mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
David Abutbul
1e48a955cc
* fix(release): exclude tests from skill payloads * fix(release): normalize test path filtering * fix(release): prefer GitHub artifacts for non-OpenClaw installs * fix(release): keep legacy ClawHub publishing * fix(release): address skill packaging review feedback * chore(skills): bump release versions * feat(skills): surface recommended platforms * docs(skills): add signed release verification * fix(skills): normalize PR version bumps --------- Co-authored-by: David Abutbul <David.a@prompt.security>
40 lines
1.6 KiB
Markdown
40 lines
1.6 KiB
Markdown
# Changelog
|
|
|
|
## [0.0.6] - 2026-05-14
|
|
|
|
### Security
|
|
- Added explicit signed release artifact verification instructions for standalone installs, including `checksums.json`, `checksums.sig`, `signing-public.pem`, archive hash verification, and `SKILL.md`/`skill.json` checksum checks.
|
|
|
|
All notable changes to Clawtributor will be documented in this file.
|
|
|
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
|
|
## [0.0.5] - 2026-04-16
|
|
|
|
### Changed
|
|
|
|
- Replaced release-artifact bootstrap instructions in `SKILL.md` with registry-based installation guidance.
|
|
- Switched submission instructions to manual browser-form workflow after explicit approval (no scripted CLI submission flow).
|
|
- Reduced declared runtime requirements to `openclaw` for the packaged skill guidance.
|
|
|
|
### Security
|
|
|
|
- Removed automatic remote-install and automated issue-submission guidance patterns that were being classified as suspicious.
|
|
|
|
## [0.0.4] - 2026-04-14
|
|
|
|
### Added
|
|
|
|
- Operational notes that describe the standalone install runtime and the external GitHub submission target.
|
|
- Metadata that records opt-in reporting, local state persistence, and approval-gated network egress.
|
|
|
|
### Changed
|
|
|
|
- Corrected the skill homepage in `SKILL.md` to the canonical `clawsec.prompt.security` domain.
|
|
- Declared the full standalone install/reporting toolchain (`bash`, `curl`, `jq`, `shasum`, `unzip`, `gh`) in metadata.
|
|
|
|
### Security
|
|
|
|
- Made the off-host reporting trust model explicit: every submission stays approval-gated and evidence must be sanitized before it is sent to GitHub.
|