gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ee8587b1ea149ee227390884d194fb596abb529
clawsec/skills/clawsec-suite/hooks/clawsec-advisory-guardian/HOOK.md
T
davida-ps 5ee8587b1e Integration/signing work (#20) 
* ci: sign advisory feed and checksums in workflows

* feat(clawsec-suite): add verifier-side signature and checksum enforcement

Implements cryptographic verification for advisory feed loading:

- Ed25519 detached signature verification for feed.json
- Supports raw base64 and JSON-wrapped signature formats
- Pinned public key at advisories/feed-signing-public.pem

- SHA-256 checksum manifest (checksums.json) verification
- Signed checksums.json.sig prevents partial artifact substitution
- Verifies feed.json, feed.json.sig, and public key against manifest

- Remote feed: returns null on verification failure (triggers fallback)
- Local feed: throws on verification failure (hard fail)
- No silent bypass of verification

- CLAWSEC_ALLOW_UNSIGNED_FEED=1 temporarily bypasses verification
- Warning logged when bypass mode is enabled
- Intended for transition period only

- guarded_skill_install without --version matches any advisory for skill
- Encourages explicit version specification

- scripts/sign_detached_ed25519.mjs - signing utility
- scripts/verify_detached_ed25519.mjs - verification utility
- scripts/generate_checksums_json.mjs - checksum manifest generator
- test/feed_verification.test.mjs - 14 verification tests
- test/guarded_install.test.mjs - 6 install flow tests

- hooks/.../lib/feed.mjs - full rewrite with verification
- hooks/.../handler.ts - verification options integration
- scripts/guarded_skill_install.mjs - verification integration
- skill.json - v0.0.9, new SBOM entries, openssl requirement
- SKILL.md - signed install flow, env vars documentation
- HOOK.md - new environment variables
- ci.yml - added verification test job

Refs: fail-closed verification, Ed25519 signatures, checksum manifests

* fix: update action versions in CI workflows for improved stability

* chore(clawsec-suite): bump version to 0.0.10

* feat: enhance security measures in asset deployment and add changelog for version history

* feat: add dry-run signing for advisory artifacts and generate checksums

* fix: enhance error handling in loadRemoteFeed for security policy violations

* feat: implement Ed25519 signing and verification for advisory artifacts and checksums

* feat: implement signing and verification for advisory artifacts and checksums in workflows

* feat: update dry-run signing key generation to use Ed25519 algorithm

* feat: update Ed25519 signing and verification to use -rawin flag for compatibility

* feat: add public key copying to advisory directory and implement safe basename extraction for URLs

* feat: remove Product Hunt promotion section from README and Home page
2026-02-12 18:49:34 +02:00

2.0 KiB
Raw Blame History

name, description, metadata
name description metadata
clawsec-advisory-guardian Detect advisory matches for installed skills and require explicit user approval before any removal action.
openclaw
events
agent:bootstrap
command:new

ClawSec Advisory Guardian Hook

This hook checks the ClawSec advisory feed against locally installed skills on:

  • agent:bootstrap
  • command:new

When it detects an advisory affecting an installed skill, it posts an alert message. If the advisory looks malicious or removal-oriented, it explicitly recommends removal and asks for user approval first.

Safety Contract

  • The hook does not delete or modify skills.
  • It only reports findings and requests explicit approval before removal.
  • Alerts are deduplicated using ~/.openclaw/clawsec-suite-feed-state.json.

Optional Environment Variables

  • CLAWSEC_FEED_URL: override remote feed URL.
  • CLAWSEC_FEED_SIG_URL: override detached remote feed signature URL (default ${CLAWSEC_FEED_URL}.sig).
  • CLAWSEC_FEED_CHECKSUMS_URL: override remote checksum manifest URL (default sibling checksums.json).
  • CLAWSEC_FEED_CHECKSUMS_SIG_URL: override detached remote checksum manifest signature URL.
  • CLAWSEC_FEED_PUBLIC_KEY: path to pinned feed-signing public key PEM.
  • CLAWSEC_LOCAL_FEED: override local fallback feed file.
  • CLAWSEC_LOCAL_FEED_SIG: override local detached feed signature path.
  • CLAWSEC_LOCAL_FEED_CHECKSUMS: override local checksum manifest path.
  • CLAWSEC_LOCAL_FEED_CHECKSUMS_SIG: override local checksum manifest signature path.
  • CLAWSEC_VERIFY_CHECKSUM_MANIFEST: set to 0 only for emergency troubleshooting (default verifies checksums).
  • CLAWSEC_ALLOW_UNSIGNED_FEED: set to 1 only for temporary migration compatibility; bypasses signature/checksum verification.
  • CLAWSEC_SUITE_STATE_FILE: override state file path.
  • CLAWSEC_INSTALL_ROOT: override installed skills root.
  • CLAWSEC_SUITE_DIR: override clawsec-suite install path.
  • CLAWSEC_HOOK_INTERVAL_SECONDS: minimum interval between hook scans (default 300).
Reference in New Issue View Git Blame Copy Permalink