davida-ps
382db82483
* feat: add severity filter tabs to advisory feed page Add horizontal severity filter tabs (All, Critical, High, Medium, Low) to the advisory feed page. Advisories are filtered by CVSS score ranges matching NVD conventions. Tab counts update dynamically. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: extract severity filter tabs into data-driven map Replace five duplicated button blocks with a SEVERITY_TABS metadata array and a single .map() loop. Class strings are kept as full literals for Tailwind purge compatibility. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: replace filteredAdvisories state with useMemo filteredAdvisories is derived from advisories + selectedSeverity and should not be independent state. Replace useState + filtering useEffect with a single useMemo. Keep a minimal useEffect that only resets currentPage on dependency changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add platform filter tabs (OpenClaw / NanoClaw) to advisory feed Add a second row of filter tabs for platform selection using the clawd color palette. Add platforms field to Advisory type to match feed data. Both severity and platform filters compose via useMemo. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: extract shared FilterTabs component and treat missing platforms as universal Extract a reusable FilterTabs component so severity and platform tab rows share identical markup. Fix platform filter to treat advisories with missing or empty platforms as matching all platforms, preventing legacy entries from being silently dropped. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
ClawSec: Security Skill Suite for AI Agents
Secure Your OpenClaw and NanoClaw Agents with a Complete Security Skill Suite
Brought to you by Prompt Security, the Platform for AI Security
🦞 What is ClawSec?
ClawSec is a complete security skill suite for AI agent platforms. It provides unified security monitoring, integrity verification, and threat intelligence-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.
Supported Platforms
- OpenClaw (MoltBot, Clawdbot, and clones) - Full suite with skill installer, file integrity protection, and security audits
- NanoClaw - Containerized WhatsApp bot security with MCP tools for advisory monitoring, signature verification, and file integrity
Core Capabilities
- 📦 Suite Installer - One-command installation of all security skills with integrity verification
- 🛡️ File Integrity Protection - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)
- 📡 Live Security Advisories - Automated NVD CVE polling and community threat intelligence
- 🔍 Security Audits - Self-check scripts to detect prompt injection markers and vulnerabilities
- 🔐 Checksum Verification - SHA256 checksums for all skill artifacts
- Health Checks - Automated updates and integrity verification for all installed skills
🎬 Product Demos
Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.
Install Demo (clawsec-suite)
Direct link: install-demo.mp4
Drift Detection Demo (soul-guardian)
Direct link: soul-guardian-demo.mp4
🚀 Quick Start
For AI Agents
# Install the ClawSec security suite
npx clawhub@latest install clawsec-suite
After install, the suite can:
- Discover installable protections from the published skills catalog
- Verify release integrity using signed checksums
- Set up advisory monitoring and hook-based protection flows
- Add optional scheduled checks
Manual/source-first option:
Read https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md and follow the installation instructions.
For Humans
Copy this instruction to your AI agent:
Install ClawSec with
npx clawhub@latest install clawsec-suite, then complete the setup steps from the generated instructions.
Shell and OS Notes
ClawSec scripts are split between:
- Cross-platform Node/Python tooling (
npm run build, hook/setup.mjs,utils/*.py) - POSIX shell workflows (
*.sh, most manual install snippets)
For Linux/macOS (bash/zsh):
- Use unquoted or double-quoted home vars:
export INSTALL_ROOT="$HOME/.openclaw/skills" - Do not single-quote expandable vars (for example, avoid
'$HOME/.openclaw/skills')
For Windows (PowerShell):
- Prefer explicit path building:
$env:INSTALL_ROOT = Join-Path $HOME ".openclaw\\skills"node "$env:INSTALL_ROOT\\clawsec-suite\\scripts\\setup_advisory_hook.mjs"
- POSIX
.shscripts require WSL or Git Bash.
Troubleshooting: if you see directories such as ~/.openclaw/workspace/$HOME/..., a home variable was passed literally. Re-run using an absolute path or an unquoted home expression.
