gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
clawsec/skills/clawsec-clawhub-checker/CHANGELOG.md
T
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
2026-06-10 13:22:22 +03:00

2.6 KiB
Raw Permalink Blame History

Changelog

[0.0.6] - 2026-06-10

Changed

  • Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

[0.0.5] - 2026-06-07

Security

  • Treat explicit malicious ClawHub and VirusTotal verdicts as blocking signals regardless of the numeric reputation score.

[0.0.4] - 2026-05-13

Security

  • Added explicit signed release artifact verification instructions for standalone installs, including checksums.json, checksums.sig, signing-public.pem, archive hash verification, and SKILL.md/skill.json checksum checks.

Changed

  • Re-release skill payload metadata after excluding test-only files from release SBOMs and archives.

All notable changes to the ClawSec ClawHub Checker will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.3] - 2026-04-16

Changed

  • Converted setup flow to non-mutating preflight validation; the skill no longer rewrites or copies files into installed clawsec-suite directories.
  • Updated reputation collection to rely on clawhub inspect --json security metadata instead of probing clawhub install output.
  • Updated documentation and metadata to describe standalone wrapper usage for guarded install checks.
  • Added explicit documentation for optional manual advisory-hook wiring when operators want reputationWarning fields in advisory alert rendering.

Security

  • Removed in-place cross-skill source mutation behavior from setup.
  • Removed install-output scraping behavior used only to infer VirusTotal status.
  • Reputation scoring now fails closed when scanner metadata is missing, and hook-level reputation subprocess execution failures are treated as unsafe results.

[0.0.2] - 2026-04-14

Added

  • Runtime and operator-review metadata describing the suite dependency, ClawHub lookups, and in-place integration behavior.
  • Preflight disclosure in scripts/setup_reputation_hook.mjs before the installed suite is modified.
  • Regression coverage for setup disclosure in test/setup_reputation_hook.test.mjs.

Changed

  • Declared node and openclaw as required runtimes alongside clawhub because the integration flow depends on all three.
  • Documented that setup rewrites installed clawsec-suite files rather than operating on a detached copy.

Security

  • Made the string-based handler.ts rewrite and the remote ClawHub reputation-query behavior explicit so operators can review the mutation and network trust model before enabling it.
Reference in New Issue View Git Blame Copy Permalink