gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
clawsec/skills/clawtributor/CHANGELOG.md
T
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
2026-06-10 13:22:22 +03:00

2.2 KiB
Raw Permalink Blame History

Changelog

[0.0.7] - 2026-06-10

Changed

  • Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
  • Marked Clawtributor as a harness-neutral global skill for OpenClaw, NanoClaw, Hermes, and Picoclaw installer grouping.
  • Removed OpenClaw CLI as a declared runtime requirement because reporting is manual, approval-gated, and not tied to an OpenClaw command path.
  • Documented Vercel skills installer usage alongside the OpenClaw/ClawHub install path.
  • Moved local report/state guidance to ~/.clawsec/clawtributor/.

[0.0.6] - 2026-05-14

Security

  • Added explicit signed release artifact verification instructions for standalone installs, including checksums.json, checksums.sig, signing-public.pem, archive hash verification, and SKILL.md/skill.json checksum checks.

All notable changes to Clawtributor will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.5] - 2026-04-16

Changed

  • Replaced release-artifact bootstrap instructions in SKILL.md with registry-based installation guidance.
  • Switched submission instructions to manual browser-form workflow after explicit approval (no scripted CLI submission flow).
  • Reduced declared runtime requirements to openclaw for the packaged skill guidance.

Security

  • Removed automatic remote-install and automated issue-submission guidance patterns that were being classified as suspicious.

[0.0.4] - 2026-04-14

Added

  • Operational notes that describe the standalone install runtime and the external GitHub submission target.
  • Metadata that records opt-in reporting, local state persistence, and approval-gated network egress.

Changed

  • Corrected the skill homepage in SKILL.md to the canonical clawsec.prompt.security domain.
  • Declared the full standalone install/reporting toolchain (bash, curl, jq, shasum, unzip, gh) in metadata.

Security

  • Made the off-host reporting trust model explicit: every submission stays approval-gated and evidence must be sanitized before it is sent to GitHub.
Reference in New Issue View Git Blame Copy Permalink