gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-15 22:41:20 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
4a4b547b92e6d8b661e57f92b08bd065d0989cad
clawsec/scripts
T
History
davida-ps 4a4b547b92 ci(skills): pin clawhub CLI by hash via committed lockfile (#268) 
* ci(skills): pin clawhub CLI by hash via committed lockfile

Scorecard flags the skill-release workflow's npm install of the clawhub
CLI (code-scanning alerts #25/#26): version pinning alone carries no
integrity guarantee. Install it with npm ci from a committed
package-lock.json instead, so every package (clawhub + 35 transitive
deps) is verified against its sha512 hash at install time.

The publish-payload patch step now resolves the module from the local
node_modules instead of npm root -g.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(skill-release): authenticate pinned clawhub install

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-06-15 18:12:36 +03:00
..
ci
ci(skills): pin clawhub CLI by hash via committed lockfile (#268)
2026-06-15 18:12:36 +03:00
i18n
feat(i18n): add multilingual wiki scaffolding, language switcher, and… (#212)
2026-04-29 09:00:31 +03:00
archive-github-traffic.mjs
fix(traffic): require a traffic-capable PAT for the archive workflow (#265)
2026-06-11 08:25:56 +03:00
backfill-exploitability.sh
Exploitability Context for CVE Advisories (#89)
2026-03-01 18:43:24 +02:00
feed-utils.sh
Include hermes-agent in NVD queries and export keywords to environment (#226)
2026-05-07 14:58:08 +03:00
generate-wiki-llms.mjs
feat(wiki): add full in-app wiki browser and llms index (#80)
2026-02-26 10:43:36 +02:00
ghsa-without-cve-feed.mjs
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
populate-local-feed.sh
Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208)
2026-04-26 14:19:18 +03:00
populate-local-skills.sh
fix(release): exclude tests from skill payloads (#230)
2026-05-14 14:38:58 +03:00
populate-local-wiki.sh
feat(wiki): add full in-app wiki browser and llms index (#80)
2026-02-26 10:43:36 +02:00
prepare-to-push.sh
Exploitability Context for CVE Advisories (#89)
2026-03-01 18:43:24 +02:00
release-skill.sh
feat: add public key files for signing and enhance release script wit… (#23)
2026-02-12 19:39:59 +02:00
test-deploy-pages-checksums.mjs
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
test-ghsa-poll-workflow.mjs
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
test-ghsa-without-cve-feed.mjs
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
test-github-traffic-archive.mjs
fix(traffic): require a traffic-capable PAT for the archive workflow (#265)
2026-06-11 08:25:56 +03:00
test-nvd-ghsa-consolidation-workflow.mjs
fix(workflow): filter dispatched codeql runs with jq (#260)
2026-06-10 11:23:30 +03:00
test-nvd-ghsa-pipeline-dry-run.mjs
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
test-skill-clawhub-slug.mjs
fix(skills): namespace ClawHub skill slugs (#263)
2026-06-10 16:39:19 +03:00
test-skill-install-docs.mjs
ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262)
2026-06-10 13:22:22 +03:00
test-skill-release-workflow.mjs
ci(skills): pin clawhub CLI by hash via committed lockfile (#268)
2026-06-15 18:12:36 +03:00
test-skill-tag-release-simulation.mjs
fix(skills): scan staged payload with SkillSpector (#264)
2026-06-10 17:18:54 +03:00
test-skill-trust-packet.mjs
ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262)
2026-06-10 13:22:22 +03:00
validate-release-links.sh
Enhance/skill release (#8)
2026-02-08 19:18:21 +02:00