mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00

Files

T

History

davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262 )

* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests

2026-06-10 13:22:22 +03:00

hooks/clawsec-advisory-guardian/lib

fix(clawsec-clawhub-checker): remove suspicious install patterns (#197 )

2026-04-17 03:01:08 +03:00

scripts

fix(security): harden high scan findings (#258 )

2026-06-07 13:00:56 +03:00

test

fix(security): harden high scan findings (#258 )

2026-06-07 13:00:56 +03:00

.clawhubignore

fix(clawsec-clawhub-checker): remove suspicious install patterns (#197 )

2026-04-17 03:01:08 +03:00

CHANGELOG.md

ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262 )

2026-06-10 13:22:22 +03:00

README.md

ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262 )

2026-06-10 13:22:22 +03:00

skill.json

ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262 )

2026-06-10 13:22:22 +03:00

SKILL.md

ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262 )

2026-06-10 13:22:22 +03:00

README.md

ClawSec ClawHub Checker

A clawsec-suite companion skill that adds a standalone reputation gate before guarded installs.

Vercel Skills Installation

Install with the Vercel Skills CLI for this harness:

npx skills add prompt-security/clawsec --skill clawsec-clawhub-checker -a openclaw -y

Operational Notes

Required runtime: node, clawhub, openclaw
Dependency: installed clawsec-suite
No in-place mutation of other skills
Advisory-hook wiring is optional and manual in this release
Reputation checks query ClawHub metadata and remain confirmation-gated

Purpose

Adds a second risk signal before install by:

Reading ClawHub inspect/security metadata
Applying reputation heuristics (age, updates, author activity, downloads)
Requiring --confirm-reputation for low-score installs

Installation

npx clawhub install clawsec-suite
npx clawhub install clawsec-clawhub-checker

Optional preflight helper:

node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/setup_reputation_hook.mjs

Usage

node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/enhanced_guarded_install.mjs \
  --skill some-skill \
  --version 1.0.0

Override only after manual review:

node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/enhanced_guarded_install.mjs \
  --skill some-skill \
  --version 1.0.0 \
  --confirm-reputation

Optional Advisory-Hook Wiring

If you need advisory alerts to include reputationWarning / reputationWarnings, wire the checker module manually into the installed suite hook:

Source: ~/.openclaw/skills/clawsec-clawhub-checker/hooks/clawsec-advisory-guardian/lib/reputation.mjs
Target: ~/.openclaw/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts

The setup helper validates paths only and does not patch these files automatically.

Exit Codes

0 safe to install
42 advisory confirmation required
43 reputation confirmation required
1 error

Configuration

CLAWHUB_REPUTATION_THRESHOLD (default: 70)

Security Considerations

Reputation is heuristic, not authoritative
False positives are possible
Always inspect code before confirming installation

License

GNU AGPL v3.0 or later - Part of the ClawSec security suite