts/test-skill-release-workflow.mjs
+233 -3
View File
@@ -2,7 +2,9 @@ import assert from 'node:assert/strict';
import { readFile } from 'node:fs/promises';
const workflowPath = new URL('../.github/workflows/skill-release.yml', import.meta.url);
const ciWorkflowPath = new URL('../.github/workflows/ci.yml', import.meta.url);
const workflow = await readFile(workflowPath, 'utf8');
const ciWorkflow = await readFile(ciWorkflowPath, 'utf8');
assert.match(
workflow,
@@ -10,6 +12,22 @@ assert.match(
'Skill release workflow must run when any skill package file changes',
);
assert.match(
workflow,
/pull_request:[\s\S]*paths:[\s\S]*- '\.github\/workflows\/skill-release\.yml'[\s\S]*- 'scripts\/ci\/\*\*'/,
'Skill release workflow must also run when the release pipeline itself changes',
);
assert.ok(
ciWorkflow.includes(` - name: Skill Release Tooling Tests
run: |
set -euo pipefail
for test_file in scripts/test-skill-*.mjs; do
node "$test_file"
done`),
'CI must run every scripts/test-skill-*.mjs file so new skill release tests are not orphaned',
);
assert.match(
workflow,
/git diff --name-only "\$\{BASE_SHA\}\.\.\.\$\{HEAD_SHA\}" --[\s\S]*'skills\/\*\/\*\*'[\s\S]*':\(exclude\)skills\/\*\/test\/\*\*'[\s\S]*':\(exclude\)skills\/\*\/tests\/\*\*'/,
@@ -19,11 +37,223 @@ assert.match(
assert.doesNotMatch(
workflow,
/No version bump detected for \$\{skill_dir\}; skipping\./,
'Changed skill directories without a version bump must fail validation instead of being skipped',
'Changed skill directories without a version bump must not be skipped without release-tag validation',
);
assert.match(
workflow,
/::error file=\$\{skill_dir\}::Changed skill package has no version bump\./,
'Skill release validation must emit an explicit missing-version-bump error',
/skill_release_name="\$\(basename "\$\{skill_dir\}"\)"/,
'Skill release validation must derive the release tag prefix from the skill package directory',
);
assert.match(
workflow,
/release_tag="\$\{skill_release_name\}-v\$\{head_json_version\}"/,
'Skill release validation must use the skill package directory name for release tag checks',
);
assert.doesNotMatch(
workflow,
/release_tag="\$\{head_skill_name\}-v\$\{head_json_version\}"/,
'Skill release validation must not use skill.json name for release tag checks because release tags resolve to skill directories',
);
assert.match(
workflow,
/git show-ref --verify --quiet "refs\/tags\/\$\{release_tag\}"/,
'Skill release validation must check whether the current skill version has already been tagged',
);
assert.match(
workflow,
/No version bump detected for \$\{skill_dir\}, but release tag \$\{release_tag\} does not exist; treating \$\{head_json_version\} as unreleased\./,
'Skill release validation must allow edits to an unchanged version when that release tag does not exist yet',
);
assert.match(
workflow,
/::error file=\$\{skill_dir\}::Changed skill package has no version bump and release tag \$\{release_tag\} already exists\./,
'Skill release validation must still fail unchanged versions after their release tag exists',
);
assert.match(
workflow,
/Install SkillSpector/,
'Skill release workflow must install SkillSpector before publishing release evidence',
);
assert.match(
workflow,
/Generate SkillSpector report/,
'Skill release workflow must generate a SkillSpector report for each released skill',
);
assert.match(
workflow,
/### SkillSpector Security Report[\s\S]*\[skillspector-report\.md\]\(https:\/\/github\.com\/\$\{process\.env\.REPO\}\/releases\/download\/\$\{process\.env\.TAG\}\/skillspector-report\.md\)/,
'GitHub release notes must include a direct SkillSpector report link',
);
assert.match(
workflow,
/readFileSync\("release-assets\/skillspector-report\.md", "utf8"\)/,
'GitHub release notes must load the generated SkillSpector report content into the release body file',
);
assert.match(
workflow,
/body_path: \$\{\{ runner\.temp \}\}\/skill-release-body\.md/,
'GitHub release creation must use body_path for the generated release body file',
);
assert.doesNotMatch(
workflow,
/SKILLSPECTOR_REPORT_EOF|\$\{\{ steps\.skillspector_report\.outputs\.body \}\}|cat release-assets\/skillspector-report\.md[\s\S]*>> "\$GITHUB_OUTPUT"/,
'SkillSpector report content must not be sent through GitHub Actions step outputs',
);
assert.match(
workflow,
/generate_skillspector_report "\$\{inner_dir\}" "\$\{out_assets\}\/skillspector-report\.md"/,
'PR dry-run SkillSpector scan must target the staged release payload, not the source skill directory',
);
assert.doesNotMatch(
workflow,
/generate_skillspector_report "\$\{skill_dir\}" "\$\{out_assets\}\/skillspector-report\.md"/,
'PR dry-run SkillSpector scan must not include source-only test directories',
);
assert.match(
workflow,
/generate_skillspector_report "\$INNER_DIR" "release-assets\/skillspector-report\.md"/,
'Tag release SkillSpector scan must target the staged release payload, not the source skill directory',
);
assert.doesNotMatch(
workflow,
/generate_skillspector_report "\$SKILL_PATH" "release-assets\/skillspector-report\.md"/,
'Tag release SkillSpector scan must not include source-only test directories',
);
assert.match(
workflow,
/Generate release trust packet/,
'Skill release workflow must generate skill cards, permission summaries, and npx install instructions',
);
for (const artifact of ['skill-card.md', 'permissions.json', 'install.md', 'skillspector-report.md']) {
assert.match(
workflow,
new RegExp(`release-assets/${artifact.replace('.', '\\.')}`),
`Skill release workflow must publish ${artifact} in release assets`,
);
}
const escapeRegExp = (literal) => literal.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
for (const artifact of ['skill-card.md', 'permissions.json', 'install.md', 'skillspector-report.md']) {
assert.match(
workflow,
new RegExp(
String.raw`if ! add_release_asset_checksum "\$\{out_assets\}" "${escapeRegExp(artifact)}"; then` +
String.raw`[\s\S]*?failures=\$\(\(failures \+ 1\)\)[\s\S]*?continue[\s\S]*?fi`,
),
`PR dry-run validation must aggregate and continue when ${artifact} cannot be checksummed`,
);
}
assert.match(
workflow,
/add_release_asset_checksum "skill-card\.md"/,
'Skill card must be included in the signed checksums manifest',
);
assert.match(
workflow,
/add_release_asset_checksum "permissions\.json"/,
'Permissions summary must be included in the signed checksums manifest',
);
assert.match(
workflow,
/add_release_asset_checksum "install\.md"/,
'npx install/update instructions must be included in the signed checksums manifest',
);
assert.match(
workflow,
/add_release_asset_checksum "skillspector-report\.md"/,
'SkillSpector report must be included in the signed checksums manifest',
);
assert.match(
workflow,
/Simulate tag release build/,
'Skill release workflow must simulate a tag release build during PR validation',
);
assert.match(
workflow,
/simulate_skill_tag_release\.mjs/,
'Skill release workflow must call the tag release simulation script',
);
assert.ok(
workflow.includes('simulated_version | test("^[0-9]+\\\\.[0-9]+\\\\.[0-9]+(-[a-zA-Z0-9]+)?$")'),
'Skill release workflow must accept every prerelease version format that release-skill.sh accepts',
);
assert.match(
workflow,
/clawhub_slug: \$\{\{ steps\.publishable\.outputs\.clawhub_slug \}\}/,
'Skill release workflow must expose the resolved ClawHub slug from release-tag outputs',
);
assert.match(
workflow,
/CLAWHUB_SLUG=\$\(node scripts\/ci\/resolve_clawhub_slug\.mjs "\$SKILL_PATH"\)/,
'Skill release workflow must resolve the ClawHub slug from the skill package path',
);
assert.match(
workflow,
/cp scripts\/ci\/resolve_clawhub_slug\.mjs "\$RUNNER_TEMP\/resolve_clawhub_slug\.mjs"/,
'Manual ClawHub republish must preserve the current slug helper before checking out an older release tag',
);
assert.match(
workflow,
/CLAWHUB_SLUG=\$\(node "\$RUNNER_TEMP\/resolve_clawhub_slug\.mjs" "\$SKILL_PATH"\)/,
'Manual ClawHub republish must resolve slugs with the preserved helper against the checked-out tag metadata',
);
assert.match(
workflow,
/npx clawhub@latest install \$\{CLAWHUB_SLUG\}/,
'GitHub release quick install instructions must use the resolved ClawHub slug',
);
assert.match(
workflow,
/clawhub inspect "\$CLAWHUB_SLUG" --version "\$VERSION" --json/,
'Duplicate ClawHub version guard must inspect the resolved ClawHub slug',
);
assert.match(
workflow,
/--slug "\$CLAWHUB_SLUG"/,
'ClawHub publish must use the resolved ClawHub slug',
);
assert.doesNotMatch(
workflow,
/clawhub inspect "\$SKILL_NAME" --version "\$VERSION" --json/,
'Duplicate ClawHub version guard must not inspect the raw skill package name',
);
assert.doesNotMatch(
workflow,
/--slug "\$SKILL_NAME"/,
'ClawHub publish must not use the raw skill package name as the ClawHub slug',
);
scripts/test-skill-tag-release-simulation.mjs
+184
View File
@@ -0,0 +1,184 @@
import assert from "node:assert/strict";
import { chmod, cp, mkdtemp, readFile, rm, writeFile } from "node:fs/promises";
import { tmpdir } from "node:os";
import path from "node:path";
import { spawnSync } from "node:child_process";
const tempRoot = await mkdtemp(path.join(tmpdir(), "clawsec-tag-release-sim-"));
const fakeSkillspector = path.join(tempRoot, "skillspector");
async function prereleaseFixture(sourceSkillDir, version, fixtureGroup) {
const fixtureDir = path.join(tempRoot, fixtureGroup, path.basename(sourceSkillDir));
await cp(sourceSkillDir, fixtureDir, { recursive: true });
const skillJsonPath = path.join(fixtureDir, "skill.json");
const skill = JSON.parse(await readFile(skillJsonPath, "utf8"));
skill.version = version;
await writeFile(skillJsonPath, `${JSON.stringify(skill, null, 2)}\n`);
const skillMdPath = path.join(fixtureDir, "SKILL.md");
const skillMd = await readFile(skillMdPath, "utf8");
await writeFile(skillMdPath, skillMd.replace(/^version:\s*.+$/m, `version: ${version}`));
return fixtureDir;
}
async function runSimulation({ skillDir, outputDir, expectedOriginal, expectedSimulated, expectedAgent }) {
const result = spawnSync(
process.execPath,
[
"scripts/ci/simulate_skill_tag_release.mjs",
skillDir,
outputDir,
"--repository",
"prompt-security/clawsec",
"--source-ref",
"pull-request-head",
"--skillspector-bin",
fakeSkillspector,
],
{ encoding: "utf8" },
);
assert.equal(
result.status,
0,
`tag release simulation failed\nstdout:\n${result.stdout}\nstderr:\n${result.stderr}`,
);
const skillName = path.basename(skillDir);
const expectedTag = `${skillName}-v${expectedSimulated}`;
const summary = JSON.parse(await readFile(path.join(outputDir, "simulation-summary.json"), "utf8"));
assert.equal(summary.skill, skillName);
assert.equal(summary.original_version, expectedOriginal);
assert.equal(summary.simulated_version, expectedSimulated);
assert.equal(summary.tag, expectedTag);
const releaseAssetsDir = path.join(outputDir, "release-assets");
const checksums = JSON.parse(await readFile(path.join(releaseAssetsDir, "checksums.json"), "utf8"));
assert.equal(checksums.skill, skillName);
assert.equal(checksums.version, expectedSimulated);
assert.equal(checksums.tag, expectedTag);
assert.equal(checksums.archive.filename, `${expectedTag}.zip`);
for (const artifact of [
"skill-card.md",
"permissions.json",
"install.md",
"skillspector-report.md",
"checksums.sig",
"signing-public.pem",
]) {
assert.ok(
checksums.files[artifact] || artifact.endsWith(".sig") || artifact === "signing-public.pem",
`expected ${artifact} to be represented in the release output`,
);
const file = await readFile(path.join(releaseAssetsDir, artifact));
assert.ok(file.length > 0, `${artifact} should not be empty`);
}
const archive = await readFile(path.join(releaseAssetsDir, `${expectedTag}.zip`));
assert.ok(archive.length > 0, "release archive should not be empty");
const install = await readFile(path.join(releaseAssetsDir, "install.md"), "utf8");
assert.match(
install,
new RegExp(
`npx skills add prompt-security/clawsec#pull-request-head --skill ${skillName} --agent ${expectedAgent} --global --yes`,
),
);
assert.match(install, new RegExp(`npx skills update ${skillName}`));
}
try {
await writeFile(
fakeSkillspector,
`#!/usr/bin/env node
import { readdirSync, writeFileSync } from "node:fs";
import path from "node:path";
const scanIndex = process.argv.indexOf("scan");
if (scanIndex === -1 || !process.argv[scanIndex + 1]) {
console.error("missing scan target");
process.exit(2);
}
function containsTestDirectory(dir) {
for (const entry of readdirSync(dir, { withFileTypes: true })) {
if (!entry.isDirectory()) {
continue;
}
const lowerName = entry.name.toLowerCase();
if (lowerName === "test" || lowerName === "tests") {
return true;
}
if (containsTestDirectory(path.join(dir, entry.name))) {
return true;
}
}
return false;
}
const scanTarget = process.argv[scanIndex + 1];
if (containsTestDirectory(scanTarget)) {
console.error("SkillSpector test fixture must scan the staged release payload, not source test directories.");
process.exit(42);
}
const outputIndex = process.argv.indexOf("--output");
if (outputIndex === -1 || !process.argv[outputIndex + 1]) {
console.error("missing --output");
process.exit(2);
}
writeFileSync(process.argv[outputIndex + 1], "# Fake SkillSpector Report\\n\\nNo live scan executed in unit test.\\n");
`,
{ mode: 0o700 },
);
await chmod(fakeSkillspector, 0o700);
await runSimulation({
skillDir: "skills/clawsec-suite",
outputDir: path.join(tempRoot, "stable"),
expectedOriginal: "0.1.10",
expectedSimulated: "0.1.11",
expectedAgent: "openclaw",
});
await runSimulation({
skillDir: "skills/hermes-traffic-guardian",
