gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
clawsec/skills/clawsec-feed/CHANGELOG.md
T
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
2026-06-10 13:22:22 +03:00

2.1 KiB
Raw Permalink Blame History

Changelog

[0.0.9] - 2026-06-10

Changed

  • Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

[0.0.8] - 2026-05-24

Changed

  • Documented the consolidated signed advisory feed as the default feed for NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.

[0.0.7] - 2026-05-14

Security

  • Added explicit signed release artifact verification instructions for standalone installs, including checksums.json, checksums.sig, signing-public.pem, archive hash verification, and SKILL.md/skill.json checksum checks.

All notable changes to the ClawSec Feed skill will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.6] - 2026-04-14

Added

  • Operational notes in the skill docs that distinguish standalone feed installation from clawsec-suite automation responsibilities.
  • Metadata describing required standalone install tooling and operator review expectations.

Changed

  • Clarified that the standalone feed package does not itself create persistence, hooks, or cron jobs.
  • Declared checksum/extraction tooling used by the documented install flow (bash, shasum, unzip) in skill metadata.
  • Normalized product naming in the skill docs to use OpenClaw terminology.

Security

  • Made release-provenance and checksum verification expectations explicit for standalone installations on production hosts.

[0.0.5] - 2026-02-28

Added

  • Exploitability-focused advisory guidance, including filtering and prioritization examples.
  • Notification examples that include exploitability context and rationale.

Changed

  • Clarified exploitability scoring guidance to match runtime values (high|medium|low|unknown).
  • Updated response-priority guidance to align with exploitability-first triage.
  • De-duplicated exploitability filtering guidance in SKILL.md by pointing to canonical docs in wiki/exploitability-scoring.md and clawsec-suite.
Reference in New Issue View Git Blame Copy Permalink