gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
58b092d6d04665553cf12ff8075ad3285f01b3a9
clawsec/skills/clawsec-feed
T
History
github-actions[bot] 58b092d6d0 chore: update NVD/GHSA advisories - 7 NVD new, 1 NVD updated (#250) 
Automated update from NVD CVE and GHSA advisory feeds.
Keywords: openclaw, nanoclaw, hermes, picoclaw
Poll window: 2026-05-27T06:34:09Z to 2026-05-31T07:15:12.000Z

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-31 10:32:39 +03:00
..
advisories
chore: update NVD/GHSA advisories - 7 NVD new, 1 NVD updated (#250)
2026-05-31 10:32:39 +03:00
.clawhubignore
ClawSec init
2026-02-05 21:58:23 +02:00
CHANGELOG.md
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
README.md
chore(skills): harden openclaw skill metadata (#191)
2026-04-14 15:43:04 +03:00
skill.json
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00
SKILL.md
feat(advisories): add provisional GHSA feed (#242)
2026-05-24 21:41:59 +03:00

README.md

ClawSec Feed 📡

Security advisory feed monitoring for AI agents. Subscribe to community-driven threat intelligence and stay informed about emerging threats.

Operational Notes

  • Required runtime for standalone installation: bash, curl, jq, shasum, unzip
  • This package is advisory data plus install/update guidance; it does not create local persistence by itself
  • Automated polling, installed-skill cross-referencing, and hook/cron behavior live in clawsec-suite
  • Verify release provenance and checksums before installing the standalone artifact on production hosts

Features

  • Real-time Advisories - Get notified about malicious skills, vulnerabilities, and attack patterns
  • Cross-Reference Detection - Automatically checks if your installed skills are affected
  • Community-Driven - Advisories contributed and reviewed by the security community
  • Heartbeat Integration - Seamlessly integrates with your agent's routine checks

Quick Install

curl -sLO https://github.com/prompt-security/clawsec/releases/latest/download/clawsec-feed.skill

Advisory Types

Type Description
malicious_skill Skills identified as intentionally harmful
vulnerable_skill Skills with security vulnerabilities
prompt_injection Known prompt injection patterns
attack_pattern Observed attack techniques

Feed Structure

{
  "version": "1.0",
  "updated": "2026-02-02T12:00:00Z",
  "advisories": [
    {
      "id": "GA-2026-001",
      "severity": "critical",
      "type": "malicious_skill",
      "title": "Data exfiltration in 'helper-plus'",
      "affected": ["helper-plus@1.0.0"],
      "action": "Remove immediately"
    }
  ]
}

Response Example

📡 ClawSec Feed: 2 new advisories

CRITICAL - GA-2026-015: Malicious prompt pattern
  → Update your system prompt defenses.

HIGH - GA-2026-016: Vulnerable skill "data-helper"
  → You have this installed! Update to v1.2.1

Related Skills

  • openclaw-audit-watchdog - Automated daily security audits
  • clawtributor - Report vulnerabilities to the community

License

GNU AGPL v3.0 or later - Prompt Security

Reference in New Issue View Git Blame Copy Permalink