📱 NanoClaw Platform Support
ClawSec now supports NanoClaw, a containerized WhatsApp bot powered by Claude agents.
clawsec-nanoclaw Skill
Location: skills/clawsec-nanoclaw/
A complete security suite adapted for NanoClaw's containerized architecture:
- 9 MCP Tools for agents to check vulnerabilities
- Advisory checking and browsing
- Pre-installation safety checks
- Skill package signature verification (Ed25519)
- File integrity monitoring
- Automatic Advisory Feed - Fetches and caches advisories every 6 hours
- Platform Filtering - Shows only NanoClaw-relevant advisories
- IPC-Based - Container-safe host communication
- Full Documentation - Installation guide, usage examples, troubleshooting
Advisory Feed for NanoClaw
The feed now monitors NanoClaw-specific keywords:
NanoClaw- Direct product nameWhatsApp-bot- Core functionalitybaileys- WhatsApp client library dependency
Advisories can specify platforms: ["nanoclaw"] for platform-specific issues.
Quick Start for NanoClaw
See skills/clawsec-nanoclaw/INSTALL.md for detailed setup instructions.
Quick integration:
- Copy skill to NanoClaw deployment
- Integrate MCP tools in container
- Add IPC handlers and cache service on host
- Restart NanoClaw
📦 ClawSec Suite (OpenClaw)
The clawsec-suite is a skill-of-skills manager that installs, verifies, and maintains security skills from the ClawSec catalog.
Skills in the Suite
| Skill | Description | Installation | Compatibility |
|---|---|---|---|
| 📡 clawsec-feed | Security advisory feed monitoring with live CVE updates | ✅ Included by default | All agents |
| 🔭 openclaw-audit-watchdog | Automated daily audits with email reporting | ⚙️ Optional (install separately) | OpenClaw/MoltBot/Clawdbot |
| 👻 soul-guardian | Drift detection and file integrity guard with auto-restore | ⚙️ Optional | All agents |
| 🤝 clawtributor | Community incident reporting | ❌ Optional (Explicit request) | All agents |
⚠️ clawtributor is not installed by default as it may share anonymized incident data. Install only on explicit user request.
⚠️ openclaw-audit-watchdog is tailored for the OpenClaw/MoltBot/Clawdbot agent family. Other agents receive the universal skill set.
Suite Features
- Integrity Verification - Every skill package includes
checksums.jsonwith SHA256 hashes - Updates - Automatic checks for new skill versions
- Self-Healing - Failed integrity checks trigger automatic re-download from trusted releases
- Advisory Cross-Reference - Installed skills are checked against the security advisory feed
📡 Security Advisory Feed
ClawSec maintains a continuously updated security advisory feed, automatically populated from NIST's National Vulnerability Database (NVD).
Feed URL
# Fetch latest advisories
curl -s https://clawsec.prompt.security/advisories/feed.json | jq '.advisories[] | select(.severity == "critical" or .severity == "high")'
Canonical endpoint: https://clawsec.prompt.security/advisories/feed.json
Compatibility mirror (legacy): https://clawsec.prompt.security/releases/latest/download/feed.json
Monitored Keywords
The feed polls CVEs related to:
- OpenClaw Platform:
OpenClaw,clawdbot,Moltbot - NanoClaw Platform:
NanoClaw,WhatsApp-bot,baileys - Prompt injection patterns
- Agent security vulnerabilities
Advisory Schema
NVD CVE Advisory:
{
"id": "CVE-2026-XXXXX",
"severity": "critical|high|medium|low",
"type": "vulnerable_skill",
"platforms": ["openclaw", "nanoclaw"],
"title": "Short description",
"description": "Full CVE description from NVD",
"published": "2026-02-01T00:00:00Z",
"cvss_score": 8.8,
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX",
"references": ["..."],
"action": "Recommended remediation"
}
Community Advisory:
{
"id": "CLAW-2026-0042",
"severity": "high",
"type": "prompt_injection|vulnerable_skill|tampering_attempt",
"platforms": ["nanoclaw"],
"title": "Short description",
"description": "Detailed description from issue",
"published": "2026-02-01T00:00:00Z",
"affected": ["skill-name@1.0.0"],
"source": "Community Report",
"github_issue_url": "https://github.com/.../issues/42",
"action": "Recommended remediation"
}
Platform values:
"openclaw"- OpenClaw/Clawdbot/MoltBot only"nanoclaw"- NanoClaw only["openclaw", "nanoclaw"]- Both platforms- (empty/missing) - All platforms (backward compatible)
🔄 CI/CD Pipelines
ClawSec uses automated pipelines for continuous security updates and skill distribution.