outputDir: path.join(tempRoot, "beta"),
expectedOriginal: "0.0.1-beta3",
expectedSimulated: "0.0.1-beta4",
expectedAgent: "hermes-agent",
});
const alphaSkillDir = await prereleaseFixture("skills/picoclaw-self-pen-testing", "0.0.3-alpha1", "alpha-fixture");
await runSimulation({
skillDir: alphaSkillDir,
outputDir: path.join(tempRoot, "alpha"),
expectedOriginal: "0.0.3-alpha1",
expectedSimulated: "0.0.3-alpha2",
expectedAgent: "openclaw",
});
const rcSkillDir = await prereleaseFixture("skills/picoclaw-security-guardian", "0.0.4-rc1", "rc-fixture");
await runSimulation({
skillDir: rcSkillDir,
outputDir: path.join(tempRoot, "rc"),
expectedOriginal: "0.0.4-rc1",
expectedSimulated: "0.0.4-rc2",
expectedAgent: "openclaw",
});
const previewSkillDir = await prereleaseFixture("skills/openclaw-traffic-guardian", "0.0.1-preview", "preview-fixture");
await runSimulation({
skillDir: previewSkillDir,
outputDir: path.join(tempRoot, "preview"),
expectedOriginal: "0.0.1-preview",
expectedSimulated: "0.0.1-preview1",
expectedAgent: "openclaw",
});
} finally {
await rm(tempRoot, { recursive: true, force: true });
}
scripts/test-skill-trust-packet.mjs
+79
View File
@@ -0,0 +1,79 @@
import assert from "node:assert/strict";
import { mkdtemp, readFile, rm } from "node:fs/promises";
import { tmpdir } from "node:os";
import path from "node:path";
import { spawnSync } from "node:child_process";
const outputDir = await mkdtemp(path.join(tmpdir(), "clawsec-trust-packet-"));
function runTrustPacket(skillDir, targetDir, tag) {
return spawnSync(
process.execPath,
[
"scripts/ci/generate_skill_release_trust_packet.mjs",
skillDir,
targetDir,
"--repository",
"prompt-security/clawsec",
"--tag",
tag,
"--source-ref",
"main",
],
{ encoding: "utf8" },
);
}
try {
const result = runTrustPacket("skills/clawsec-suite", outputDir, "clawsec-suite-v0.1.10");
assert.equal(
result.status,
0,
`trust packet generator failed\nstdout:\n${result.stdout}\nstderr:\n${result.stderr}`,
);
const skillCard = await readFile(path.join(outputDir, "skill-card.md"), "utf8");
const permissions = JSON.parse(await readFile(path.join(outputDir, "permissions.json"), "utf8"));
const install = await readFile(path.join(outputDir, "install.md"), "utf8");
assert.match(skillCard, /^# Skill Card/m);
assert.match(skillCard, /## License\/Terms of Use/);
assert.match(skillCard, /AGPL-3\.0-or-later/);
assert.match(skillCard, /skillspector-report\.md/);
assert.match(skillCard, /clawsec-suite-v0\.1\.10/);
assert.equal(permissions.skill, "clawsec-suite");
assert.equal(permissions.version, "0.1.10");
assert.equal(permissions.platform, "openclaw");
assert.deepEqual(
permissions.required_binaries,
["node", "npx", "openclaw", "curl", "jq", "shasum", "openssl", "unzip"],
);
assert.match(permissions.network_egress, /signed advisory feed/);
assert.match(permissions.persistence, /OpenClaw advisory hook/);
assert.ok(Array.isArray(permissions.operator_review));
assert.ok(permissions.operator_review.length > 0);
assert.match(install, /npx skills add prompt-security\/clawsec --skill clawsec-suite --agent openclaw --global --yes/);
assert.match(install, /npx skills update clawsec-suite/);
const hermesOutputDir = path.join(outputDir, "hermes");
const hermesResult = runTrustPacket(
"skills/hermes-attestation-guardian",
hermesOutputDir,
"hermes-attestation-guardian-v0.1.4",
);
assert.equal(
hermesResult.status,
0,
`Hermes trust packet generator failed\nstdout:\n${hermesResult.stdout}\nstderr:\n${hermesResult.stderr}`,
);
const hermesInstall = await readFile(path.join(hermesOutputDir, "install.md"), "utf8");
assert.match(
hermesInstall,
/npx skills add prompt-security\/clawsec --skill hermes-attestation-guardian --agent hermes-agent --global --yes/,
);
} finally {
await rm(outputDir, { recursive: true, force: true });
}
skills/claw-release/CHANGELOG.md
+7
View File
@@ -1,5 +1,12 @@
# Changelog
## [0.0.4] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
- Marked the release helper with top-level internal metadata so compatible installers can hide it from normal agent-facing discovery.
## [0.0.3] - 2026-05-14
### Security
skills/claw-release/README.md
+11
View File
@@ -0,0 +1,11 @@
# Claw Release
Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill claw-release -a openclaw -y
```
skills/claw-release/SKILL.md
+16 -4
View File
@@ -1,9 +1,14 @@
---
name: claw-release
version: 0.0.3
version: 0.0.4
description: Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
homepage: https://clawsec.prompt.security
metadata: {"openclaw":{"emoji":"🚀","category":"utility","internal":true}}
metadata:
internal: true
openclaw:
emoji: "🚀"
category: "utility"
internal: true
clawdis:
emoji: "🚀"
requires:
@@ -18,6 +23,14 @@ Internal tool for releasing skills and managing the ClawSec catalog.
---
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill claw-release -a openclaw -y
```
## Operational Notes
- Internal maintainer workflow only.
@@ -26,7 +39,6 @@ Internal tool for releasing skills and managing the ClawSec catalog.
- Side effects: creates commits, tags, pushes to remote, and publishes GitHub Releases
- Trust model: run only from a trusted checkout with a clean working tree and maintainer approval
## Release Artifact Verification
For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key.
@@ -35,7 +47,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="claw-release"
VERSION="0.0.3"
VERSION="0.0.4"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
skills/claw-release/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "claw-release",
"version": "0.0.3",
"version": "0.0.4",
"description": "Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/clawsec-clawhub-checker/CHANGELOG.md
+11
View File
@@ -1,5 +1,16 @@
# Changelog
## [0.0.6] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.5] - 2026-06-07
### Security
- Treat explicit malicious ClawHub and VirusTotal verdicts as blocking signals regardless of the numeric reputation score.
## [0.0.4] - 2026-05-13
### Security
skills/clawsec-clawhub-checker/README.md
+8
View File
@@ -2,6 +2,14 @@
A `clawsec-suite` companion skill that adds a standalone reputation gate before guarded installs.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-clawhub-checker -a openclaw -y
```
## Operational Notes
- Required runtime: `node`, `clawhub`, `openclaw`
skills/clawsec-clawhub-checker/SKILL.md
+9 -2
View File
@@ -1,6 +1,6 @@
---
name: clawsec-clawhub-checker
version: 0.0.4
version: 0.0.6
description: ClawHub reputation checker for clawsec-suite. Adds a standalone reputation gate before guarded skill installation.
homepage: https://clawsec.prompt.security
clawdis:
@@ -14,6 +14,14 @@ clawdis:
Adds a reputation gate on top of the `clawsec-suite` guarded installer.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-clawhub-checker -a openclaw -y
```
## Operational Notes
- Required runtime: `node`, `clawhub`, `openclaw`
@@ -45,7 +53,6 @@ Optional preflight check (validates local paths and prints recommended command):
node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/setup_reputation_hook.mjs
```
## Release Artifact Verification
For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key.
skills/clawsec-clawhub-checker/scripts/check_clawhub_reputation.mjs
+19 -2
View File
@@ -35,6 +35,12 @@ function blockOnMissingScannerData(result, warning) {
result.blocked = true;
}
function blockOnMaliciousScannerData(result, warning) {
result.warnings.push(warning);
result.score = 0;
result.blocked = true;
}
function parseJson(raw, label, warnings) {
try {
return JSON.parse(raw);
@@ -58,7 +64,10 @@ function maybeApplyVersionSecuritySignals(result, versionDetails) {
return;
}
if (typeof security.status === "string" && security.status.toLowerCase() === "suspicious") {
const securityStatus = typeof security.status === "string" ? security.status.toLowerCase() : "";
if (securityStatus === "malicious") {
blockOnMaliciousScannerData(result, "ClawHub static moderation marked the version as malicious");
} else if (securityStatus === "suspicious") {
result.warnings.push("ClawHub static moderation marked the version as suspicious");
result.score -= 30;
}
@@ -82,7 +91,15 @@ function maybeApplyVersionSecuritySignals(result, versionDetails) {
"";
const normalizedStatus = vtStatus.toLowerCase();
if (normalizedStatus === "suspicious") {
if (normalizedStatus === "malicious") {
result.virustotal.push("ClawHub VirusTotal scan returned malicious");
blockOnMaliciousScannerData(result, "ClawHub VirusTotal scan returned malicious");
const vtSummary = typeof vt.analysis === "string" ? vt.analysis.trim() : "";
if (vtSummary) {
result.virustotal.push(vtSummary.split("\n")[0]);
}
} else if (normalizedStatus === "suspicious") {
result.virustotal.push("ClawHub VirusTotal scan returned suspicious");
result.score -= 40;
skills/clawsec-clawhub-checker/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "clawsec-clawhub-checker",
"version": "0.0.4",
"version": "0.0.6",
"description": "ClawHub reputation checker for clawsec-suite. Adds a standalone reputation gate before guarded skill installation.",
"author": "abutbul",
"license": "AGPL-3.0-or-later",
skills/clawsec-clawhub-checker/test/reputation_check.test.mjs
+87
View File
@@ -13,6 +13,8 @@
*/
import { fileURLToPath } from "node:url";
import fs from "node:fs/promises";
import os from "node:os";
import path from "node:path";
import { spawn } from "node:child_process";
@@ -58,6 +60,37 @@ function runScript(scriptPath, args, env) {
});
}
async function createMockClawhub(payload) {
const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "clawhub-reputation-test-"));
const binDir = path.join(tmpDir, "bin");
const mockPath = path.join(binDir, "clawhub");
await fs.mkdir(binDir, { recursive: true });
await fs.writeFile(
mockPath,
`#!/usr/bin/env node
const payload = ${JSON.stringify(JSON.stringify(payload))};
const command = process.argv[2] || "";
if (command === "inspect") {
process.stdout.write(payload);
process.exit(0);
}
if (command === "search") {
process.stdout.write("name\\nmock-skill\\nother-skill\\n");
process.exit(0);
}
process.stderr.write("unexpected clawhub command: " + process.argv.slice(2).join(" ") + "\\n");
process.exit(2);
`,
"utf8",
);
await fs.chmod(mockPath, 0o755);
return {
env: { PATH: `${binDir}:${process.env.PATH}` },
cleanup: async () => fs.rm(tmpDir, { recursive: true, force: true }),
};
}
// -----------------------------------------------------------------------------
// Test: Invalid skill slug is rejected (command injection prevention)
// -----------------------------------------------------------------------------
@@ -208,6 +241,59 @@ async function testPreReleaseVersionAccepted() {
}
}
// -----------------------------------------------------------------------------
// Test: Explicit malicious scanner verdict blocks regardless of score
// -----------------------------------------------------------------------------
async function testMaliciousVirusTotalVerdictBlocks() {
const testName = "reputation_check: malicious VirusTotal verdict blocks install";
const now = Date.now();
const mock = await createMockClawhub({
skill: {
createdAt: now - (120 * 24 * 60 * 60 * 1000),
updatedAt: now - (2 * 24 * 60 * 60 * 1000),
stats: { downloads: 1000 },
},
owner: { handle: "trusted-publisher" },
version: {
security: {
status: "clean",
scanners: {
vt: {
normalizedStatus: "malicious",
analysis: "malicious verdict from scanner",
},
},
},
},
});
try {
const result = await runScript(CHECKER_SCRIPT, ['malicious-skill', '1.0.0', '70'], mock.env);
let parsed;
try {
parsed = JSON.parse(result.stdout);
} catch {
fail(testName, `Could not parse output: ${result.stdout}`);
return;
}
if (
result.code === 43 &&
parsed.safe === false &&
parsed.warnings.some((w) => w.toLowerCase().includes("malicious")) &&
parsed.virustotal.some((v) => v.toLowerCase().includes("malicious"))
) {
pass(testName);
} else {
fail(testName, `Expected malicious verdict to block, got code ${result.code}: ${JSON.stringify(parsed)}`);
}
} catch (error) {
fail(testName, error);
} finally {
await mock.cleanup();
}
}
// -----------------------------------------------------------------------------
// Test: CLI entrypoint guard works when script path is relative
// -----------------------------------------------------------------------------
@@ -411,6 +497,7 @@ async function runTests() {
await testUppercaseSlugRejected();
await testEmptySlugShowsUsage();
await testPreReleaseVersionAccepted();
await testMaliciousVirusTotalVerdictBlocks();
await testRelativePathCliEntrypointWorks();
await testInvalidThresholdRejected();
await testEnhancedInstallerRejectsInvalidSkill();
skills/clawsec-feed/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.0.9] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.8] - 2026-05-24
### Changed
skills/clawsec-feed/README.md
+8
View File
@@ -2,6 +2,14 @@
Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence and stay informed about emerging threats.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-feed -a openclaw -y
```
## Operational Notes
- Required runtime for standalone installation: `bash`, `curl`, `jq`, `shasum`, `unzip`
skills/clawsec-feed/SKILL.md
+10 -4
View File
@@ -1,6 +1,6 @@
---
name: clawsec-feed
version: 0.0.8
version: 0.0.9
description: Security advisory feed package for OpenClaw-related threats and vulnerabilities. The upstream feed is updated daily; local automation is handled by clawsec-suite or the operator.
