mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-16 23:11:20 +03:00
davida-ps
caad6f698c
* chore(skills): harden openclaw skill metadata * fix(openclaw-audit-watchdog): add dated release note heading * chore(skills): normalize openclaw naming * fix(soul-guardian): preserve legacy launchd state dir * fix(soul-guardian): clean up legacy launchd labels
73 lines
2.2 KiB
Markdown
73 lines
2.2 KiB
Markdown
# ClawSec Feed 📡
|
|
|
|
Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence and stay informed about emerging threats.
|
|
|
|
## Operational Notes
|
|
|
|
- Required runtime for standalone installation: `bash`, `curl`, `jq`, `shasum`, `unzip`
|
|
- This package is advisory data plus install/update guidance; it does not create local persistence by itself
|
|
- Automated polling, installed-skill cross-referencing, and hook/cron behavior live in `clawsec-suite`
|
|
- Verify release provenance and checksums before installing the standalone artifact on production hosts
|
|
|
|
## Features
|
|
|
|
- **Real-time Advisories** - Get notified about malicious skills, vulnerabilities, and attack patterns
|
|
- **Cross-Reference Detection** - Automatically checks if your installed skills are affected
|
|
- **Community-Driven** - Advisories contributed and reviewed by the security community
|
|
- **Heartbeat Integration** - Seamlessly integrates with your agent's routine checks
|
|
|
|
## Quick Install
|
|
|
|
```bash
|
|
curl -sLO https://github.com/prompt-security/clawsec/releases/latest/download/clawsec-feed.skill
|
|
```
|
|
|
|
## Advisory Types
|
|
|
|
| Type | Description |
|
|
|------|-------------|
|
|
| `malicious_skill` | Skills identified as intentionally harmful |
|
|
| `vulnerable_skill` | Skills with security vulnerabilities |
|
|
| `prompt_injection` | Known prompt injection patterns |
|
|
| `attack_pattern` | Observed attack techniques |
|
|
|
|
## Feed Structure
|
|
|
|
```json
|
|
{
|
|
"version": "1.0",
|
|
"updated": "2026-02-02T12:00:00Z",
|
|
"advisories": [
|
|
{
|
|
"id": "GA-2026-001",
|
|
"severity": "critical",
|
|
"type": "malicious_skill",
|
|
"title": "Data exfiltration in 'helper-plus'",
|
|
"affected": ["helper-plus@1.0.0"],
|
|
"action": "Remove immediately"
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
## Response Example
|
|
|
|
```
|
|
📡 ClawSec Feed: 2 new advisories
|
|
|
|
CRITICAL - GA-2026-015: Malicious prompt pattern
|
|
→ Update your system prompt defenses.
|
|
|
|
HIGH - GA-2026-016: Vulnerable skill "data-helper"
|
|
→ You have this installed! Update to v1.2.1
|
|
```
|
|
|
|
## Related Skills
|
|
|
|
- **openclaw-audit-watchdog** - Automated daily security audits
|
|
- **clawtributor** - Report vulnerabilities to the community
|
|
|
|
## License
|
|
|
|
GNU AGPL v3.0 or later - [Prompt Security](https://prompt.security)
|