mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
David Abutbul
1e48a955cc
* fix(release): exclude tests from skill payloads * fix(release): normalize test path filtering * fix(release): prefer GitHub artifacts for non-OpenClaw installs * fix(release): keep legacy ClawHub publishing * fix(release): address skill packaging review feedback * chore(skills): bump release versions * feat(skills): surface recommended platforms * docs(skills): add signed release verification * fix(skills): normalize PR version bumps --------- Co-authored-by: David Abutbul <David.a@prompt.security>
998 B
998 B
Changelog
[0.0.2] - 2026-05-13
Security
- Added explicit signed release artifact verification instructions for standalone installs, including
checksums.json,checksums.sig,signing-public.pem, archive hash verification, andSKILL.md/skill.jsonchecksum checks.
Changed
- Re-release skill payload metadata after excluding test-only files from release SBOMs and archives.
[0.0.1] - 2026-04-26
Added
- Initial Picoclaw-specific ClawSec skill package for advisory awareness, deterministic profile generation, drift detection, and supply-chain verification.
- Picoclaw-native Docker pre-release install regression harness using
find_skills/install_skilland skill-loader validation.
Changed
- Split optional posture-review checks into separate
picoclaw-self-pen-testingpackage so this package remains the core public guardian lane. - Updated metadata/docs/regression expectations to keep this package focused on advisory, drift, and supply-chain checks.