gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
4dbac421ab9400847fa1a44393b26b28fb38b052
clawsec/skills/clawsec-feed
T
History
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
2026-05-24 21:41:59 +03:00
..
advisories
chore: CVE advisories - 0 new, 19 updated (#233)
2026-05-17 01:04:46 +03:00
.clawhubignore
ClawSec init
2026-02-05 21:58:23 +02:00
CHANGELOG.md
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
README.md
chore(skills): harden openclaw skill metadata (#191)
2026-04-14 15:43:04 +03:00
skill.json
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
SKILL.md
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00

README.md

ClawSec Feed 📡

Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence and stay informed about emerging threats.

Operational Notes

  • Required runtime for standalone installation: bash, curl, jq, shasum, unzip
  • This package is advisory data plus install/update guidance; it does not create local persistence by itself
  • Automated polling, installed-skill cross-referencing, and hook/cron behavior live in clawsec-suite
  • Verify release provenance and checksums before installing the standalone artifact on production hosts

Features

  • Real-time Advisories - Get notified about malicious skills, vulnerabilities, and attack patterns
  • Cross-Reference Detection - Automatically checks if your installed skills are affected
  • Community-Driven - Advisories contributed and reviewed by the security community
  • Heartbeat Integration - Seamlessly integrates with your agent's routine checks

Quick Install

curl -sLO https://github.com/prompt-security/clawsec/releases/latest/download/clawsec-feed.skill

Advisory Types

Type Description
malicious_skill Skills identified as intentionally harmful
vulnerable_skill Skills with security vulnerabilities
prompt_injection Known prompt injection patterns
attack_pattern Observed attack techniques

Feed Structure

{
  "version": "1.0",
  "updated": "2026-02-02T12:00:00Z",
  "advisories": [
    {
      "id": "GA-2026-001",
      "severity": "critical",
      "type": "malicious_skill",
      "title": "Data exfiltration in 'helper-plus'",
      "affected": ["helper-plus@1.0.0"],
      "action": "Remove immediately"
    }
  ]
}

Response Example

📡 ClawSec Feed: 2 new advisories

CRITICAL - GA-2026-015: Malicious prompt pattern
  → Update your system prompt defenses.

HIGH - GA-2026-016: Vulnerable skill "data-helper"
  → You have this installed! Update to v1.2.1

Related Skills

  • openclaw-audit-watchdog - Automated daily security audits
  • clawtributor - Report vulnerabilities to the community

License

GNU AGPL v3.0 or later - Prompt Security

Reference in New Issue View Git Blame Copy Permalink