Automated Workflows
| Workflow | Trigger | Description |
|---|---|---|
| ci.yml | PRs to main, pushes to main |
Lint/type/build + skill test suites |
| pages-verify.yml | PRs to main |
Verifies Pages build and signing outputs without publishing |
| poll-nvd-cves.yml | Daily cron (06:00 UTC) | Polls NVD for new CVEs, updates feed |
| community-advisory.yml | Issue labeled advisory-approved |
Processes community reports into advisories |
| skill-release.yml | Skill tags + metadata PR changes | Validates version parity in PRs and publishes signed skill releases on tags |
| deploy-pages.yml | workflow_run after successful trusted CI/release or manual dispatch |
Builds and deploys the web interface to GitHub Pages |
| wiki-sync.yml | Pushes to main touching wiki/** |
Syncs wiki/ to the GitHub Wiki mirror |
Skill Release Pipeline
When a skill is tagged (e.g., soul-guardian-v1.0.0), the pipeline:
- Validates - Checks
skill.jsonversion matches tag - Enforces key consistency - Verifies pinned release key references are consistent across repo PEMs and
skills/clawsec-suite/SKILL.md - Generates Checksums - Creates
checksums.jsonwith SHA256 hashes for all SBOM files - Signs + verifies - Signs
checksums.jsonand validates the generatedsigning-public.pemfingerprint against canonical repo key material - Releases - Publishes to GitHub Releases with all artifacts
- Supersedes Old Releases - Deletes older versions within the same major line (tags remain)
- Triggers Pages Update - Refreshes the skills catalog on the website
Signing Key Consistency Guardrails
To prevent supply-chain drift, CI now fails fast when signing key references diverge.
Guardrail script:
scripts/ci/verify_signing_key_consistency.sh
What it checks:
skills/clawsec-suite/SKILL.mdinline public key fingerprint matchesRELEASE_PUBKEY_SHA256- Canonical PEM files all match the same fingerprint:
clawsec-signing-public.pemadvisories/feed-signing-public.pemskills/clawsec-suite/advisories/feed-signing-public.pem
- Generated public key in workflows matches canonical key:
release-assets/signing-public.pem(release workflow)public/signing-public.pem(pages workflow)
Where enforced:
.github/workflows/skill-release.yml.github/workflows/deploy-pages.yml
Release Versioning & Superseding
ClawSec follows semantic versioning. When a new version is released:
| Scenario | Behavior |
|---|---|
| New patch/minor (e.g., 1.0.1, 1.1.0) | Previous releases with same major version are deleted |
| New major (e.g., 2.0.0) | Previous major version (1.x.x) remains for backwards compatibility |
Why do old releases disappear?
When you release skill-v0.0.2, the previous skill-v0.0.1 release is automatically deleted to keep the releases page clean. Only the latest version within each major version is retained.
- Git tags are preserved - You can always recreate a release from an existing tag if needed
- Major versions coexist - Both
skill-v1.x.xandskill-v2.x.xlatest releases remain available for backwards compatibility
Release Artifacts
Each skill release includes:
checksums.json- SHA256 hashes for integrity verificationskill.json- Skill metadataSKILL.md- Main skill documentation- Additional files from SBOM (scripts, configs, etc.)
Signing Operations Documentation
For feed/release signing rollout and operations guidance:
wiki/security-signing-runbook.md- key generation, GitHub secrets, rotation/revocation, incident responsewiki/migration-signed-feed.md- phased migration from unsigned feed, enforcement gates, rollback plan
🛠️ Offline Tools
ClawSec includes Python utilities for local skill development and validation.