homepage: https://clawsec.prompt.security
metadata: {"openclaw":{"emoji":"📡","category":"security"}}
@@ -16,6 +16,14 @@ Security advisory feed monitoring for AI agents. Subscribe to community-driven t
The default `feed.json` is the consolidated agent feed. It includes NVD CVEs, approved community advisories, and provisional GitHub Security Advisories that do not have CVE IDs yet.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-feed -a openclaw -y
```
## Operational Notes
- Required runtime for standalone installation: `bash`, `curl`, `jq`, `shasum`, `unzip`
@@ -66,7 +74,6 @@ Standalone installation is a network download workflow. Verify the release sourc
Installation Steps:
Agents should review scripts before execution!
```bash
# Get latest clawsec-feed release tag
LATEST_TAG=$(curl -sSL https://api.github.com/repos/prompt-security/ClawSec/releases | \
@@ -81,7 +88,6 @@ Once you have this skill file, proceed to **[Deploy ClawSec Feed](#deploy-clawse
---
## Release Artifact Verification
For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key.
@@ -90,7 +96,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="clawsec-feed"
VERSION="0.0.8"
VERSION="0.0.9"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
skills/clawsec-feed/advisories/feed.json
+7120 -28
View File
File diff suppressed because one or more lines are too long
skills/clawsec-feed/advisories/feed.json.sig
+1 -1
View File
@@ -1 +1 @@
0XMKs0QnzZYtU1YeMVNVpqzLecu8buTcBx+60hi7puHKARdshGlOSHZ8E27fo6qhz6MJx6/7zoIjCz6y+q1zBA==
agiAAFvzM1vNHxH2+bGtyeKqFScLWJHnNreBcPpTODUqD0xqFi0cnyP/ZaZX+Rsw1Y9uZ7pGdFdA93pD4lh2BQ==
skills/clawsec-feed/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "clawsec-feed",
"version": "0.0.8",
"version": "0.0.9",
"description": "Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/clawsec-nanoclaw/CHANGELOG.md
+12
View File
@@ -1,5 +1,17 @@
# Changelog
## [0.0.8] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.7] - 2026-06-07
### Security
- Added comparator range support for NanoClaw advisory matching and fail-closed handling for malformed affected specifiers.
- Added strict integrity IPC request ID validation and result path containment before host-side result writes.
## [0.0.6] - 2026-05-24
### Changed
skills/clawsec-nanoclaw/README.md
+8
View File
@@ -2,6 +2,14 @@
ClawSec now supports NanoClaw, a containerized WhatsApp bot powered by Claude agents.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-nanoclaw -a openclaw -y
```
## What Changed
### Advisory Feed Monitoring
skills/clawsec-nanoclaw/SKILL.md
+9 -2
View File
@@ -1,6 +1,6 @@
---
name: clawsec-nanoclaw
version: 0.0.6
version: 0.0.8
description: Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
---
@@ -8,6 +8,14 @@ description: Use when checking for security vulnerabilities in NanoClaw skills,
Security advisory monitoring that protects your WhatsApp bot from known vulnerabilities in skills and dependencies.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-nanoclaw -a openclaw -y
```
## Overview
ClawSec provides MCP tools that check installed skills against a curated feed of security advisories. It prevents installation of vulnerable skills, includes exploitability context for triage, and alerts you to issues in existing ones.
@@ -201,7 +209,6 @@ See [INSTALL.md](./INSTALL.md) for setup and [docs/](./docs/) for advanced usage
- Provides actionable remediation steps
- Zero false positives (curated feed only)
## Release Artifact Verification
For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key.
skills/clawsec-nanoclaw/host-services/integrity-handler.ts
+50 -18
View File
@@ -11,6 +11,9 @@ import fs from 'fs';
import path from 'path';
import { IntegrityMonitor } from '../guardian/integrity-monitor';
const RESULT_DIR = '/workspace/ipc/clawsec_results';
const REQUEST_ID_PATTERN = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
// ============================================================================
// Integrity Service (Singleton)
// ============================================================================
@@ -84,15 +87,21 @@ export async function handleIntegrityIpc(
logger: any
): Promise<void> {
const { type, requestId, groupFolder: _groupFolder } = task;
const validatedRequestId = validateRequestId(requestId);
if (!validatedRequestId) {
logger.warn({ type, requestId }, 'Invalid integrity IPC request id');
return;
}
const safeTask = { ...task, requestId: validatedRequestId };
if (!deps.integrityService) {
logger.warn({ task }, 'IntegrityService not available');
if (requestId) {
writeResult(requestId, {
success: false,
error: 'IntegrityService not initialized'
});
}
writeResult(validatedRequestId, {
success: false,
error: 'IntegrityService not initialized'
});
return;
}
@@ -103,31 +112,29 @@ export async function handleIntegrityIpc(
await service.initialize();
} catch (error) {
logger.error({ error }, 'Failed to initialize IntegrityService');
if (requestId) {
writeResult(requestId, {
success: false,
error: `Initialization failed: ${error instanceof Error ? error.message : String(error)}`
});
}
writeResult(validatedRequestId, {
success: false,
error: `Initialization failed: ${error instanceof Error ? error.message : String(error)}`
});
return;
}
}
switch (type) {
case 'integrity_check':
await handleIntegrityCheck(task, service, logger);
await handleIntegrityCheck(safeTask, service, logger);
break;
case 'integrity_approve':
await handleIntegrityApprove(task, service, logger);
await handleIntegrityApprove(safeTask, service, logger);
break;
case 'integrity_status':
await handleIntegrityStatus(task, service, logger);
await handleIntegrityStatus(safeTask, service, logger);
break;
case 'integrity_verify_audit':
await handleIntegrityVerifyAudit(task, service, logger);
await handleIntegrityVerifyAudit(safeTask, service, logger);
break;
default:
@@ -280,15 +287,40 @@ async function handleIntegrityVerifyAudit(
// Helper Functions
// ============================================================================
function validateRequestId(requestId: unknown): string | null {
if (typeof requestId !== 'string') return null;
const normalized = requestId.trim();
if (!REQUEST_ID_PATTERN.test(normalized)) return null;
return normalized;
}
function resolveResultPath(requestId: string): string {
const safeRequestId = validateRequestId(requestId);
if (!safeRequestId) {
throw new Error('Invalid integrity IPC request id');
}
const resultDir = RESULT_DIR;
const normalizedResultDir = path.resolve(resultDir);
const resultPath = path.resolve(normalizedResultDir, `${safeRequestId}.json`);
const relativePath = path.relative(normalizedResultDir, resultPath);
if (relativePath.startsWith('..') || path.isAbsolute(relativePath)) {
throw new Error('Integrity IPC result path escapes result directory');
}
return resultPath;
}
function writeResult(requestId: string, result: any): void {
const resultDir = '/workspace/ipc/clawsec_results';
const resultPath = resolveResultPath(requestId);
const resultDir = path.dirname(resultPath);
// Ensure directory exists
if (!fs.existsSync(resultDir)) {
fs.mkdirSync(resultDir, { recursive: true });
}
const resultPath = path.join(resultDir, `${requestId}.json`);
fs.writeFileSync(resultPath, JSON.stringify(result, null, 2));
}
skills/clawsec-nanoclaw/lib/advisories.ts
+127 -20
View File
@@ -86,39 +86,146 @@ export function versionMatches(version: string, versionSpec: string): boolean {
if (v === spec) return true;
// Parse semver components
const parseVersion = (ver: string): number[] => {
const match = ver.match(/^(\d+)\.(\d+)\.(\d+)/);
if (!match) return [];
return [parseInt(match[1], 10), parseInt(match[2], 10), parseInt(match[3], 10)];
type ParsedVersion = {
major: number;
minor: number;
patch: number;
prerelease: string[];
};
const semverPattern = String.raw`v?\d+\.\d+\.\d+(?:-[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?(?:\+[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?`;
const semverRegex = new RegExp(
String.raw`^v?(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?$`
);
const parseVersion = (ver: string): ParsedVersion | null => {
const match = ver.match(semverRegex);
if (!match) return null;
return {
major: parseInt(match[1], 10),
minor: parseInt(match[2], 10),
patch: parseInt(match[3], 10),
prerelease: match[4] ? match[4].split('.') : [],
};
};
const comparePrereleaseIdentifiers = (left: string, right: string): number => {
const leftIsNumeric = /^\d+$/.test(left);
const rightIsNumeric = /^\d+$/.test(right);
if (leftIsNumeric && rightIsNumeric) {
const leftValue = parseInt(left, 10);
const rightValue = parseInt(right, 10);
if (leftValue > rightValue) return 1;
if (leftValue < rightValue) return -1;
return 0;
}
if (leftIsNumeric) return -1;
if (rightIsNumeric) return 1;
if (left > right) return 1;
if (left < right) return -1;
return 0;
};
const compareVersions = (left: ParsedVersion, right: ParsedVersion): number => {
if (left.major > right.major) return 1;
if (left.major < right.major) return -1;
if (left.minor > right.minor) return 1;
if (left.minor < right.minor) return -1;
if (left.patch > right.patch) return 1;
if (left.patch < right.patch) return -1;
if (left.prerelease.length === 0 && right.prerelease.length === 0) return 0;
if (left.prerelease.length === 0) return 1;
if (right.prerelease.length === 0) return -1;
const identifierCount = Math.max(left.prerelease.length, right.prerelease.length);
for (let index = 0; index < identifierCount; index += 1) {
const leftIdentifier = left.prerelease[index];
const rightIdentifier = right.prerelease[index];
if (leftIdentifier === undefined) return -1;
if (rightIdentifier === undefined) return 1;
const comparison = comparePrereleaseIdentifiers(leftIdentifier, rightIdentifier);
if (comparison !== 0) return comparison;
}
return 0;
};
const evaluateComparator = (comparator: string): boolean => {
const match = comparator.trim().match(new RegExp(`^(<=|>=|<|>|=)?\\s*(${semverPattern})$`));
if (!match) return false;
const operator = match[1] || '=';
const comparatorParts = parseVersion(match[2]);
if (!comparatorParts) return false;
const comparison = compareVersions(vParts, comparatorParts);
if (operator === '<') return comparison < 0;
if (operator === '<=') return comparison <= 0;
if (operator === '>') return comparison > 0;
if (operator === '>=') return comparison >= 0;
return comparison === 0;
};
const extractComparatorTokens = (range: string): string[] | null => {
const tokenPattern = new RegExp(`(?:<=|>=|<|>|=)?\\s*${semverPattern}`, 'g');
const tokens: string[] = [];
let cursor = 0;
let match = tokenPattern.exec(range);
while (match) {
const gap = range.slice(cursor, match.index);
if (!/^[\s,]*$/.test(gap)) return null;
tokens.push(match[0].trim());
cursor = match.index + match[0].length;
match = tokenPattern.exec(range);
}
if (!/^[\s,]*$/.test(range.slice(cursor))) return null;
return tokens.length > 0 ? tokens : null;
};
const vParts = parseVersion(v);
const specParts = parseVersion(spec.replace(/^[~^]/, ''));
if (!vParts) return true;
if (vParts.length === 0 || specParts.length === 0) return false;
if (/(?:<=|>=|<|>|=)/.test(spec)) {
const comparatorTokens = extractComparatorTokens(spec);
if (!comparatorTokens) return false;
return comparatorTokens.every((token) => evaluateComparator(token));
}
const specParts = parseVersion(spec.replace(/^[~^]/, ''));
if (!specParts) return true;
// Caret range (^1.2.3): compatible with 1.x.x where x >= 2.3
if (spec.startsWith('^')) {
if (vParts[0] !== specParts[0]) return false;
if (vParts[0] === 0) {
// ^0.2.3 means 0.2.x where x >= 3
if (vParts[1] !== specParts[1]) return false;
return vParts[2] >= specParts[2];
}
// ^1.2.3 means 1.x.x where x.x >= 2.3
if (vParts[1] > specParts[1]) return true;
if (vParts[1] < specParts[1]) return false;
return vParts[2] >= specParts[2];
const upperBound =
