gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1e48a955ccf7f9a4b5d4aaedfbb9f47779348595
clawsec/skills/clawtributor/CHANGELOG.md
T
David Abutbul 1e48a955cc fix(release): exclude tests from skill payloads (#230) 
* fix(release): exclude tests from skill payloads

* fix(release): normalize test path filtering

* fix(release): prefer GitHub artifacts for non-OpenClaw installs

* fix(release): keep legacy ClawHub publishing

* fix(release): address skill packaging review feedback

* chore(skills): bump release versions

* feat(skills): surface recommended platforms

* docs(skills): add signed release verification

* fix(skills): normalize PR version bumps

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
2026-05-14 14:38:58 +03:00

1.6 KiB
Raw Blame History

Changelog

[0.0.6] - 2026-05-14

Security

  • Added explicit signed release artifact verification instructions for standalone installs, including checksums.json, checksums.sig, signing-public.pem, archive hash verification, and SKILL.md/skill.json checksum checks.

All notable changes to Clawtributor will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.5] - 2026-04-16

Changed

  • Replaced release-artifact bootstrap instructions in SKILL.md with registry-based installation guidance.
  • Switched submission instructions to manual browser-form workflow after explicit approval (no scripted CLI submission flow).
  • Reduced declared runtime requirements to openclaw for the packaged skill guidance.

Security

  • Removed automatic remote-install and automated issue-submission guidance patterns that were being classified as suspicious.

[0.0.4] - 2026-04-14

Added

  • Operational notes that describe the standalone install runtime and the external GitHub submission target.
  • Metadata that records opt-in reporting, local state persistence, and approval-gated network egress.

Changed

  • Corrected the skill homepage in SKILL.md to the canonical clawsec.prompt.security domain.
  • Declared the full standalone install/reporting toolchain (bash, curl, jq, shasum, unzip, gh) in metadata.

Security

  • Made the off-host reporting trust model explicit: every submission stays approval-gated and evidence must be sanitized before it is sent to GitHub.
Reference in New Issue View Git Blame Copy Permalink