mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
davida-ps
83ec542a1e
* feat: add clawsec-advisory-guardian hook for advisory monitoring and user approval - Implemented clawsec-advisory-guardian hook to detect advisories for installed skills. - Added handler for processing advisory matches and notifying users. - Created scripts for setting up advisory hooks and cron jobs for periodic scans. - Introduced guarded skill installation script requiring user confirmation for high-risk advisories. - Updated skill.json to reflect new features and embedded components for advisory monitoring. * chore(clawsec-suite): bump version to 0.0.8 * feat: enhance release script to support version tagging and improve install function * fix: use globalThis for AbortController and timeout functions in loadRemoteFeed * Update scripts/release-skill.sh Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com> * Update skills/clawsec-suite/scripts/guarded_skill_install.mjs Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com> * Update scripts/release-skill.sh Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com> * Normalize version input by removing leading 'v' in versionMatches function * Add dirName property to InstalledSkill and update alert message paths * Enhance file permission handling in persistState function and add warning for chmod errors * Refactor advisory guardian hook: modularize utility functions, version handling, and feed management - Moved utility functions (isObject, normalizeSkillName, uniqueStrings) to lib/utils.mjs - Created version handling functions (parseSemver, compareSemver, versionMatches) in lib/version.mjs - Implemented feed management functions (parseAffectedSpecifier, isValidFeedPayload, loadRemoteFeed) in lib/feed.mjs - Updated handler.ts to utilize new modular functions for improved readability and maintainability - Added new types and state management in lib/types.ts and lib/state.ts - Updated scripts to reflect new file structure and dependencies * Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/matching.ts Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com> * Add published field to Advisory type and refine version matching logic * Set default version to "unknown" in discoverInstalledSkills and adjust versionMatches logic * Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/version.mjs Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com> * Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/matching.ts Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com> * Update skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/version.mjs Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com> --------- Co-authored-by: baz-reviewer[bot] <174234987+baz-reviewer[bot]@users.noreply.github.com>
123 lines
2.4 KiB
TypeScript
123 lines
2.4 KiB
TypeScript
export interface Skill {
|
|
id: string;
|
|
name: string;
|
|
version: string;
|
|
description: string;
|
|
installCommand: string;
|
|
hash: string;
|
|
tags: string[];
|
|
}
|
|
|
|
export interface FeedItem {
|
|
id: string;
|
|
date: string;
|
|
severity: 'low' | 'medium' | 'high' | 'critical';
|
|
title: string;
|
|
description: string;
|
|
}
|
|
|
|
export type AdvisoryType =
|
|
| 'malicious_skill'
|
|
| 'vulnerable_skill'
|
|
| 'prompt_injection'
|
|
| 'attack_pattern'
|
|
| 'best_practice'
|
|
| 'tampering_attempt'
|
|
// NVD CVE advisories use normalized weakness names (for example:
|
|
// "missing_authentication_for_critical_function", "os_command_injection").
|
|
// Keep this open for new categories without requiring type updates.
|
|
| string;
|
|
|
|
// Full advisory type from NVD CVE feed or community reports
|
|
export interface Advisory {
|
|
id: string;
|
|
severity: 'low' | 'medium' | 'high' | 'critical';
|
|
type: AdvisoryType;
|
|
title: string;
|
|
description: string;
|
|
affected?: string[];
|
|
action: string;
|
|
published: string;
|
|
references?: string[];
|
|
cvss_score?: number | null;
|
|
nvd_url?: string;
|
|
// Community report fields (source defaults to "Prompt Security Staff" when absent)
|
|
source?: string;
|
|
github_issue_url?: string;
|
|
reporter?: {
|
|
agent_name?: string;
|
|
opener_type?: 'human' | 'agent';
|
|
};
|
|
}
|
|
|
|
export interface AdvisoryFeed {
|
|
version: string;
|
|
updated: string;
|
|
description: string;
|
|
advisories: Advisory[];
|
|
}
|
|
|
|
export interface NavItem {
|
|
label: string;
|
|
path: string;
|
|
external?: boolean;
|
|
}
|
|
|
|
// Multi-skill distribution types
|
|
|
|
export interface SkillMetadata {
|
|
id: string;
|
|
name: string;
|
|
version: string;
|
|
description: string;
|
|
emoji: string;
|
|
category: string;
|
|
tag: string;
|
|
}
|
|
|
|
export interface SkillsIndex {
|
|
version: string;
|
|
updated: string;
|
|
skills: SkillMetadata[];
|
|
}
|
|
|
|
export interface SkillChecksums {
|
|
skill: string;
|
|
version: string;
|
|
generated_at: string;
|
|
repository: string;
|
|
tag: string;
|
|
files: Record<string, {
|
|
sha256: string;
|
|
size: number;
|
|
path?: string;
|
|
url: string;
|
|
}>;
|
|
}
|
|
|
|
export interface SkillJson {
|
|
name: string;
|
|
version: string;
|
|
description: string;
|
|
author: string;
|
|
license: string;
|
|
homepage: string;
|
|
keywords: string[];
|
|
sbom: {
|
|
files: Array<{
|
|
path: string;
|
|
required: boolean;
|
|
description: string;
|
|
}>;
|
|
};
|
|
openclaw: {
|
|
emoji: string;
|
|
category: string;
|
|
feed_url?: string;
|
|
requires?: {
|
|
bins?: string[];
|
|
};
|
|
triggers: string[];
|
|
};
|
|
}
|