specParts.major > 0
? { major: specParts.major + 1, minor: 0, patch: 0, prerelease: [] }
: specParts.minor > 0
? { major: 0, minor: specParts.minor + 1, patch: 0, prerelease: [] }
: { major: 0, minor: 0, patch: specParts.patch + 1, prerelease: [] };
return compareVersions(vParts, specParts) >= 0 && compareVersions(vParts, upperBound) < 0;
}
// Tilde range (~1.2.3): patch-level compatibility (1.2.x where x >= 3)
if (spec.startsWith('~')) {
if (vParts[0] !== specParts[0]) return false;
if (vParts[1] !== specParts[1]) return false;
return vParts[2] >= specParts[2];
const upperBound = { major: specParts.major, minor: specParts.minor + 1, patch: 0, prerelease: [] };
return compareVersions(vParts, specParts) >= 0 && compareVersions(vParts, upperBound) < 0;
}
return false;
if (new RegExp(`^${semverPattern}$`).test(spec)) {
return compareVersions(vParts, specParts) === 0;
}
return true;
}
/**
skills/clawsec-nanoclaw/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "clawsec-nanoclaw",
"version": "0.0.6",
"version": "0.0.8",
"description": "ClawSec security suite for NanoClaw - Advisory feed monitoring, MCP tools for vulnerability checking, and Ed25519 signature verification for containerized WhatsApp bot agents",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/clawsec-nanoclaw/test/security-hardening.test.mjs
+77
View File
@@ -1,7 +1,9 @@
import assert from 'node:assert/strict';
import fs from 'node:fs';
import ts from 'typescript';
import path from 'node:path';
import test from 'node:test';
import vm from 'node:vm';
import { fileURLToPath } from 'node:url';
const __filename = fileURLToPath(import.meta.url);
@@ -12,6 +14,45 @@ function readSkillFile(relativePath) {
return fs.readFileSync(path.join(SKILL_ROOT, relativePath), 'utf8');
}
function extractFunctionSource(source, functionName) {
const marker = `export function ${functionName}`;
const start = source.indexOf(marker);
assert.notEqual(start, -1, `missing ${functionName} export`);
const bodyStart = source.indexOf('{', start);
assert.notEqual(bodyStart, -1, `missing ${functionName} body`);
let depth = 0;
for (let index = bodyStart; index < source.length; index += 1) {
const char = source[index];
if (char === '{') depth += 1;
if (char === '}') depth -= 1;
if (depth === 0) {
return source.slice(start, index + 1).replace('export ', '');
}
}
throw new Error(`unterminated ${functionName} body`);
}
function loadVersionMatcher() {
const source = readSkillFile('lib/advisories.ts');
const fnSource = extractFunctionSource(source, 'versionMatches');
const js = ts.transpileModule(
`${fnSource}\nglobalThis.versionMatches = versionMatches;`,
{
compilerOptions: {
module: ts.ModuleKind.ESNext,
target: ts.ScriptTarget.ES2022,
},
}
).outputText;
const context = { globalThis: {} };
vm.runInNewContext(js, context);
return context.globalThis.versionMatches;
}
test('signature verifier enforces pinned key and path policy', () => {
const source = readSkillFile('host-services/skill-signature-handler.ts');
@@ -55,3 +96,39 @@ test('integrity targets and baselines use normalized absolute paths', () => {
assert.ok(source.includes('const normalizedFilePath = path.resolve(filePath);'), 'status/approval lookups must normalize file paths');
assert.ok(source.includes('normalizedFiles[path.resolve(filePath)] = baseline;'), 'loaded baselines must be normalized to absolute keys');
});
test('advisory matcher handles comparator ranges and fails closed on malformed specs', () => {
const versionMatches = loadVersionMatcher();
assert.equal(versionMatches('2026.4.20', '<2026.5.18'), true, 'less-than comparator must match vulnerable versions');
assert.equal(versionMatches('2026.5.18', '<2026.5.18'), false, 'less-than comparator must exclude patched versions');
assert.equal(versionMatches('2026.5.18', '<=2026.5.18'), true, 'less-than-or-equal comparator must match boundary versions');
assert.equal(versionMatches('1.4.0', '>=1.2.0 <2.0.0'), true, 'composite comparator ranges must match all clauses');
assert.equal(versionMatches('2.0.0', '>=1.2.0 <2.0.0'), false, 'composite comparator ranges must reject failed clauses');
assert.equal(versionMatches('0.0.2', '<= 0.0.2'), true, 'spaced comparators must match boundary versions');
assert.equal(versionMatches('0.0.3', '<= 0.0.2'), false, 'spaced comparators must reject versions outside range');
assert.equal(versionMatches('1.2.3', '>= 1.0.0 <'), false, 'partially parsed comparator ranges must not match everything');
assert.equal(versionMatches('1.2.3', 'not-a-range'), true, 'unparseable advisory specifiers must fail closed');
});
test('advisory matcher preserves semver prerelease precedence', () => {
const versionMatches = loadVersionMatcher();
assert.equal(versionMatches('1.2.3-beta.1', '1.2.3'), false, 'prereleases must not collapse into releases');
assert.equal(versionMatches('1.2.3-beta.1', '=1.2.3'), false, 'explicit equality must honor prerelease data');
assert.equal(versionMatches('1.2.3-beta.1', '<1.2.3'), true, 'prereleases must compare lower than releases');
assert.equal(versionMatches('1.2.3', '>1.2.3-beta.1'), true, 'releases must compare higher than prereleases');
assert.equal(versionMatches('1.2.3-beta.2', '<1.2.3-beta.10'), true, 'numeric prerelease identifiers must compare numerically');
assert.equal(versionMatches('1.2.3+build.1', '=1.2.3+build.2'), true, 'build metadata must not affect precedence');
assert.equal(versionMatches('1.2.3-beta.1', '^1.2.3'), false, 'caret lower bounds must honor prerelease precedence');
assert.equal(versionMatches('1.2.3-beta.1', '~1.2.3'), false, 'tilde lower bounds must honor prerelease precedence');
});
test('integrity IPC result writer validates request ids and result path containment', () => {
const source = readSkillFile('host-services/integrity-handler.ts');
assert.ok(source.includes('validateRequestId(requestId)'), 'writeResult must validate request ids before writing');
assert.ok(source.includes('resolveResultPath(requestId)'), 'writeResult must resolve result paths through a boundary helper');
assert.ok(source.includes('path.resolve(resultDir)'), 'result directory must be normalized before containment checks');
assert.ok(source.includes('path.relative(normalizedResultDir, resultPath)'), 'result path must be compared relative to the intended directory');
});
skills/clawsec-scanner/CHANGELOG.md
+11
View File
@@ -1,5 +1,16 @@
# Changelog
## [0.0.5] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.4] - 2026-06-07
### Security
- Replaced DAST target hook execution with static hook source inspection so scanner runs never import, transpile, or invoke untrusted handler code.
## [0.0.3] - 2026-05-13
### Changed
skills/clawsec-scanner/README.md
+11
View File
@@ -0,0 +1,11 @@
# Clawsec Scanner
Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific static hook inspection for OpenClaw hooks.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-scanner -a openclaw -y
```
skills/clawsec-scanner/SKILL.md
+22 -14
View File
@@ -1,7 +1,7 @@
---
name: clawsec-scanner
version: 0.0.3
description: Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
version: 0.0.5
description: Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific static hook inspection for OpenClaw hooks.
homepage: https://clawsec.prompt.security
clawdis:
emoji: "🔍"
@@ -16,10 +16,18 @@ Comprehensive security scanner for agent platforms that automates vulnerability
- **Dependency Scanning**: Analyzes npm and Python dependencies using `npm audit` and `pip-audit` with structured JSON output parsing
- **CVE Database Integration**: Queries OSV (primary), NVD 2.0, and GitHub Advisory Database for vulnerability enrichment
- **SAST Analysis**: Static code analysis using Semgrep (JavaScript/TypeScript) and Bandit (Python) to detect hardcoded secrets, command injection, path traversal, and unsafe deserialization
- **DAST Framework**: Agent-specific dynamic analysis with real OpenClaw hook execution harness (malicious input, timeout, output bounds, event mutation safety)
- **DAST Framework**: Agent-specific static analysis of OpenClaw hook metadata and handler source without importing or invoking target code
- **Unified Reporting**: Consolidated vulnerability reports with severity classification and remediation guidance
- **Continuous Monitoring**: OpenClaw hook integration for automated periodic scanning
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-scanner -a openclaw -y
```
## Features
### Multi-Engine Scanning
@@ -43,8 +51,8 @@ The scanner orchestrates four complementary scan types to provide comprehensive
- Identifies: hardcoded secrets (API keys, tokens), command injection (`eval`, `exec`), path traversal, unsafe deserialization
4. **Dynamic Analysis (DAST)**
- Real hook execution harness for OpenClaw hook handlers discovered from `HOOK.md` metadata
- Verifies: malicious input resilience, timeout behavior, output amplification bounds, and core event mutation safety
- Static hook inspection for OpenClaw hook handlers discovered from `HOOK.md` metadata
- Verifies coverage and source-level risk signals without importing, transpiling, or invoking target handlers
- Note: Traditional web DAST tools (ZAP, Burp) do not apply to agent platforms - this provides agent-specific testing
### Unified Reporting
@@ -248,8 +256,8 @@ scripts/runner.sh # Orchestration layer
├── scan_dependencies.mjs # npm audit + pip-audit
├── query_cve_databases.mjs # OSV/NVD/GitHub API queries
├── sast_analyzer.mjs # Semgrep + Bandit static analysis
├── dast_runner.mjs # Dynamic security testing orchestration
└── dast_hook_executor.mjs # Isolated real hook execution harness
├── dast_runner.mjs # Static hook inspection orchestration
└── dast_hook_executor.mjs # Static hook source inspection helper
lib/
├── report.mjs # Result aggregation and formatting
@@ -326,10 +334,10 @@ proc.on('close', code => {
- Requires Python 3.8+ runtime
- Alternative: use Docker image `returntocorp/semgrep`
**"TypeScript hook not executable in DAST harness"**
- The DAST harness executes real hook handlers and transpiles `handler.ts` files when a TypeScript compiler is available
- Install TypeScript in the scanner environment: `npm install -D typescript` (or provide `handler.js`/`handler.mjs`)
- Without a compiler, scanner reports an `info`-level coverage finding instead of a high-severity vulnerability
**"DAST static coverage finding"**
- The DAST harness does not execute target hook handlers.
- JavaScript and TypeScript hook files are read as source and reported with `info`-level static coverage findings.
- Review any listed static signals manually when deciding whether a hook needs deeper sandboxed testing.
**"Concurrent scan detected"**
- Lockfile exists: `/tmp/clawsec-scanner.lock`
@@ -371,7 +379,7 @@ done
node test/dependency_scanner.test.mjs # Dependency scanning
node test/cve_integration.test.mjs # CVE database APIs
node test/sast_engine.test.mjs # Static analysis
node test/dast_harness.test.mjs # DAST harness execution
node test/dast_harness.test.mjs # DAST static hook inspection
```
### Linting
@@ -456,11 +464,11 @@ npx clawhub@latest install clawsec-suite
## Roadmap
### v0.0.2 (Current)
### v0.0.4 (Current)
- [x] Dependency scanning (npm audit, pip-audit)
- [x] CVE database integration (OSV, NVD, GitHub Advisory)
- [x] SAST analysis (Semgrep, Bandit)
- [x] Real OpenClaw hook execution harness for DAST
- [x] Static OpenClaw hook inspection for DAST without target code execution
- [x] Unified JSON reporting
- [x] OpenClaw hook integration
skills/clawsec-scanner/hooks/clawsec-scanner-hook/handler.ts
+1 -1
View File
@@ -196,7 +196,7 @@ function buildAlertMessage(report: ScanReport, format: string): string {
}
const handler = async (event: HookEvent, _context: HookContext): Promise<void> => {
// DAST harness mode executes hook handlers directly; skip recursive scanner runs.
