chore(clawsec-suite): bump version to 0.0.6

constants.ts

@@ -1,6 +1,6 @@
 // ClawSec Suite SKILL.md URL - injected at build time, with hardcoded fallback
 export const SKILL_URL = import.meta.env.VITE_CLAWSEC_SUITE_URL || 
-  'https://clawsec.prompt.security/releases/download/clawsec-suite-v0.0.2/SKILL.md';
+  'https://clawsec.prompt.security/releases/download/clawsec-suite-v0.0.6/SKILL.md';
 
 // Feed URL for fetching live advisories
 export const ADVISORY_FEED_URL = 'https://clawsec.prompt.security/releases/latest/download/feed.json';

skills/clawsec-feed/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: clawsec-feed
-version: 0.0.2
+version: 0.0.4
 description: Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.
 homepage: https://clawsec.prompt.security
 metadata: {"openclaw":{"emoji":"📡","category":"security"}}
@@ -55,6 +55,8 @@ Continue below for standalone installation instructions.
 ---
 
 Installation Steps:
+Agents should review scripts before execution!
+
 
 ```bash
 # Get latest clawsec-feed release tag
@@ -640,8 +642,8 @@ fi
 
 **Bootstrap Trust Problem:** The initial download of this skill cannot be verified by the skill itself. To establish trust:
 
-1. **Verify the source URL** - Ensure you are downloading from `github.com/prompt-security/clawsec`
-2. **Check GitHub release signatures** - GitHub signs releases; verify the release is from the `prompt-security` organization
+1. **Verify the source URL** - Ensure you are downloading from `https://clawsec.prompt.security`
+2. **Check release signatures** - GitHub signs our releases; verify the release is from the checksums.
 3. **Compare checksums** - After download, compare the SHA-256 hash against the published `checksums.json`:
 
 ```bash

skills/clawsec-feed/skill.json

@@ -1,6 +1,6 @@
 {
   "name": "clawsec-feed",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence.",
   "author": "prompt-security",
   "license": "MIT",

skills/clawsec-suite/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: clawsec-suite
-version: 0.0.3
+version: 0.0.6
 description: Use when users or agents want to explore or set up ClawSec security protections - this is a wrapper that helps discover and install individual security skills, but requires initial configuration to activate any protections.
 homepage: https://clawsec.prompt.security
 clawdis:
@@ -83,39 +83,10 @@ echo "✓ ClawSec Suite deployment complete"
 ### ✅ On Successful Installation (IMPORTANT)
 
 On success the user should know: which skills were installed, that protections are active, and where to learn more if interested.
-Offered template:
+On success, inform the user which skills were installed and that the default protections are active. (add an encouraging call - like Congrats, you are safe!)
 
-```
-**ClawSec Suite installation is complete — you are now protected!**
-
-The following security skills are active with their default configurations:
-• clawsec-feed — Security advisory monitoring (CVE/threat intelligence)
-• openclaw-audit-watchdog — Automated security audits
-• soul-guardian — File integrity and drift detection
-
-If you'd like to customize any configuration or learn more about these protections, just ask.
-
-Provided to the open-source community with care from Prompt Security, a SentinelOne Company.
-```
-
-### ⚠️ On Partial Installation or Errors
-
-If any skill fails to deploy or verification errors occur, inform the user with details:
-
-```
-ClawSec Suite installation completed with warnings.
-
-Successfully installed:
-• [list skills that installed successfully]
-
-Failed or skipped:
-• [skill-name]: [brief reason - e.g., "checksum verification failed", "bundled files not found"]
-
-Please review the errors above. You can retry installation or ask for help troubleshooting.
-
-Provided to the open-source community with care from Prompt Security, a SentinelOne Company.
-```
 
+On partial success or errors, list what succeeded, what failed with reasons, and suggest retry or troubleshooting
 ## Contract (what this skill is)
 
 ClawSec Suite is a small "manager" package that helps an agent runtime:
@@ -217,6 +188,8 @@ Refer to each skill's SKILL.md file for detailed configuration instructions. if
 
 ## Trust, provenance, and safety
 
+Agents should review scripts before execution!
+
 **Do not install anything you cannot verify.** A secure installer must:
 
 1) download artifacts from a stable origin
@@ -236,8 +209,8 @@ All releases are published at:
 
 Example for clawsec-suite v0.0.9:
 
-- `https://clawsec.prompt.security/releases/download/clawsec-suite-v0.0.3/checksums.json`
-- `https://clawsec.prompt.security/releases/download/clawsec-suite-v0.0.3/clawsec-suite.skill`
+- `https://clawsec.prompt.security/releases/download/clawsec-suite-v0.0.6/checksums.json`
+- `https://clawsec.prompt.security/releases/download/clawsec-suite-v0.0.6/clawsec-suite.skill`
 
