gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1e48a955ccf7f9a4b5d4aaedfbb9f47779348595
clawsec/skills/clawsec-feed
T
History
David Abutbul 1e48a955cc fix(release): exclude tests from skill payloads (#230) 
* fix(release): exclude tests from skill payloads

* fix(release): normalize test path filtering

* fix(release): prefer GitHub artifacts for non-OpenClaw installs

* fix(release): keep legacy ClawHub publishing

* fix(release): address skill packaging review feedback

* chore(skills): bump release versions

* feat(skills): surface recommended platforms

* docs(skills): add signed release verification

* fix(skills): normalize PR version bumps

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
2026-05-14 14:38:58 +03:00
..
advisories
chore: CVE advisories - 18 new, 1 updated (#232)
2026-05-12 10:08:29 +03:00
.clawhubignore
ClawSec init
2026-02-05 21:58:23 +02:00
CHANGELOG.md
fix(release): exclude tests from skill payloads (#230)
2026-05-14 14:38:58 +03:00
README.md
chore(skills): harden openclaw skill metadata (#191)
2026-04-14 15:43:04 +03:00
skill.json
fix(release): exclude tests from skill payloads (#230)
2026-05-14 14:38:58 +03:00
SKILL.md
fix(release): exclude tests from skill payloads (#230)
2026-05-14 14:38:58 +03:00

README.md

ClawSec Feed 📡

Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence and stay informed about emerging threats.

Operational Notes

  • Required runtime for standalone installation: bash, curl, jq, shasum, unzip
  • This package is advisory data plus install/update guidance; it does not create local persistence by itself
  • Automated polling, installed-skill cross-referencing, and hook/cron behavior live in clawsec-suite
  • Verify release provenance and checksums before installing the standalone artifact on production hosts

Features

  • Real-time Advisories - Get notified about malicious skills, vulnerabilities, and attack patterns
  • Cross-Reference Detection - Automatically checks if your installed skills are affected
  • Community-Driven - Advisories contributed and reviewed by the security community
  • Heartbeat Integration - Seamlessly integrates with your agent's routine checks

Quick Install

curl -sLO https://github.com/prompt-security/clawsec/releases/latest/download/clawsec-feed.skill

Advisory Types

Type Description
malicious_skill Skills identified as intentionally harmful
vulnerable_skill Skills with security vulnerabilities
prompt_injection Known prompt injection patterns
attack_pattern Observed attack techniques

Feed Structure

{
  "version": "1.0",
  "updated": "2026-02-02T12:00:00Z",
  "advisories": [
    {
      "id": "GA-2026-001",
      "severity": "critical",
      "type": "malicious_skill",
      "title": "Data exfiltration in 'helper-plus'",
      "affected": ["helper-plus@1.0.0"],
      "action": "Remove immediately"
    }
  ]
}

Response Example

📡 ClawSec Feed: 2 new advisories

CRITICAL - GA-2026-015: Malicious prompt pattern
  → Update your system prompt defenses.

HIGH - GA-2026-016: Vulnerable skill "data-helper"
  → You have this installed! Update to v1.2.1

Related Skills

  • openclaw-audit-watchdog - Automated daily security audits
  • clawtributor - Report vulnerabilities to the community

License

GNU AGPL v3.0 or later - Prompt Security

Reference in New Issue View Git Blame Copy Permalink