// Preserve the legacy DAST guard so older scanner harnesses cannot recurse.
if (process.env.CLAWSEC_DAST_HARNESS === "1" || _context?.dastMode === true) {
return;
}
skills/clawsec-scanner/scripts/dast_hook_executor.mjs
+37 -167
View File
@@ -2,8 +2,6 @@
import fs from "node:fs/promises";
import path from "node:path";
import { createRequire } from "node:module";
import { pathToFileURL } from "node:url";
function parseArgs(argv) {
const parsed = {
@@ -47,26 +45,9 @@ function parseArgs(argv) {
throw new Error("Missing required --handler");
}
if (!parsed.eventB64) {
throw new Error("Missing required --event");
}
if (!parsed.contextB64) {
throw new Error("Missing required --context");
}
return parsed;
}
function decodeBase64Json(value, label) {
try {
const decoded = Buffer.from(value, "base64").toString("utf8");
return JSON.parse(decoded);
} catch (error) {
throw new Error(`Failed to decode ${label}: ${error instanceof Error ? error.message : String(error)}`);
}
}
async function fileExists(filePath) {
try {
await fs.access(filePath);
@@ -76,69 +57,7 @@ async function fileExists(filePath) {
}
}
async function loadTypeScriptCompiler() {
if (process.env.CLAWSEC_DAST_DISABLE_TYPESCRIPT === "1") {
return null;
}
try {
const imported = await import("typescript");
return imported.default || imported;
} catch {
// Ignore and try require path next.
}
try {
const req = createRequire(import.meta.url);
return req("typescript");
} catch {
return null;
}
}
async function importTypeScriptModule(tsPath) {
const tsCompiler = await loadTypeScriptCompiler();
if (!tsCompiler || typeof tsCompiler.transpileModule !== "function") {
throw new Error(
`Cannot execute TypeScript hook (${tsPath}): typescript compiler not available. ` +
"Install 'typescript' or provide a JavaScript handler file.",
);
}
const source = await fs.readFile(tsPath, "utf8");
const transpiled = tsCompiler.transpileModule(source, {
compilerOptions: {
module: tsCompiler.ModuleKind.ESNext,
target: tsCompiler.ScriptTarget.ES2022,
moduleResolution: tsCompiler.ModuleResolutionKind.NodeNext,
esModuleInterop: true,
sourceMap: false,
inlineSourceMap: false,
declaration: false,
},
fileName: tsPath,
reportDiagnostics: false,
});
const tempFile = path.join(
path.dirname(tsPath),
`.clawsec-dast-${path.basename(tsPath, ".ts")}-${process.pid}-${Date.now()}.mjs`,
);
await fs.writeFile(tempFile, transpiled.outputText, "utf8");
try {
return await import(`${pathToFileURL(tempFile).href}?ts=${Date.now()}`);
} finally {
try {
await fs.unlink(tempFile);
} catch {
// best-effort cleanup
}
}
}
async function loadHookModule(handlerPath) {
async function readHookSource(handlerPath) {
const fullPath = path.resolve(handlerPath);
const exists = await fileExists(fullPath);
if (!exists) {
@@ -146,120 +65,71 @@ async function loadHookModule(handlerPath) {
}
const ext = path.extname(fullPath).toLowerCase();
if (ext === ".ts") {
return importTypeScriptModule(fullPath);
const allowedExtensions = new Set([".cjs", ".js", ".mjs", ".ts"]);
if (!allowedExtensions.has(ext)) {
throw new Error(`Unsupported hook handler extension: ${ext || "(none)"}`);
}
return import(`${pathToFileURL(fullPath).href}?v=${Date.now()}`);
const source = await fs.readFile(fullPath, "utf8");
return { fullPath, ext, source };
}
function resolveHandlerExport(mod, exportName) {
function detectHandlerExport(source, exportName) {
if (exportName && exportName !== "default") {
if (typeof mod?.[exportName] === "function") {
return mod[exportName];
}
throw new Error(`Hook export '${exportName}' is not a function`);
const escaped = exportName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
return new RegExp(`export\\s+(?:async\\s+)?function\\s+${escaped}\\b|export\\s*\\{[^}]*\\b${escaped}\\b`, "m").test(source);
}
if (typeof mod?.default === "function") {
return mod.default;
}
if (typeof mod?.handler === "function") {
return mod.handler;
}
throw new Error("Hook module does not export a handler function");
return (
/\bexport\s+default\b/m.test(source) ||
/\bexport\s+(?:async\s+)?function\s+handler\b/m.test(source) ||
/\bmodule\.exports\s*=|\bexports\.handler\s*=/m.test(source)
);
}
function normalizeTimestamp(event) {
const timestamp = event?.timestamp;
if (typeof timestamp === "string" || typeof timestamp === "number") {
const parsed = new Date(timestamp);
if (!Number.isNaN(parsed.getTime())) {
event.timestamp = parsed;
function collectRiskSignals(source) {
const rules = [
["child_process", /\bchild_process\b|\bfrom\s+["']node:child_process["']|\brequire\(["']child_process["']\)/m],
["dynamic-import", /\bimport\s*\(/m],
["eval", /\beval\s*\(|\bnew\s+Function\s*\(/m],
["shell-command", /\b(?:exec|spawn|execFile|fork)\s*\(/m],
["environment-access", /\bprocess\.env\b/m],
];
const signals = [];
for (const [name, pattern] of rules) {
if (pattern.test(source)) {
signals.push(name);
}
}
}
function summarizeMessages(messages) {
if (!Array.isArray(messages)) {
return {
count: 0,
charCount: 0,
};
}
let charCount = 0;
for (const message of messages) {
if (typeof message === "string") {
charCount += message.length;
continue;
}
try {
charCount += JSON.stringify(message).length;
} catch {
charCount += 0;
}
}
return {
count: messages.length,
charCount,
};
}
function coreEventShape(event) {
return {
type: event?.type ?? null,
action: event?.action ?? null,
sessionKey: event?.sessionKey ?? null,
};
return signals;
}
async function main() {
const args = parseArgs(process.argv.slice(2));
const event = decodeBase64Json(args.eventB64, "event payload");
const context = decodeBase64Json(args.contextB64, "context payload");
normalizeTimestamp(event);
const startedAt = Date.now();
const before = coreEventShape(event);
try {
const mod = await loadHookModule(args.handler);
const handler = resolveHandlerExport(mod, args.exportName);
await handler(event, context);
const after = coreEventShape(event);
const messageSummary = summarizeMessages(event?.messages);
const inspected = await readHookSource(args.handler);
const payload = {
ok: true,
static_only: true,
duration_ms: Date.now() - startedAt,
core_before: before,
core_after: after,
messages_count: messageSummary.count,
messages_char_count: messageSummary.charCount,
handler_path: inspected.fullPath,
handler_extension: inspected.ext,
source_bytes: Buffer.byteLength(inspected.source, "utf8"),
source_lines: inspected.source.split(/\r?\n/).length,
handler_export_declared: detectHandlerExport(inspected.source, args.exportName),
risk_signals: collectRiskSignals(inspected.source),
};
process.stdout.write(JSON.stringify(payload));
} catch (error) {
const after = coreEventShape(event);
const messageSummary = summarizeMessages(event?.messages);
const payload = {
ok: false,
static_only: true,
duration_ms: Date.now() - startedAt,
core_before: before,
core_after: after,
messages_count: messageSummary.count,
messages_char_count: messageSummary.charCount,
error: error instanceof Error ? error.message : String(error),
};
skills/clawsec-scanner/scripts/dast_runner.mjs
+53 -229
View File
@@ -24,8 +24,6 @@ import { getTimestamp } from "../lib/utils.mjs";
*/
const DEFAULT_TIMEOUT_MS = 30000;
const MAX_OUTPUT_MESSAGES = 25;
const MAX_OUTPUT_CHARS = 20000;
const SKIP_DIR_NAMES = new Set([
".git",
".github",
@@ -38,17 +36,6 @@ const SKIP_DIR_NAMES = new Set([
".openclaw",
]);
const MALICIOUS_PAYLOADS = [
"<script>alert('XSS')</script>",
"'; DROP TABLE users; --",
"; rm -rf /",
"$(whoami)",
"..\\..\\..\\windows\\system32\\config\\sam",
"../../../etc/passwd",
"test\0malicious",
"A".repeat(200000),
];
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const HOOK_EXECUTOR_PATH = path.join(__dirname, "dast_hook_executor.mjs");
@@ -320,43 +307,6 @@ export async function discoverHooks(targetPath) {
return hooks;
}
/**
* @param {string} eventKey
* @returns {{type: string, action: string}}
*/
function splitEventKey(eventKey) {
const parts = String(eventKey ?? "").split(":");
const type = parts.shift() || "command";
const action = parts.join(":") || "new";
return { type, action };
}
/**
* @param {string} eventKey
* @param {string} payload
* @param {string} targetPath
* @returns {Record<string, unknown>}
*/
export function buildEvent(eventKey, payload, targetPath) {
const { type, action } = splitEventKey(eventKey);
return {
type,
action,
sessionKey: "clawsec-dast-session",
timestamp: new Date().toISOString(),
messages: [],
context: {
content: payload,
transcript: payload,
workspaceDir: path.resolve(targetPath),
channelId: "dast-harness",
commandSource: "dast",
bootstrapFiles: [],
},
};
}
/**
* @typedef {Object} HarnessInvocationResult
* @property {boolean} timedOut
@@ -368,33 +318,24 @@ export function buildEvent(eventKey, payload, targetPath) {
/**
* @param {HookDescriptor} hook
* @param {Record<string, unknown>} event
* @param {Record<string, unknown>} context
* @param {number} timeoutMs
* @returns {Promise<HarnessInvocationResult>}
*/
async function invokeHookHarness(hook, event, context, timeoutMs) {
const encodedEvent = Buffer.from(JSON.stringify(event), "utf8").toString("base64");
const encodedContext = Buffer.from(JSON.stringify(context), "utf8").toString("base64");
async function inspectHookHandler(hook, timeoutMs) {
const args = [
HOOK_EXECUTOR_PATH,
"--handler",
hook.handlerPath,
"--export",
hook.exportName || "default",
"--event",
encodedEvent,
"--context",
encodedContext,
];
return new Promise((resolve) => {
const proc = spawn("node", args, {
stdio: ["ignore", "pipe", "pipe"],
env: {
...process.env,
CLAWSEC_DAST_HARNESS: "1",
PATH: process.env.PATH || "",
CLAWSEC_DAST_STATIC_INSPECTION: "1",
},
});
@@ -462,31 +403,33 @@ function isObject(value) {
/**
* @param {unknown} parsed
* @returns {{ok: boolean, error: string, messagesCount: number, messagesCharCount: number, coreAfter: Record<string, unknown>}}
* @returns {{ok: boolean, error: string, staticOnly: boolean, riskSignals: string[], handlerExportDeclared: boolean}}
*/
function normalizeHarnessPayload(parsed) {
function normalizeStaticPayload(parsed) {
if (!isObject(parsed)) {
return {
ok: false,
error: "Harness output is not an object",
messagesCount: 0,
messagesCharCount: 0,
coreAfter: {},
staticOnly: false,
riskSignals: [],
handlerExportDeclared: false,
};
}
const ok = parsed.ok === true;
const error = typeof parsed.error === "string" ? parsed.error : "";
const messagesCount = Number(parsed.messages_count ?? 0) || 0;
const messagesCharCount = Number(parsed.messages_char_count ?? 0) || 0;
const coreAfter = isObject(parsed.core_after) ? parsed.core_after : {};
const staticOnly = parsed.static_only === true;
const riskSignals = Array.isArray(parsed.risk_signals)
? parsed.risk_signals.filter((signal) => typeof signal === "string")
: [];
const handlerExportDeclared = parsed.handler_export_declared === true;
return {
ok,
error,
messagesCount,
messagesCharCount,
coreAfter,
staticOnly,
riskSignals,
handlerExportDeclared,
};
}
@@ -502,19 +445,6 @@ function slug(input) {
.slice(0, 60);
}
/**
* @param {string} reason
* @returns {boolean}
*/
function isHarnessCapabilityError(reason) {
const normalized = String(reason ?? "").toLowerCase();
return (
normalized.includes("typescript compiler not available")
|| normalized.includes("does not export a handler function")
|| normalized.includes("is not a function")
);
}
/**
* @param {Vulnerability[]} bucket
* @param {string} id
@@ -541,178 +471,74 @@ function pushHookVulnerability(bucket, id, severity, hook, eventKey, title, desc
/**
* @param {HookDescriptor} hook
* @param {string} targetPath
* @param {string} _targetPath
* @param {number} timeoutMs
* @returns {Promise<Vulnerability[]>}
*/
async function evaluateHook(hook, targetPath, timeoutMs) {
async function evaluateHook(hook, _targetPath, timeoutMs) {
const findings = [];
const invocationTimeoutMs = Math.max(1000, timeoutMs);
// Static inspection depends only on the handler source/export, so reuse it for all hook events.