 ## Installation (generic, version-pinned, verified)
 
@@ -259,7 +232,7 @@ Pick a stable install root:
 ```bash
 set -euo pipefail
 
-VERSION="${VERSION:-0.0.3}"
+VERSION="${SKILL_VERSION}"
 INSTALL_ROOT="${INSTALL_ROOT:-$HOME/.openclaw/skills}"
 DEST="$INSTALL_ROOT/clawsec-suite"
 
@@ -270,7 +243,7 @@ cd "$(mktemp -d)"
 
 # 1) Download checksums.json and artifact
 curl -fsSL "$BASE/checksums.json" -o checksums.json
-curl -fsSL "$BASE/clawsec-suite.skill" -o clawsec-suite.skill
+curl -fsSL "$BASE/SKILL.md" -o SKILL.md
 
 # 2) Extract expected checksum from checksums.json
 EXPECTED_SHA256=$(jq -r '.files["clawsec-suite.skill"].sha256' checksums.json)
@@ -283,7 +256,7 @@ fi
 if command -v shasum >/dev/null 2>&1; then
   ACTUAL_SHA256=$(shasum -a 256 clawsec-suite.skill | awk '{print $1}')
 else
-  ACTUAL_SHA256=$(sha256sum clawsec-suite.skill | awk '{print $1}')
+  ACTUAL_SHA256=$(sha256sum SKILL.md | awk '{print $1}')
 fi
 
 # 4) Verify checksum (fail closed)
@@ -297,8 +270,7 @@ echo "Checksum verified: $ACTUAL_SHA256"
 
 # 5) Install
 rm -rf "$DEST"/*
-unzip -oq clawsec-suite.skill -d "$DEST"
-
+#download specific files by checksum list, or .skill file which is supported by openclaw
 # 6) Sanity check
 test -f "$DEST/skill.json"
 test -f "$DEST/SKILL.md"
@@ -326,25 +298,6 @@ Each release publishes a `checksums.json` file that contains version info and SH
 - `https://clawsec.prompt.security/releases/download/clawsec-suite-v<VERSION>/checksums.json`
 
 
-The checksums.json structure:
-
-```json
-{
-  "skill": "clawsec-suite",
-  "version": "0.0.3",
-  "generated_at": "2026-02-04T23:42:57Z",
-  "repository": "prompt-security/ClawSec",
-  "tag": "clawsec-suite-v0.0.3",
-  "files": {
-    "clawsec-suite.skill": {
-      "sha256": "339a4817aba054e6da5a6d838e2603d16592b43f6bdb7265d6b1918b22fe62cb",
-      "size": 4870,
-      "url": "https://clawsec.prompt.security/releases/download/clawsec-suite-v0.0.3/clawsec-suite.skill"
-    }
-  }
-}
-```
-
 To check for updates, compare the installed version against the latest `checksums.json`. See `HEARTBEAT.md` for the upgrade check procedure.
 
 ## Platform adapters (optional sections)

skills/clawsec-suite/skill.json

@@ -1,6 +1,6 @@
 {
   "name": "clawsec-suite",
-  "version": "0.0.3",
+  "version": "0.0.6",
   "description": "Use when users want to explore or set up ClawSec security protections - this is a wrapper that helps discover and install individual security skills, but requires initial configuration to activate any protections.",
   "author": "prompt-security",
   "license": "MIT",

skills/clawtributor/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: clawtributor
-version: 0.0.2
+version: 0.0.3
 description: Community incident reporting for AI agents. Contribute to collective security by reporting threats.
 homepage: https://gclawsec.prompt.security
 metadata: {"openclaw":{"emoji":"🤝","category":"security"}}

skills/clawtributor/skill.json

@@ -1,6 +1,6 @@
 {
   "name": "clawtributor",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "Community incident reporting for AI agents. Contribute to collective security by reporting threats.",
   "author": "prompt-security",
   "license": "MIT",

skills/openclaw-audit-watchdog/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: openclaw-audit-watchdog
-version: 0.0.1
+version: 0.0.4
 description: Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.
 homepage: https://clawsec.prompt.security
 metadata: {"openclaw":{"emoji":"🔭","category":"security"}}

skills/openclaw-audit-watchdog/skill.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-audit-watchdog",
-  "version": "0.0.1",
+  "version": "0.0.4",
   "description": "Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.",
   "author": "prompt-security",
   "license": "MIT",