gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
clawsec/skills/clawsec-feed
T
History
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
2026-06-10 13:22:22 +03:00
..
advisories
chore: update NVD/GHSA advisories - 1 NVD new, 0 NVD updated (#257)
2026-06-10 11:35:17 +03:00
.clawhubignore
ClawSec init
2026-02-05 21:58:23 +02:00
CHANGELOG.md
ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262)
2026-06-10 13:22:22 +03:00
README.md
ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262)
2026-06-10 13:22:22 +03:00
skill.json
ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262)
2026-06-10 13:22:22 +03:00
SKILL.md
ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262)
2026-06-10 13:22:22 +03:00

README.md

ClawSec Feed 📡

Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence and stay informed about emerging threats.

Vercel Skills Installation

Install with the Vercel Skills CLI for this harness:

npx skills add prompt-security/clawsec --skill clawsec-feed -a openclaw -y

Operational Notes

  • Required runtime for standalone installation: bash, curl, jq, shasum, unzip
  • This package is advisory data plus install/update guidance; it does not create local persistence by itself
  • Automated polling, installed-skill cross-referencing, and hook/cron behavior live in clawsec-suite
  • Verify release provenance and checksums before installing the standalone artifact on production hosts

Features

  • Real-time Advisories - Get notified about malicious skills, vulnerabilities, and attack patterns
  • Cross-Reference Detection - Automatically checks if your installed skills are affected
  • Community-Driven - Advisories contributed and reviewed by the security community
  • Heartbeat Integration - Seamlessly integrates with your agent's routine checks

Quick Install

curl -sLO https://github.com/prompt-security/clawsec/releases/latest/download/clawsec-feed.skill

Advisory Types

Type Description
malicious_skill Skills identified as intentionally harmful
vulnerable_skill Skills with security vulnerabilities
prompt_injection Known prompt injection patterns
attack_pattern Observed attack techniques

Feed Structure

{
  "version": "1.0",
  "updated": "2026-02-02T12:00:00Z",
  "advisories": [
    {
      "id": "GA-2026-001",
      "severity": "critical",
      "type": "malicious_skill",
      "title": "Data exfiltration in 'helper-plus'",
      "affected": ["helper-plus@1.0.0"],
      "action": "Remove immediately"
    }
  ]
}

Response Example

📡 ClawSec Feed: 2 new advisories

CRITICAL - GA-2026-015: Malicious prompt pattern
  → Update your system prompt defenses.

HIGH - GA-2026-016: Vulnerable skill "data-helper"
  → You have this installed! Update to v1.2.1

Related Skills

  • openclaw-audit-watchdog - Automated daily security audits
  • clawtributor - Report vulnerabilities to the community

License

GNU AGPL v3.0 or later - Prompt Security

Reference in New Issue View Git Blame Copy Permalink