const inspection = await inspectHookHandler(hook, invocationTimeoutMs);
for (const eventKey of hook.events) {
const safeEvent = buildEvent(eventKey, "safe baseline input", targetPath);
const safeContext = {
skillPath: hook.hookDir,
agentPlatform: "openclaw",
dastMode: true,
targetPath: path.resolve(targetPath),
event: eventKey,
};
const safeResult = await invokeHookHarness(hook, safeEvent, safeContext, invocationTimeoutMs);
if (safeResult.timedOut) {
if (inspection.timedOut) {
pushHookVulnerability(
findings,
`DAST-TIMEOUT-${slug(`${hook.name}-${eventKey}`)}`,
"high",
hook,
eventKey,
"Hook times out under baseline input",
`Hook execution exceeded ${invocationTimeoutMs}ms for event '${eventKey}' under safe baseline input.`,
);
continue;
}
if (safeResult.parseError) {
pushHookVulnerability(
findings,
`DAST-HARNESS-${slug(`${hook.name}-${eventKey}`)}`,
`DAST-STATIC-TIMEOUT-${slug(`${hook.name}-${eventKey}`)}`,
"medium",
hook,
eventKey,
"Hook harness output invalid",
`Could not parse harness output for event '${eventKey}': ${safeResult.parseError}. stderr: ${safeResult.stderr || "(empty)"}`,
"Hook static inspection timed out",
`Static hook inspection exceeded ${invocationTimeoutMs}ms for event '${eventKey}'. Target code was not executed.`,
);
continue;
}
const normalizedSafe = normalizeHarnessPayload(safeResult.parsed);
if (!normalizedSafe.ok) {
const reason = normalizedSafe.error || safeResult.stderr || "unknown error";
if (isHarnessCapabilityError(reason)) {
pushHookVulnerability(
findings,
`DAST-COVERAGE-${slug(`${hook.name}-${eventKey}`)}`,
"info",
hook,
eventKey,
"Hook not executable in local DAST harness",
`DAST harness could not execute hook for event '${eventKey}' due to runtime capability limits: ${reason}`,
);
} else {
pushHookVulnerability(
findings,
`DAST-CRASH-${slug(`${hook.name}-${eventKey}`)}`,
"high",
hook,
eventKey,
"Hook throws on baseline input",
`Hook execution failed for event '${eventKey}' under safe baseline input: ${reason}`,
);
}
continue;
}
const mutationObserved =
normalizedSafe.coreAfter.type !== safeEvent.type ||
normalizedSafe.coreAfter.action !== safeEvent.action ||
normalizedSafe.coreAfter.sessionKey !== safeEvent.sessionKey;
if (mutationObserved) {
if (inspection.parseError) {
pushHookVulnerability(
findings,
`DAST-MUTATION-${slug(`${hook.name}-${eventKey}`)}`,
"low",
hook,
eventKey,
"Hook mutates core event identity fields",
`Hook changed one or more of type/action/sessionKey for event '${eventKey}'. This can cause routing side effects in OpenClaw hooks.`,
);
}
if (
normalizedSafe.messagesCount > MAX_OUTPUT_MESSAGES ||
normalizedSafe.messagesCharCount > MAX_OUTPUT_CHARS
) {
pushHookVulnerability(
findings,
`DAST-OUTPUT-${slug(`${hook.name}-${eventKey}`)}`,
`DAST-STATIC-HARNESS-${slug(`${hook.name}-${eventKey}`)}`,
"medium",
hook,
eventKey,
"Hook output exceeds safe bounds",
`Hook generated ${normalizedSafe.messagesCount} messages and ${normalizedSafe.messagesCharCount} chars for baseline input. Limits: ${MAX_OUTPUT_MESSAGES} messages / ${MAX_OUTPUT_CHARS} chars.`,
"Hook static inspection output invalid",
`Could not parse static inspection output for event '${eventKey}': ${inspection.parseError}. stderr: ${inspection.stderr || "(empty)"}`,
);
continue;
}
const maliciousFailures = [];
const maliciousTimeouts = [];
for (const payload of MALICIOUS_PAYLOADS) {
const event = buildEvent(eventKey, payload, targetPath);
const context = {
...safeContext,
payloadLength: payload.length,
};
const result = await invokeHookHarness(hook, event, context, invocationTimeoutMs);
if (result.timedOut) {
maliciousTimeouts.push(`len=${payload.length}`);
continue;
}
if (result.parseError) {
maliciousFailures.push(`parse-error(${result.parseError})`);
continue;
}
const normalized = normalizeHarnessPayload(result.parsed);
if (!normalized.ok) {
maliciousFailures.push(normalized.error || "execution-error");
}
if (
normalized.messagesCount > MAX_OUTPUT_MESSAGES ||
normalized.messagesCharCount > MAX_OUTPUT_CHARS
) {
pushHookVulnerability(
findings,
`DAST-OUTPUT-${slug(`${hook.name}-${eventKey}`)}-${payload.length}`,
"medium",
hook,
eventKey,
"Hook output amplification under malicious input",
`Hook generated ${normalized.messagesCount} messages and ${normalized.messagesCharCount} chars for payload length ${payload.length}.`,
);
}
}
if (maliciousTimeouts.length > 0) {
const normalized = normalizeStaticPayload(inspection.parsed);
if (!normalized.ok || !normalized.staticOnly) {
const reason = normalized.error || inspection.stderr || "unknown static inspection error";
pushHookVulnerability(
findings,
`DAST-MALICIOUS-TIMEOUT-${slug(`${hook.name}-${eventKey}`)}`,
"high",
`DAST-STATIC-COVERAGE-${slug(`${hook.name}-${eventKey}`)}`,
"info",
hook,
eventKey,
"Hook times out on malicious input",
`Hook exceeded ${invocationTimeoutMs}ms for malicious payloads (${maliciousTimeouts.slice(0, 3).join(", ")}${maliciousTimeouts.length > 3 ? `, +${maliciousTimeouts.length - 3} more` : ""}).`,
"Hook not executed during DAST static inspection",
`DAST did not execute hook code for event '${eventKey}'. Static inspection failed with: ${reason}`,
);
continue;
}
if (maliciousFailures.length > 0) {
pushHookVulnerability(
findings,
`DAST-MALICIOUS-CRASH-${slug(`${hook.name}-${eventKey}`)}`,
"high",
hook,
eventKey,
"Hook crashes on malicious input",
`Hook raised unhandled errors for malicious payloads. Sample errors: ${maliciousFailures.slice(0, 3).join(" | ")}${maliciousFailures.length > 3 ? ` (+${maliciousFailures.length - 3} more)` : ""}`,
);
}
const signalSuffix = normalized.riskSignals.length > 0
? ` Static signals observed: ${normalized.riskSignals.join(", ")}.`
: "";
const exportSuffix = normalized.handlerExportDeclared
? ""
: " The configured handler export was not obvious from static source inspection.";
pushHookVulnerability(
findings,
`DAST-STATIC-COVERAGE-${slug(`${hook.name}-${eventKey}`)}`,
"info",
hook,
eventKey,
"Hook inspected statically without executing target code",
`DAST inspected the hook source for event '${eventKey}' without importing, transpiling, or invoking the handler.${signalSuffix}${exportSuffix}`,
);
}
return findings;
@@ -778,8 +604,6 @@ async function main() {
}
}
export { MALICIOUS_PAYLOADS };
if (import.meta.url === `file://${process.argv[1]}`) {
main();
}
skills/clawsec-scanner/skill.json
+4 -4
View File
@@ -1,7 +1,7 @@
{
"name": "clawsec-scanner",
"version": "0.0.3",
"description": "Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.",
"version": "0.0.5",
"description": "Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific static hook inspection for OpenClaw hooks.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
@@ -57,12 +57,12 @@
{
"path": "scripts/dast_runner.mjs",
"required": true,
"description": "Dynamic analysis harness executing OpenClaw hook handlers with malicious-input and timeout checks"
"description": "Static OpenClaw hook inspection harness that does not execute target handlers"
},
{
"path": "scripts/dast_hook_executor.mjs",
"required": true,
"description": "Isolated hook execution helper used by DAST for real OpenClaw harness testing"
"description": "Static hook source inspection helper used by DAST without importing target handlers"
},
{
"path": "scripts/setup_scanner_hook.mjs",
skills/clawsec-scanner/test/dast_harness.test.mjs
+104 -21
View File
@@ -89,8 +89,13 @@ metadata: { "openclaw": { "events": [${eventsLiteral}] } }
await fs.writeFile(path.join(hookDir, handlerFile), handlerSource, "utf8");
}
async function testSafeHookExecutesAndDoesNotReportMisleadingHigh() {
const testName = "DAST harness: executes real hook and reports no misleading high findings";
async function writeExecutable(filePath, content) {
await fs.writeFile(filePath, content, "utf8");
await fs.chmod(filePath, 0o755);
}
async function testSafeHookIsInspectedWithoutExecution() {
const testName = "DAST harness: inspects hooks without executing target code";
const tmp = await createTempDir();
try {
@@ -125,19 +130,20 @@ export default handler;
.then(() => true)
.catch(() => false);
const cleanSummary =
const noHighSummary =
result.report?.summary?.critical === 0
&& result.report?.summary?.high === 0
&& result.report?.summary?.medium === 0
&& result.report?.summary?.low === 0
&& result.report?.summary?.info === 0;
&& result.report?.summary?.low === 0;
const hasStaticCoverageInfo = Array.isArray(result.report?.vulnerabilities)
&& result.report.vulnerabilities.some((v) => String(v.id || "").includes("DAST-STATIC-COVERAGE"));
if (result.code === 0 && markerExists && cleanSummary) {
if (result.code === 0 && !markerExists && noHighSummary && hasStaticCoverageInfo) {
pass(testName);
} else {
fail(
testName,
`Expected exit=0, markerExists=true, clean summary. Got exit=${result.code}, markerExists=${markerExists}, summary=${JSON.stringify(result.report?.summary)} stderr=${result.stderr}`,
`Expected exit=0, markerExists=false, static coverage info, and no high findings. Got exit=${result.code}, markerExists=${markerExists}, summary=${JSON.stringify(result.report?.summary)} findings=${JSON.stringify(result.report?.vulnerabilities || [])} stderr=${result.stderr}`,
);
}
} catch (error) {
@@ -147,18 +153,24 @@ export default handler;
}
}
async function testMaliciousCrashProducesHighFinding() {
const testName = "DAST harness: malicious input crash is reported as high";
async function testMaliciousHandlerIsNotExecutedForPayloadChecks() {
const testName = "DAST harness: malicious payload checks do not execute hook code";
const tmp = await createTempDir();
try {
const targetPath = path.join(tmp.path, "skill");
const hookDir = path.join(targetPath, "hooks", "crashy-hook");
const markerFile = path.join(hookDir, "executed.marker");
await writeHookFixture(
hookDir,
'"message:preprocessed"',
`const handler = async (event) => {
`import fs from "node:fs";
import path from "node:path";
fs.writeFileSync(path.join(path.dirname(new URL(import.meta.url).pathname), "executed.marker"), "top-level");
const handler = async (event) => {
const payload = String(event?.context?.content || "");
if (payload.includes("<script>")) {
throw new Error("Unhandled payload path");
@@ -170,16 +182,21 @@ export default handler;
);
const result = await runDast(targetPath, 2500);
const hasHigh = Number(result.report?.summary?.high || 0) > 0;
const hasCrashFinding = Array.isArray(result.report?.vulnerabilities)
&& result.report.vulnerabilities.some((v) => String(v.id || "").includes("DAST-MALICIOUS-CRASH"));
const markerExists = await fs
.access(markerFile)
.then(() => true)
.catch(() => false);
const noHigh = Number(result.report?.summary?.high || 0) === 0
&& Number(result.report?.summary?.critical || 0) === 0;
const hasStaticCoverageInfo = Array.isArray(result.report?.vulnerabilities)
&& result.report.vulnerabilities.some((v) => String(v.id || "").includes("DAST-STATIC-COVERAGE"));
if (result.code === 1 && hasHigh && hasCrashFinding) {
if (result.code === 0 && !markerExists && noHigh && hasStaticCoverageInfo) {
pass(testName);
} else {
fail(
testName,
`Expected exit=1 and malicious crash high finding. Got exit=${result.code}, summary=${JSON.stringify(result.report?.summary)}, findings=${JSON.stringify(result.report?.vulnerabilities || [])}`,
`Expected static inspection without marker/high findings. Got exit=${result.code}, markerExists=${markerExists}, summary=${JSON.stringify(result.report?.summary)}, findings=${JSON.stringify(result.report?.vulnerabilities || [])}`,
);
}
} catch (error) {
@@ -189,8 +206,8 @@ export default handler;
}
}
async function testMissingTypeScriptCompilerIsCoverageInfo() {
const testName = "DAST harness: missing TypeScript compiler reports coverage info, not high";
async function testTypeScriptHookIsStaticallyInspectedWithoutCompiler() {
const testName = "DAST harness: TypeScript hooks are statically inspected without compiler execution";
const tmp = await createTempDir();
try {
@@ -220,7 +237,7 @@ export default handler;
const noHigh = Number(result.report?.summary?.high || 0) === 0
&& Number(result.report?.summary?.critical || 0) === 0;
const hasCoverageInfo = Array.isArray(result.report?.vulnerabilities)
&& result.report.vulnerabilities.some((v) => String(v.id || "").includes("DAST-COVERAGE"));
&& result.report.vulnerabilities.some((v) => String(v.id || "").includes("DAST-STATIC-COVERAGE"));
const hasInfoCount = Number(result.report?.summary?.info || 0) > 0;
if (result.code === 0 && noHigh && hasCoverageInfo && hasInfoCount) {
@@ -238,10 +255,76 @@ export default handler;
}
}
async function testStaticInspectionRunsOncePerHook() {
const testName = "DAST harness: static inspection runs once per hook across events";
const tmp = await createTempDir();
try {
const targetPath = path.join(tmp.path, "skill");
const hookDir = path.join(targetPath, "hooks", "multi-event-hook");
const binDir = path.join(tmp.path, "bin");
const nodeLogPath = path.join(tmp.path, "node-invocations.log");
await writeHookFixture(
hookDir,
'"agent:bootstrap", "command:new", "message:preprocessed"',
`export default async function handler() {
return;
}
`,
);
await fs.mkdir(binDir, { recursive: true });
await writeExecutable(
path.join(binDir, "node"),
`#!${process.execPath}
import fs from "node:fs";
import { spawnSync } from "node:child_process";
fs.appendFileSync(${JSON.stringify(nodeLogPath)}, JSON.stringify(process.argv.slice(2)) + "\\n");
const result = spawnSync(${JSON.stringify(process.execPath)}, process.argv.slice(2), {
env: process.env,
stdio: ["ignore", "inherit", "inherit"],
});
process.exit(result.status ?? 1);
`,
);
const result = await runDast(targetPath, 2500, {
PATH: `${binDir}:${process.env.PATH}`,
});
const log = await fs.readFile(nodeLogPath, "utf8");
const invocations = log
.trim()
.split("\n")
.filter(Boolean)
.map((line) => JSON.parse(line));
const executorCount = invocations.filter((args) => String(args[0] || "").endsWith("dast_hook_executor.mjs")).length;
const staticCoverageCount = Array.isArray(result.report?.vulnerabilities)
? result.report.vulnerabilities.filter((v) => String(v.id || "").includes("DAST-STATIC-COVERAGE")).length
: 0;
if (result.code === 0 && executorCount === 1 && staticCoverageCount === 3) {
pass(testName);
} else {
fail(
testName,
`Expected one executor spawn and three per-event findings. Got exit=${result.code}, executorCount=${executorCount}, staticCoverageCount=${staticCoverageCount}, invocations=${JSON.stringify(invocations)}`,
);
}
} catch (error) {
fail(testName, error);
} finally {
await tmp.cleanup();
}
}
async function main() {
await testSafeHookExecutesAndDoesNotReportMisleadingHigh();
await testMaliciousCrashProducesHighFinding();
await testMissingTypeScriptCompilerIsCoverageInfo();
await testSafeHookIsInspectedWithoutExecution();
await testMaliciousHandlerIsNotExecutedForPayloadChecks();
await testTypeScriptHookIsStaticallyInspectedWithoutCompiler();
await testStaticInspectionRunsOncePerHook();
report();
exitWithResults();
skills/clawsec-suite/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.1.10] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
All notable changes to the ClawSec Suite will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
skills/clawsec-suite/README.md
+11
View File
@@ -0,0 +1,11 @@
# Clawsec Suite
ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-suite -a openclaw -y
```
skills/clawsec-suite/SKILL.md
+9 -1
View File
@@ -1,6 +1,6 @@
---
name: clawsec-suite
version: 0.1.9
version: 0.1.10
description: ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.
