gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-15 14:31:21 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
dependabot/github_actions/github/codeql-action-4.36.2
clawsec/skills/clawsec-scanner/skill.json
T
davida-ps 3cef7aa46b fix(security): harden high scan findings (#258) 
* fix(security): harden high scan findings

* fix(security): tighten review hardening

* fix(nanoclaw): preserve prerelease advisory matching
2026-06-07 13:00:56 +03:00

128 lines
3.6 KiB
JSON
Raw Permalink Blame History

{
"name": "clawsec-scanner",
"version": "0.0.4",
"description": "Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific static hook inspection for OpenClaw hooks.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
"keywords": [
"security",
"vulnerability",
"scanner",
"dependency",
"cve",
"sast",
"dast",
"audit",
"agents",
"ai",
"openclaw",
"semgrep",
"bandit",
"osv",
"nvd"
],
"sbom": {
"files": [
{
"path": "SKILL.md",
"required": true,
"description": "Scanner skill documentation and usage guide"
},
{
"path": "CHANGELOG.md",
"required": true,
"description": "Version history and feature changelog"
},
{
"path": "scripts/runner.sh",
"required": true,
"description": "Main orchestration script for running all scanner engines"
},
{
"path": "scripts/scan_dependencies.mjs",
"required": true,
"description": "Dependency scanner using npm audit and pip-audit with JSON parsing"
},
{
"path": "scripts/query_cve_databases.mjs",
"required": true,
"description": "Multi-database CVE lookup (OSV primary, NVD/GitHub fallback)"
},
{
"path": "scripts/sast_analyzer.mjs",
"required": true,
"description": "Static analysis engine running Semgrep and Bandit as subprocesses"
},
{
"path": "scripts/dast_runner.mjs",
"required": true,
"description": "Static OpenClaw hook inspection harness that does not execute target handlers"
},
{
"path": "scripts/dast_hook_executor.mjs",
"required": true,
"description": "Static hook source inspection helper used by DAST without importing target handlers"
},
{
"path": "scripts/setup_scanner_hook.mjs",
"required": false,
"description": "Hook installer for continuous monitoring integration"
},
{
"path": "lib/report.mjs",
"required": true,
"description": "Unified vulnerability report generator (JSON and human-readable formats)"
},
{
"path": "lib/utils.mjs",
"required": true,
"description": "Shared utility functions for subprocess execution and JSON parsing"
},
{
"path": "lib/types.ts",
"required": true,
"description": "TypeScript type definitions for Vulnerability and ScanReport schemas"
},
{
"path": "hooks/clawsec-scanner-hook/HOOK.md",
"required": false,
"description": "OpenClaw hook metadata for continuous scanning integration"
},
{
"path": "hooks/clawsec-scanner-hook/handler.ts",
"required": false,
"description": "OpenClaw hook handler for periodic vulnerability scanning"
}
]
},
"openclaw": {
"emoji": "🔍",
"category": "security",
"requires": {
"bins": [
"node",
"npm",
"python3",
"pip-audit",
"semgrep",
"bandit",
"jq",
"curl"
]
},
"triggers": [
"vulnerability scan",
"security scan",
"dependency scan",
"cve scan",
"sast scan",
"run scanner",
"scan vulnerabilities",
"check vulnerabilities",
"audit dependencies",
"security check"
]
}
}
Reference in New Issue View Git Blame Copy Permalink