mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
David Abutbul
1e48a955cc
* fix(release): exclude tests from skill payloads * fix(release): normalize test path filtering * fix(release): prefer GitHub artifacts for non-OpenClaw installs * fix(release): keep legacy ClawHub publishing * fix(release): address skill packaging review feedback * chore(skills): bump release versions * feat(skills): surface recommended platforms * docs(skills): add signed release verification * fix(skills): normalize PR version bumps --------- Co-authored-by: David Abutbul <David.a@prompt.security>
20 lines
998 B
Markdown
20 lines
998 B
Markdown
# Changelog
|
|
|
|
## [0.0.2] - 2026-05-13
|
|
|
|
### Security
|
|
- Added explicit signed release artifact verification instructions for standalone installs, including `checksums.json`, `checksums.sig`, `signing-public.pem`, archive hash verification, and `SKILL.md`/`skill.json` checksum checks.
|
|
|
|
### Changed
|
|
- Re-release skill payload metadata after excluding test-only files from release SBOMs and archives.
|
|
|
|
## [0.0.1] - 2026-04-26
|
|
|
|
### Added
|
|
- Initial Picoclaw-specific ClawSec skill package for advisory awareness, deterministic profile generation, drift detection, and supply-chain verification.
|
|
- Picoclaw-native Docker pre-release install regression harness using `find_skills` / `install_skill` and skill-loader validation.
|
|
|
|
### Changed
|
|
- Split optional posture-review checks into separate `picoclaw-self-pen-testing` package so this package remains the core public guardian lane.
|
|
- Updated metadata/docs/regression expectations to keep this package focused on advisory, drift, and supply-chain checks.
|