homepage: https://clawsec.prompt.security
clawdis:
@@ -11,6 +11,14 @@ clawdis:
# ClawSec Suite
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawsec-suite -a openclaw -y
```
## Operational Notes
- Required runtime: `node`, `npx`, `openclaw`, `curl`, `jq`, `shasum`, `openssl`, `unzip`
skills/clawsec-suite/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "clawsec-suite",
"version": "0.1.9",
"version": "0.1.10",
"description": "ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/clawtributor/CHANGELOG.md
+10
View File
@@ -1,5 +1,15 @@
# Changelog
## [0.0.7] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
- Marked Clawtributor as a harness-neutral global skill for OpenClaw, NanoClaw, Hermes, and Picoclaw installer grouping.
- Removed OpenClaw CLI as a declared runtime requirement because reporting is manual, approval-gated, and not tied to an OpenClaw command path.
- Documented Vercel skills installer usage alongside the OpenClaw/ClawHub install path.
- Moved local report/state guidance to `~/.clawsec/clawtributor/`.
## [0.0.6] - 2026-05-14
### Security
skills/clawtributor/README.md
+22
View File
@@ -2,6 +2,20 @@
Community incident reporting for AI agents.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawtributor -a openclaw -y
```
Codex install is also supported:
```bash
npx skills add prompt-security/clawsec --skill clawtributor -a codex -y
```
## Operational Notes
- Reporting is opt-in for every submission
@@ -17,6 +31,14 @@ Community incident reporting for AI agents.
## Quick Install
Vercel skills installer:
```bash
npx skills add prompt-security/clawsec --skill clawtributor -a codex -y
```
OpenClaw/ClawHub:
```bash
npx clawhub@latest install clawtributor
```
skills/clawtributor/SKILL.md
+38 -12
View File
@@ -1,23 +1,44 @@
---
name: clawtributor
version: 0.0.6
description: Community incident reporting for AI agents. Contribute to collective security by reporting threats.
version: 0.0.7
description: Harness-neutral community incident reporting for AI agents. Contribute to collective security by reporting threats.
homepage: https://clawsec.prompt.security
metadata: {"openclaw":{"emoji":"🤝","category":"security"}}
platforms:
- openclaw
- nanoclaw
- hermes
- picoclaw
metadata:
global: true
openclaw:
emoji: "🤝"
category: "security"
clawdis:
emoji: "🤝"
requires:
bins: [openclaw]
---
# Clawtributor 🤝
Community incident reporting for AI agents. Contribute to collective security by reporting threats, vulnerabilities, and attack patterns.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill clawtributor -a openclaw -y
```
Codex install is also supported:
```bash
npx skills add prompt-security/clawsec --skill clawtributor -a codex -y
```
## Operational Notes
- Recommended install path: ClawHub registry (`npx clawhub@latest install clawtributor`)
- Side effects: creates local report/state files under `~/.openclaw/`
- Recommended install path: harness-native skills installer; use ClawHub for OpenClaw/ClawHub environments (`npx clawhub@latest install clawtributor`)
- Side effects: creates local report/state files under `~/.clawsec/clawtributor/`
- Network behavior: none unless the user explicitly approves manual submission
- Trust model: reporting is opt-in for every submission; sanitize evidence before it leaves the host
@@ -27,7 +48,13 @@ Community incident reporting for AI agents. Contribute to collective security by
## Installation
Install from the registry:
Install with your harness-native skills installer. For the Vercel skills installer:
```bash
npx skills add prompt-security/clawsec --skill clawtributor -a codex -y
```
For OpenClaw/ClawHub environments, install from the registry:
```bash
npx clawhub@latest install clawtributor
@@ -44,7 +71,6 @@ I will keep reports local unless you explicitly approve submission.
---
## Release Artifact Verification
For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key.
@@ -53,7 +79,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="clawtributor"
VERSION="0.0.6"
VERSION="0.0.7"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -233,7 +259,7 @@ See [reporting.md](./reporting.md) for the full report format and submission gui
### Step 1: Prepare report locally
- Save the report JSON under `~/.openclaw/clawtributor-reports/`
- Save the report JSON under `~/.clawsec/clawtributor/reports/`
- Keep file permissions private (`chmod 600`)
- Confirm the report is sanitized before sharing
@@ -284,7 +310,7 @@ DO NOT include:
## State Tracking
Track submitted reports in `~/.openclaw/clawtributor-state.json`.
Track submitted reports in `~/.clawsec/clawtributor/state.json`.
Example:
skills/clawtributor/skill.json
+10 -7
View File
@@ -1,16 +1,24 @@
{
"name": "clawtributor",
"version": "0.0.6",
"description": "Community incident reporting for AI agents. Contribute to collective security by reporting threats.",
"version": "0.0.7",
"description": "Harness-neutral community incident reporting for AI agents. Contribute to collective security by reporting threats.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security",
"platforms": [
"openclaw",
"nanoclaw",
"hermes",
"picoclaw"
],
"keywords": [
"security",
"reporting",
"community",
"agents",
"ai",
"global",
"harness-neutral",
"vulnerability",
"contribution"
],
@@ -36,11 +44,6 @@
"openclaw": {
"emoji": "🤝",
"category": "security",
"requires": {
"bins": [
"openclaw"
]
},
"execution": {
"always": false,
"persistence": "Stores local report/state files only; no recurring automation is created by default.",
skills/hermes-attestation-guardian/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.1.4] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.1.3] - 2026-05-24
### Changed
skills/hermes-attestation-guardian/README.md
+8
View File
@@ -4,6 +4,14 @@ Hermes-only attestation, advisory verification, and guarded verification workflo
Status: implemented (v0.1.0), Hermes-only.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill hermes-attestation-guardian -a hermes-agent -y
```
## Capabilities
This skill now covers the full Hermes-side capability set expected from the clawsec-suite parity workstream:
skills/hermes-attestation-guardian/SKILL.md
+9 -2
View File
@@ -1,6 +1,6 @@
---
name: hermes-attestation-guardian
version: 0.1.3
version: 0.1.4
description: Hermes-only runtime security attestation and drift detection skill for operator-managed Hermes infrastructure.
homepage: https://clawsec.prompt.security
hermes:
@@ -15,6 +15,13 @@ IMPORTANT SCOPE:
- This skill targets Hermes infrastructure only (CLI/Gateway/profile-managed deployments).
- This skill is not an OpenClaw runtime hook package.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill hermes-attestation-guardian -a hermes-agent -y
```
## Release Artifact Verification
@@ -24,7 +31,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="hermes-attestation-guardian"
VERSION="0.1.3"
VERSION="0.1.4"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
skills/hermes-attestation-guardian/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "hermes-attestation-guardian",
"version": "0.1.3",
"version": "0.1.4",
"description": "Hermes-only runtime security attestation and drift detection skill. Generates deterministic posture artifacts, verifies integrity fail-closed, and classifies baseline drift severity.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/hermes-traffic-guardian/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.0.1-beta3] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.1-beta2] - 2026-05-13
### Security
skills/hermes-traffic-guardian/README.md
+8 -1
View File
@@ -4,6 +4,14 @@ Baseline skill for Hermes runtime traffic monitoring.
This package is intentionally a spec scaffold. Builders should add the Hermes-specific monitor implementation here while preserving the safety contract in `SKILL.md` and `SPEC.md`.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill hermes-traffic-guardian -a hermes-agent -y
```
## Intended Capability
- detect outbound secret exfiltration in Hermes HTTP/HTTPS traffic
@@ -15,4 +23,3 @@ This package is intentionally a spec scaffold. Builders should add the Hermes-sp
## Builder Notes
Keep runtime ownership in this skill. `hermes-attestation-guardian` should only attest this skill's state, config, and output fingerprints.
skills/hermes-traffic-guardian/SKILL.md
+9 -3
View File
@@ -1,6 +1,6 @@
---
name: hermes-traffic-guardian
version: 0.0.1-beta2
version: 0.0.1-beta3
description: Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.
homepage: https://clawsec.prompt.security
author: prompt-security
@@ -15,6 +15,13 @@ hermes:
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill hermes-traffic-guardian -a hermes-agent -y
```
## Release Artifact Verification
@@ -24,7 +31,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="hermes-traffic-guardian"
VERSION="0.0.1-beta2"
VERSION="0.0.1-beta3"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -145,4 +152,3 @@ Read `SPEC.md` before implementing. Use the placeholder folders as follows:
- default blocking
- sending traffic to external services
- collecting full request/response bodies
skills/hermes-traffic-guardian/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "hermes-traffic-guardian",
"version": "0.0.1-beta2",
"version": "0.0.1-beta3",
"description": "Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/nanoclaw-traffic-guardian/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.0.1-beta3] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.1-beta2] - 2026-05-13
### Security
skills/nanoclaw-traffic-guardian/README.md
+8 -1
View File
@@ -4,6 +4,14 @@ Baseline skill for NanoClaw runtime traffic monitoring.
This package is intentionally a spec scaffold. Builders should add the NanoClaw-specific host-service, IPC, and MCP implementation here while preserving the safety contract in `SKILL.md` and `SPEC.md`.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill nanoclaw-traffic-guardian -a openclaw -y
```
## Intended Capability
- detect outbound secret exfiltration in NanoClaw host-managed traffic
@@ -15,4 +23,3 @@ This package is intentionally a spec scaffold. Builders should add the NanoClaw-
## Builder Notes
Follow the existing `clawsec-nanoclaw` pattern: host services own privileged operations, while MCP tools expose bounded requests and redacted responses.
skills/nanoclaw-traffic-guardian/SKILL.md
+9 -3
View File
@@ -1,6 +1,6 @@
---
name: nanoclaw-traffic-guardian
version: 0.0.1-beta2
version: 0.0.1-beta3
description: NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.
homepage: https://clawsec.prompt.security
author: prompt-security
@@ -14,6 +14,13 @@ nanoclaw:
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill nanoclaw-traffic-guardian -a openclaw -y
```
## Release Artifact Verification
@@ -23,7 +30,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="nanoclaw-traffic-guardian"
VERSION="0.0.1-beta2"
VERSION="0.0.1-beta3"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -146,4 +153,3 @@ Read `SPEC.md` before implementing. Use the placeholder folders as follows:
- default blocking
- sending traffic to external services
- exposing raw request/response bodies to the container
skills/nanoclaw-traffic-guardian/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "nanoclaw-traffic-guardian",
"version": "0.0.1-beta2",
"version": "0.0.1-beta3",
"description": "NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/openclaw-audit-watchdog/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.1.7] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.1.6] - 2026-05-16
### Fixed
skills/openclaw-audit-watchdog/README.md
+8
View File
@@ -2,6 +2,14 @@
Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill openclaw-audit-watchdog -a openclaw -y
```
## Overview
The Audit Watchdog provides automated security monitoring for your OpenClaw agent deployments:
skills/openclaw-audit-watchdog/SKILL.md
+10 -3
View File
@@ -1,6 +1,6 @@
---
name: openclaw-audit-watchdog
version: 0.1.6
version: 0.1.7
description: Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting. Runs deep audits, creates or updates a recurring cron job, and sends formatted reports to configured recipients.
homepage: https://clawsec.prompt.security
metadata:
@@ -29,6 +29,14 @@ clawdis:
# Prompt Security Audit (openclaw)
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill openclaw-audit-watchdog -a openclaw -y
```
## Installation Options
You can get openclaw-audit-watchdog in two ways:
@@ -65,7 +73,6 @@ Continue below for standalone installation instructions.
