mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
davida-ps
4dbac421ab
* feat(advisories): add provisional ghsa feed * fix(workflows): include advisory signatures in checksums * fix(workflows): mirror ghsa feed at release root * feat(advisories): consolidate ghsa into agent feed * ci(advisories): consolidate ghsa during nvd poll * fix(advisories): retain unreplaced ghsa feed entries * chore(skills): bump advisory feed consumers * fix(release): resolve ts import closure dry run * fix(release): preserve urls while stripping comments * fix(release): ignore skill test-only changes * fix(advisories): follow ghsa pagination links * test(advisories): add nvd ghsa pipeline dry run
71 lines
2.1 KiB
JSON
71 lines
2.1 KiB
JSON
{
|
|
"name": "clawsec-feed",
|
|
"version": "0.0.8",
|
|
"description": "Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence.",
|
|
"author": "prompt-security",
|
|
"license": "AGPL-3.0-or-later",
|
|
"homepage": "https://clawsec.prompt.security",
|
|
"keywords": [
|
|
"security",
|
|
"advisory",
|
|
"feed",
|
|
"agents",
|
|
"ai",
|
|
"threat-intel",
|
|
"monitoring"
|
|
],
|
|
"sbom": {
|
|
"files": [
|
|
{
|
|
"path": "SKILL.md",
|
|
"required": true,
|
|
"description": "Advisory feed skill documentation"
|
|
},
|
|
{
|
|
"path": "CHANGELOG.md",
|
|
"required": true,
|
|
"description": "Version history for advisory feed updates"
|
|
},
|
|
{
|
|
"path": "advisories/feed.json",
|
|
"required": true,
|
|
"description": "Community security advisory feed"
|
|
}
|
|
]
|
|
},
|
|
"openclaw": {
|
|
"emoji": "📡",
|
|
"category": "security",
|
|
"feed_url": "https://api.github.com/repos/prompt-security/ClawSec/releases?skill=clawsec-feed",
|
|
"requires": {
|
|
"bins": [
|
|
"bash",
|
|
"curl",
|
|
"jq",
|
|
"shasum",
|
|
"unzip"
|
|
]
|
|
},
|
|
"execution": {
|
|
"always": false,
|
|
"persistence": "No local persistence or automation is created by the standalone feed package; recurring polling is handled by clawsec-suite or the operator.",
|
|
"network_egress": "Standalone installation downloads release artifacts and optional feed updates from Prompt Security GitHub/website endpoints."
|
|
},
|
|
"operator_review": [
|
|
"This package is primarily signed advisory data plus install instructions; it does not itself create cron jobs or send data outward.",
|
|
"Verify release provenance and checksums before installing on production hosts.",
|
|
"If you need automated polling or host-side enforcement, use clawsec-suite which owns that automation layer."
|
|
],
|
|
"triggers": [
|
|
"security advisories",
|
|
"check advisories",
|
|
"clawsec",
|
|
"threat feed",
|
|
"security alerts",
|
|
"vulnerability feed",
|
|
"advisory feed",
|
|
"security news"
|
|
]
|
|
}
|
|
}
|