mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-01 15:52:26 +03:00

Files

T

David Abutbul 0d2e38ddfd Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208 )

* Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs

* fix(feed): add picoclaw to core platform taxonomy and filters

* fix(picoclaw): resolve eslint errors in new skills

* chore(nvd): include picoclaw in CVE polling and cleanup report

---------

Co-authored-by: David Abutbul <David.a@prompt.security>

2026-04-26 14:19:18 +03:00

1.3 KiB

Raw Permalink Blame History

Picoclaw Self Pen Testing

Summary

Current package version: v0.0.1.

picoclaw-self-pen-testing is a standalone Picoclaw package that runs local, read-only self-pen-testing style checks from a generated Picoclaw posture profile.

This package is intentionally separate from picoclaw-security-guardian so moderation-sensitive findings can be shipped independently.

What it checks

Public Web UI exposure
Disabled Web UI auth
Unrestricted workspace/tooling posture
Unsafely unsigned verification mode
MCP trust-boundary review needs
Scheduler persistence review
Plaintext secret markers
Multi-channel auth review

Usage

node skills/picoclaw-self-pen-testing/scripts/self_pen_test.mjs \
  --profile ~/.picoclaw/security/clawsec/current-profile.json

Validation

python utils/validate_skill.py skills/picoclaw-self-pen-testing
node skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs

Source references

skills/picoclaw-self-pen-testing/skill.json
skills/picoclaw-self-pen-testing/SKILL.md
skills/picoclaw-self-pen-testing/README.md
skills/picoclaw-self-pen-testing/lib/self_pen_test.mjs
skills/picoclaw-self-pen-testing/lib/format.mjs
skills/picoclaw-self-pen-testing/scripts/self_pen_test.mjs
skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs

1.3 KiB Raw Permalink Blame History