---
## Release Artifact Verification
For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key.
@@ -74,7 +81,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="openclaw-audit-watchdog"
VERSION="0.1.6"
VERSION="0.1.7"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
skills/openclaw-audit-watchdog/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "openclaw-audit-watchdog",
"version": "0.1.6",
"version": "0.1.7",
"description": "Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting. Creates or updates an unattended cron job and sends formatted reports to configured recipients.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/openclaw-traffic-guardian/CHANGELOG.md
+10
View File
@@ -1,5 +1,15 @@
# Changelog
## [0.0.1-beta3] - 2026-06-10
### Security
- Added the `POLICY_REVIEW` scope for approval-sensitive social-account mutation requests, contributed by @kriptoburak.
- Defined required JSONL metadata for social-account mutation findings, including source type, mutation category, approval-marker presence, and execution context.
### Changed
- Clarified that persistent social monitor and webhook configuration changes are review findings, while read-only social research should remain covered by no-false-positive tests.
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.1-beta2] - 2026-05-13
### Security
skills/openclaw-traffic-guardian/README.md
+9 -1
View File
@@ -4,10 +4,19 @@ Baseline skill for OpenClaw runtime traffic monitoring.
This package is intentionally a spec scaffold. Builders should add the OpenClaw-specific monitor implementation here while preserving the safety contract in `SKILL.md` and `SPEC.md`.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill openclaw-traffic-guardian -a openclaw -y
```
## Intended Capability
- detect outbound secret exfiltration in agent HTTP/HTTPS traffic
- detect inbound command-injection and tool-abuse payloads
- record operator-review findings for approval-sensitive social-account mutations
- write redacted local JSONL findings
- provide explicit start, stop, status, and log-query commands
- integrate with `clawsec-suite` as an optional add-on
@@ -15,4 +24,3 @@ This package is intentionally a spec scaffold. Builders should add the OpenClaw-
## Builder Notes
Use `SPEC.md` as the implementation contract. Keep runtime changes opt-in and scoped to the OpenClaw process being monitored.
skills/openclaw-traffic-guardian/SKILL.md
+15 -6
View File
@@ -1,7 +1,7 @@
---
name: openclaw-traffic-guardian
version: 0.0.1-beta2
description: OpenClaw runtime traffic monitoring baseline for opt-in HTTP/HTTPS proxy inspection, egress detection, and inbound injection detection.
version: 0.0.1-beta3
description: OpenClaw runtime traffic monitoring baseline for opt-in HTTP/HTTPS proxy inspection, egress detection, inbound injection detection, and social-account policy review.
homepage: https://clawsec.prompt.security
author: prompt-security
license: AGPL-3.0-or-later
@@ -15,6 +15,13 @@ clawdis:
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill openclaw-traffic-guardian -a openclaw -y
```
## Release Artifact Verification
@@ -24,7 +31,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="openclaw-traffic-guardian"
VERSION="0.0.1-beta2"
VERSION="0.0.1-beta3"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
@@ -103,6 +110,7 @@ Builders should use this skill as the OpenClaw landing zone for runtime traffic
- optional HTTPS inspection with per-process CA trust
- outbound exfiltration detection
- inbound injection detection
- approval-sensitive social-account mutation review
- redacted local threat logs
- optional OpenClaw hook/status integration
@@ -136,8 +144,10 @@ Read `SPEC.md` before implementing. Use the placeholder folders as follows:
3. Scope proxy environment variables to the target OpenClaw process.
4. Inspect HTTP request/response text up to a bounded byte limit.
5. Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
6. Emit JSONL findings with redacted snippets.
7. Provide a `status` command that reports mode, listener, CA fingerprint if present, and last findings.
6. Flag requests matching `SPEC.md`'s Outbound POLICY_REVIEW cases as operator-review findings, including TweetClaw or other X/Twitter automation writes and scheduler/background-runner repeats without a fresh operator-approval marker.
7. Detect repeat/background-runner context from bounded request metadata such as paths, headers, user-agent, client context, tool invocation metadata, or scheduler identifiers.
8. Emit JSONL findings with redacted snippets plus source type, mutation category, approval-marker presence, and direct-operator versus background-runner context.
9. Provide a `status` command that reports mode, listener, CA fingerprint if present, and last findings.
## Out of Scope for v0.0.1 Implementation
@@ -146,4 +156,3 @@ Read `SPEC.md` before implementing. Use the placeholder folders as follows:
- default blocking
- sending traffic to external services
- collecting full request/response bodies
skills/openclaw-traffic-guardian/SPEC.md
+26 -1
View File
@@ -45,6 +45,24 @@ Findings must be JSON objects with these fields:
}
```
`POLICY_REVIEW` findings must keep the same base schema and add these fields:
```json
{
"threat_type": "POLICY_REVIEW",
"pattern": "social_account_mutation",
"source_type": "openclaw_tool_request",
"mutation_category": "post",
"approval_marker_present": false,
"execution_context": "background_runner"
}
```
- `source_type`: `http_request`, `openclaw_tool_request`, or `unknown`.
- `mutation_category`: `post`, `reply`, `repost`, `like`, `follow`, `unfollow`, `dm`, `media_upload`, `persistent_monitor`, `webhook_config`, `giveaway_draw`, or `other_social_account_mutation`.
- `approval_marker_present`: boolean; do not persist marker secrets or full approval tokens.
- `execution_context`: `direct_operator`, `scheduler`, `background_runner`, or `unknown`.
## Minimum Detection Set
Outbound EXFIL:
@@ -64,6 +82,12 @@ Inbound INJECTION:
- destructive remove commands
- SSH authorized-key injection shapes
Outbound POLICY_REVIEW:
- social-account write requests such as post, reply, repost, like, follow, unfollow, DM, media upload, persistent monitor creation/update, webhook configuration changes, or giveaway draw actions
- OpenClaw plugin/tool requests that invoke TweetClaw or another X/Twitter automation plugin for account mutation
- scheduler or background-runner requests that would repeat social-account mutations without a fresh operator approval
## Safety Requirements
- Default mode is detect-and-log.
@@ -72,6 +96,7 @@ Inbound INJECTION:
- Maximum scan bytes must be configurable and bounded.
- CA trust must be per-process by default.
- System trust-store instructions must require explicit operator confirmation and must never run automatically.
- POLICY_REVIEW findings must create an operator-review record only; they must not auto-block, auto-approve, or rewrite the requested action.
## Tests Required Before Release
@@ -79,7 +104,7 @@ Inbound INJECTION:
- redaction tests proving secrets are not persisted
- proxy fixture tests for HTTP request and response inspection
- no-false-positive tests for common benign traffic
- policy-review fixture tests for TweetClaw/social-account mutation examples and benign read-only social research requests
- lifecycle tests for stale PID/state cleanup
- status output tests
- OpenClaw hook integration tests if hook files are added
skills/openclaw-traffic-guardian/skill.json
+11 -4
View File
@@ -1,7 +1,7 @@
{
"name": "openclaw-traffic-guardian",
"version": "0.0.1-beta2",
"description": "OpenClaw runtime traffic monitoring baseline for opt-in HTTP/HTTPS proxy inspection, egress detection, and inbound injection detection.",
"version": "0.0.1-beta3",
"description": "OpenClaw runtime traffic monitoring baseline for opt-in HTTP/HTTPS proxy inspection, egress detection, inbound injection detection, and social-account policy review.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
@@ -15,7 +15,10 @@
"injection",
"proxy",
"mitm",
"runtime"
"runtime",
"policy-review",
"operator-review",
"social-account-mutation"
],
"sbom": {
"files": [
@@ -84,6 +87,7 @@
"https_mitm_inspection": "planned_optional",
"egress_exfiltration_detection": "planned",
"inbound_injection_detection": "planned",
"social_account_policy_review": "planned",
"blocking": "future_version"
},
"execution": {
@@ -96,6 +100,7 @@
"Default to detect-and-log mode; blocking is out of scope for v0.0.1 implementation.",
"Scope HTTP_PROXY/HTTPS_PROXY to the OpenClaw process being monitored.",
"Redact secret snippets before writing logs or sending conversation alerts.",
"Record POLICY_REVIEW findings for approval-sensitive social-account mutations without auto-blocking, auto-approving, or rewriting requests.",
"Integrate with clawsec-suite as an optional add-on, not a default install."
],
"triggers": [
@@ -103,7 +108,9 @@
"openclaw traffic monitoring",
"monitor openclaw egress",
"inspect openclaw http traffic",
"detect openclaw exfiltration"
"detect openclaw exfiltration",
"review social account mutations",
"detect tweetclaw write actions"
]
}
}
skills/picoclaw-security-guardian/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.0.4] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.3] - 2026-05-24
### Changed
skills/picoclaw-security-guardian/README.md
+8 -1
View File
@@ -6,6 +6,14 @@ Status: implemented (v0.0.1), Picoclaw-specific.
Detailed architecture/operator docs: `wiki/modules/picoclaw-security-guardian.md`.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill picoclaw-security-guardian -a openclaw -y
```
## Support matrix mapping
| Skill name | supported platform | security feed | config drift | agent posture-review lane | chain of supply verification |
@@ -48,4 +56,3 @@ test/picoclaw_security_guardian_sandbox_regression.sh
```
It uses Docker to publish the skill through a local ClawHub-compatible registry, installs it with Picoclaw's own `find_skills` / `install_skill` flow into an isolated Picoclaw workspace, confirms Picoclaw's skill loader can list/load it, then verifies the installed copy's profile, drift, advisory, and supply-chain paths.
skills/picoclaw-security-guardian/SKILL.md
+9 -2
View File
@@ -1,6 +1,6 @@
---
name: picoclaw-security-guardian
version: 0.0.3
version: 0.0.4
description: Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.
homepage: https://clawsec.prompt.security
author: prompt-security
@@ -18,6 +18,13 @@ picoclaw:
Detailed architecture/operator docs: `wiki/modules/picoclaw-security-guardian.md`.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill picoclaw-security-guardian -a openclaw -y
```
## Release Artifact Verification
@@ -27,7 +34,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="picoclaw-security-guardian"
VERSION="0.0.3"
VERSION="0.0.4"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
skills/picoclaw-security-guardian/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "picoclaw-security-guardian",
"version": "0.0.3",
"version": "0.0.4",
"description": "Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
skills/picoclaw-self-pen-testing/CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## [0.0.3] - 2026-06-10
### Changed
- Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
## [0.0.2] - 2026-05-13
### Security
skills/picoclaw-self-pen-testing/README.md
+8
View File
@@ -4,6 +4,14 @@ Picoclaw-only local posture-review findings package for ClawSec.
Status: implemented (v0.0.1), Picoclaw-specific.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill picoclaw-self-pen-testing -a openclaw -y
```
## What it does
Given a generated Picoclaw posture profile, it emits severity-ranked findings and a summary count for local operator review.
skills/picoclaw-self-pen-testing/SKILL.md
+9 -2
View File
@@ -1,6 +1,6 @@
---
name: picoclaw-self-pen-testing
version: 0.0.2
version: 0.0.3
description: Picoclaw-only local posture-review skill focused on read-only findings and safe operator remediation guidance.
homepage: https://clawsec.prompt.security
author: prompt-security
@@ -18,6 +18,13 @@ picoclaw:
Purpose: keep Picoclaw posture-review checks isolated from the broader guardian package so moderation-sensitive checks can be versioned/published independently.
## Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
```bash
npx skills add prompt-security/clawsec --skill picoclaw-self-pen-testing -a openclaw -y
```
## Release Artifact Verification
@@ -27,7 +34,7 @@ For standalone installs, verify the signed release manifest before trusting `SKI
set -euo pipefail
SKILL_NAME="picoclaw-self-pen-testing"
VERSION="0.0.2"
VERSION="0.0.3"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
skills/picoclaw-self-pen-testing/skill.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "picoclaw-self-pen-testing",
"version": "0.0.2",
"version": "0.0.3",
"description": "Picoclaw-only local posture-review skill focused on read-only findings and safe operator remediation guidance.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",

Some files were not shown because too many files have changed in this diff Show More