Skill Validator
Validates a skill folder against the required schema:
python utils/validate_skill.py skills/clawsec-feed
Checks:
skill.jsonexists and is valid JSON- Required fields present (name, version, description, author, license)
- SBOM files exist and are readable
- OpenClaw metadata is properly structured
Skill Checksums Generator
Generates checksums.json with SHA256 hashes for a skill:
python utils/package_skill.py skills/clawsec-feed ./dist
Outputs:
checksums.json- SHA256 hashes for verification
🛠️ Local Development
Prerequisites
- Node.js 20+
- Python 3.10+ (for offline tools)
- npm
Setup
# Install dependencies
npm install
# Start development server
npm run dev
Populate Local Data
# Populate skills catalog from local skills/ directory
./scripts/populate-local-skills.sh
# Populate advisory feed with real NVD CVE data
./scripts/populate-local-feed.sh --days 120
# Generate wiki llms exports from wiki/ (for local preview)
./scripts/populate-local-wiki.sh
# Direct generator entrypoint (used by predev/prebuild)
npm run gen:wiki-llms
Notes:
npm run devandnpm run buildautomatically regenerate wikillms.txtexports (predev/prebuildhooks).public/wiki/is generated output (local + CI) and is intentionally gitignored.
Build
npm run build
📁 Project Structure
├── advisories/
│ └── feed.json # Main advisory feed (auto-updated from NVD)
├── components/ # React components
├── pages/ # Page components
├── wiki/ # Source-of-truth docs (synced to GitHub Wiki)
├── scripts/
│ ├── generate-wiki-llms.mjs # wiki/*.md -> public/wiki/**/llms.txt
│ ├── populate-local-feed.sh # Local CVE feed populator
│ ├── populate-local-skills.sh # Local skills catalog populator
│ ├── populate-local-wiki.sh # Local wiki llms export populator
│ └── release-skill.sh # Manual skill release helper
├── skills/
│ ├── clawsec-suite/ # 📦 Suite installer (skill-of-skills)
│ ├── clawsec-feed/ # 📡 Advisory feed skill
│ ├── clawsec-nanoclaw/ # 📱 NanoClaw platform security suite
│ ├── clawsec-clawhub-checker/ # 🧪 ClawHub reputation checks
│ ├── clawtributor/ # 🤝 Community reporting skill
│ ├── openclaw-audit-watchdog/ # 🔭 Automated audit skill
│ ├── prompt-agent/ # 🧠 Prompt-focused protection workflows
│ └── soul-guardian/ # 👻 File integrity skill
├── utils/
│ ├── package_skill.py # Skill packager utility
│ └── validate_skill.py # Skill validator utility
├── .github/workflows/
│ ├── ci.yml # Cross-platform lint/type/build + tests
│ ├── pages-verify.yml # PR-only pages build verification
│ ├── poll-nvd-cves.yml # CVE polling pipeline
│ ├── community-advisory.yml # Approved issue -> advisory PR
│ ├── skill-release.yml # Skill release pipeline
│ ├── wiki-sync.yml # Sync repo wiki/ to GitHub Wiki
│ └── deploy-pages.yml # Pages deployment
└── public/ # Static assets + generated publish artifacts
🤝 Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
Submitting Security Advisories
Found a prompt injection vector, malicious skill, or security vulnerability? Report it via GitHub Issues:
- Open a new issue using the Security Incident Report template
- Fill out the required fields (severity, type, description, affected skills)
- A maintainer will review and add the
advisory-approvedlabel - The advisory is automatically published to the feed as
CLAW-{YEAR}-{ISSUE#}
See CONTRIBUTING.md for detailed guidelines.
Adding New Skills
- Create a skill folder under
skills/ - Add
skill.jsonwith required metadata and SBOM - Add
SKILL.mdwith agent-readable instructions - Validate with
python utils/validate_skill.py skills/your-skill - Submit a PR for review
📚 Documentation Source of Truth
For all wiki content, edit files under wiki/ in this repository. The GitHub Wiki (<repo>.wiki.git) is synced from wiki/ by .github/workflows/wiki-sync.yml when wiki/** changes on main.
LLM exports are generated from wiki/ into public/wiki/:
/wiki/llms.txtis the LLM-ready export forwiki/INDEX.md(or a generated fallback index ifINDEX.mdis missing)./wiki/<page>/llms.txtis the LLM-ready export for that single wiki page.
📄 License
- Source code: GNU AGPL v3.0 or later - See LICENSE for details.
- Fonts in
font/: Licensed separately - Seefont/README.md.
ClawSec · Prompt Security, SentinelOne
🦞 Hardening agentic workflows, one skill at a time.