mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-19 00:11:20 +03:00
davida-ps
3cef7aa46b
* fix(security): harden high scan findings * fix(security): tighten review hardening * fix(nanoclaw): preserve prerelease advisory matching
1.7 KiB
1.7 KiB
Changelog
[0.0.4] - 2026-06-07
Security
- Replaced DAST target hook execution with static hook source inspection so scanner runs never import, transpile, or invoke untrusted handler code.
[0.0.3] - 2026-05-13
Changed
- Re-release skill payload metadata after excluding test-only files from release SBOMs and archives.
All notable changes to the ClawSec Scanner will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[0.0.2] - 2026-03-10
Changed
- Replaced simulated DAST checks with real OpenClaw hook execution harness testing
- Updated DAST semantics so high-severity findings are emitted for actual hook execution failures/timeouts, not static payload pattern matches
- Reclassified DAST harness capability limitations (for example missing TypeScript compiler for
.tshooks) toinfocoverage findings instead of high severity - Added DAST harness mode guard to prevent recursive scanner execution when hook handlers are tested in isolation
Added
- New DAST helper executor script for isolated per-hook execution and timeout enforcement
- DAST harness regression tests covering no-false-positive baseline and malicious-input crash detection
[0.0.1] - 2026-02-27
Added
- Initial release of ClawSec Scanner skill
- Automated vulnerability scanning for OpenClaw skill installations
- Integration with advisory feed for real-time security alerts
- Support for scanning skill dependencies and detecting known CVEs
- Configurable scan policies and risk thresholds
- Detailed vulnerability reporting with remediation guidance