gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
4dbac421ab9400847fa1a44393b26b28fb38b052
clawsec/skills/picoclaw-security-guardian
T
History
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
2026-05-24 21:41:59 +03:00
..
lib
Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208)
2026-04-26 14:19:18 +03:00
scripts
Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208)
2026-04-26 14:19:18 +03:00
test
Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208)
2026-04-26 14:19:18 +03:00
CHANGELOG.md
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
README.md
Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208)
2026-04-26 14:19:18 +03:00
skill.json
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
SKILL.md
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00

README.md

picoclaw-security-guardian

Picoclaw security posture skill for ClawSec.

Status: implemented (v0.0.1), Picoclaw-specific.

Detailed architecture/operator docs: wiki/modules/picoclaw-security-guardian.md.

Support matrix mapping

Skill name supported platform security feed config drift agent posture-review lane chain of supply verification
picoclaw-security-guardian Picoclaw Yes Yes Separate package Yes

Capabilities

  • Picoclaw-aware advisory filtering from a verified ClawSec feed/cache.
  • Deterministic local posture profile generation for configs, gateway exposure, tools, MCP, credentials/security files, and release artifacts.
  • Baseline drift comparison with critical/high/medium/low/info findings.
  • Supply-chain verification for release artifacts using SHA-256 manifests plus required Ed25519 detached signatures for passing provenance verdicts.

Quickstart

node scripts/generate_profile.mjs --output ~/.picoclaw/security/clawsec/current-profile.json
node scripts/check_drift.mjs --baseline ~/.picoclaw/security/clawsec/baseline-profile.json --current ~/.picoclaw/security/clawsec/current-profile.json
node scripts/verify_supply_chain.mjs --artifact ./picoclaw --checksums ./checksums.json --signature ./checksums.json.sig --public-key ./feed-signing-public.pem
node scripts/check_advisories.mjs --feed ~/.picoclaw/security/clawsec/feed.json --state ~/.picoclaw/security/clawsec/feed-verification-state.json

All scripts are read-only except profile/report outputs explicitly requested by --output.

Tests

node test/profile.test.mjs
node test/drift.test.mjs
node test/supply_chain.test.mjs
bash -n test/picoclaw_security_guardian_sandbox_regression.sh

Pre-release install regression

Run this before cutting v0.0.1 release artifacts:

test/picoclaw_security_guardian_sandbox_regression.sh

It uses Docker to publish the skill through a local ClawHub-compatible registry, installs it with Picoclaw's own find_skills / install_skill flow into an isolated Picoclaw workspace, confirms Picoclaw's skill loader can list/load it, then verifies the installed copy's profile, drift, advisory, and supply-chain paths.

Reference in New Issue View Git Blame Copy Permalink