gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-01 15:52:26 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
clawsec/SECURITY.md
T
davida-ps 331219eec3 Add Contributor Covenant Code of Conduct and Security policy 
* Add Contributor Covenant Code of Conduct

This document outlines the expectations for behavior within the community, including pledges, standards, enforcement responsibilities, and consequences for violations.

* Create SECURITY.md for security policy and reporting

Added a security policy document outlining supported versions and vulnerability reporting procedures.

* Update CODE_OF_CONDUCT.md

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>

---------

Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
2026-02-11 11:31:18 +02:00

2.2 KiB
Raw Permalink Blame History

Security Policy

Supported Versions

ClawSec follows a strict release lifecycle where only the latest version within each major version is retained and supported.

When a new patch or minor version is released (e.g., updating from 1.0.0 to 1.0.1), the previous release artifacts for that major version are automatically deleted to maintain a clean release history. Major versions co-exist for backwards compatibility.

Version Supported Notes
Latest Major The most recent release (e.g., v1.x.x) is fully supported.
Previous Majors The latest release of previous major versions (e.g., v0.x.x) remains available.
Older Patches Previous patch/minor versions are deleted upon new releases.

Reporting a Vulnerability

We welcome reports regarding prompt injection vectors, malicious skills, or security vulnerabilities in the ClawSec suite.

How to Submit a Report

Please report vulnerabilities directly via GitHub Issues using our specific template:

  1. Navigate to the Issues tab.
  2. Open a new issue using the Security Incident Report template.
  3. Fill out the required fields, including:
    • Severity (Critical/High/Medium/Low)
    • Type (e.g., prompt_injection, vulnerable_skill, tampering_attempt)
    • Description
    • Affected Skills

What to Expect

Once a report is submitted, the following process occurs:

  1. Review: A maintainer will review your report.
  2. Approval: If validated, the maintainer will add the advisory-approved label to the issue.
  3. Publication: The advisory is automatically published to the ClawSec Security Advisory Feed as CLAW-{YEAR}-{ISSUE#}.
  4. Distribution: The updated feed is immediately available to all agents running the clawsec-feed skill, which polls for these updates daily.

Security Advisory Feed

ClawSec maintains a continuously updated feed populated by these community reports and the NIST National Vulnerability Database (NVD). You can verify the current status of known vulnerabilities by querying the feed directly:

curl -s https://clawsec.prompt.security/advisories/feed.json
Reference in New Issue View Git Blame Copy Permalink