gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
7cdb4ab7e245d210b8cacf66874f9eb491e93464
clawsec/skills/clawsec-nanoclaw/INSTALL.md
T
David Abutbul 73dd63f714 Nanoclaw integration (#65) 
* Add NanoClaw platform support to ClawSec

## Changes

### CI/CD Pipeline Updates
- Added NanoClaw keywords to NVD CVE monitoring
- Keywords: "NanoClaw", "WhatsApp-bot", "baileys"
- GitHub pattern now matches NanoClaw repositories

### Documentation
- Added NANOCLAW.md with integration guide
- Documented platform-specific advisory schema
- Credited 8-agent team that designed the integration

### Advisory Schema Enhancement
- Added optional `platforms` field support
- Enables platform-specific advisories (openclaw/nanoclaw)
- Maintains backward compatibility (empty = all platforms)

## Team Credits

Designed and implemented by specialized agent team:
- pioneer-repo-scout: ClawSec architecture analysis
- pioneer-nanoclaw-scout: NanoClaw architecture analysis
- architect: Integration design
- advisory-specialist: Feed integration
- integrity-specialist: File integrity design
- installer-specialist: Signature verification
- tester: Test infrastructure
- documenter: Documentation

Total contribution: 3000+ lines of design + implementation code.

## Impact

ClawSec now monitors for NanoClaw-specific security issues and can
provide platform-targeted advisories. This enables NanoClaw to consume
the advisory feed out-of-the-box for security monitoring.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Add clawsec-nanoclaw skill with full security suite

Provides complete ClawSec integration for NanoClaw deployments including:

Features:
- 4 MCP tools for agent-initiated vulnerability checking
- Advisory cache service with automatic feed fetching (6h interval)
- Ed25519 signature verification for feed integrity
- Platform-specific advisory filtering (nanoclaw/openclaw)
- IPC-based container-to-host communication

Components (1,730 lines):
- MCP Tools (350 lines): clawsec_check_advisories, clawsec_check_skill_safety,
  clawsec_list_advisories, clawsec_verify_signature
- Advisory Cache Manager (492 lines): Periodic fetching, signature verification
- Signature Verification (387 lines): Ed25519 crypto utilities
- Advisory Matching (289 lines): Skill-to-vulnerability correlation
- IPC Handlers (212 lines): Host-side request processing
- Complete documentation: SKILL.md, INSTALL.md with troubleshooting

Architecture:
- Container: MCP tools invoked by agents via Claude SDK
- IPC Layer: Filesystem-based request/response for host operations
- Host Service: Advisory cache with automatic refresh and verification
- Feed Source: https://clawsec.prompt.security/advisories/feed.json

Installation:
NanoClaw users can now add ClawSec security by:
1. Copying skills/clawsec-nanoclaw to their deployment
2. Integrating MCP tools into container (3 line change)
3. Integrating IPC handlers into host (2 line change)
4. Starting cache service in host process (1 line change)

No modifications to NanoClaw core required - ClawSec provides everything
as an installable skill package, just like it does for OpenClaw.

Updated NANOCLAW.md with complete installation instructions and
documentation references.

Team Credits:
8-agent collaborative design and implementation:
- pioneer-repo-scout: ClawSec architecture analysis
- pioneer-nanoclaw-scout: NanoClaw architecture analysis
- architect: Integration design and coordination
- advisory-specialist: Advisory feed integration
- integrity-specialist: File integrity design
- installer-specialist: Signature verification implementation
- tester: Test infrastructure and validation
- documenter: Documentation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Add security expansion: Skill signature verification + File integrity monitoring

Implements Phase 1 (Skill Signature Verification) and Phase 2 (File Integrity
Monitoring) for NanoClaw security enhancement.

## Phase 1: Skill Signature Verification (~490 lines)

Adds Ed25519 signature verification for skill packages to prevent supply chain attacks.

**New Files:**
- host-services/skill-signature-handler.ts (217 lines): Core verification service
- mcp-tools/signature-verification.ts (200 lines): clawsec_verify_skill_package tool
- docs/SKILL_SIGNING.md (270 lines): Complete signing/verification guide

**Features:**
- Ed25519 signature verification using Node.js crypto
- Pinned ClawSec public key with custom key override support
- Auto-detection of .sig signature files
- Package SHA-256 integrity hashing
- Fail-closed error handling with detailed diagnostics
- IPC-based container-to-host verification (5s timeout)

**MCP Tool:** clawsec_verify_skill_package
- Verifies skill packages before installation
- Returns: valid, recommendation (install/block/review), signer, algorithm
- Prevents installation of tampered/malicious packages

## Phase 2: File Integrity Monitoring (~1,765 lines)

Ports OpenClaw's soul-guardian to NanoClaw for critical file protection.

**New Files:**
- guardian/integrity-monitor.ts (711 lines): Core monitoring engine
- guardian/policy.json (55 lines): NanoClaw-specific protection policy
- mcp-tools/integrity-tools.ts (260 lines): 4 MCP tools for agents
- host-services/integrity-handler.ts (349 lines): IPC handler integration
- docs/INTEGRITY.md (470 lines): User documentation

**Features:**
- SHA-256 baseline tracking with tamper-evident audit logs
- Auto-restore for critical files (registered_groups.json, CLAUDE.md)
- Alert-only mode for non-critical files
- Intentional change approval workflow
- Hash-chained audit logging
- Symlink protection and atomic file operations
- Unified diff generation for drift analysis

**MCP Tools:**
- clawsec_check_integrity: Check files for unauthorized changes
- clawsec_approve_change: Approve legitimate modifications
- clawsec_integrity_status: View monitoring status
- clawsec_verify_audit: Verify audit log integrity

**Protected Files:**
- CRITICAL: registered_groups.json (prevents group hijacking)
- HIGH: CLAUDE.md files (prevents instruction poisoning)
- MEDIUM: Container/host code (alerts on changes)
- IGNORED: Conversations (expected to change)

## Shared Enhancements (+129 lines)

**Updated: lib/signatures.ts**
Added 5 new crypto utilities:
- verifyDetachedSignature(): File-based Ed25519 verification
- verifyDetachedSignatureWithDetails(): Diagnostic variant with error details
- loadPublicKey(): PEM validation and security enforcement
- sha256File(): File hashing (shared utility)
- verifyFileHashes(): Batch drift detection

**Updated: lib/types.ts**
Added TypeScript interfaces for:
- VerifySkillSignatureRequest/Response (Phase 1 IPC)
- IntegrityCheckRequest/Response (Phase 2 IPC)
- VerifySkillPackageParams (Phase 1 MCP tool)

**Updated: host-services/ipc-handlers.ts**
Added IPC handlers:
- verify_skill_signature (Phase 1)
- integrity_check, integrity_approve, integrity_status, integrity_verify_audit (Phase 2)

## Total Delivery

- **New Code**: ~2,958 lines
- **Files Created**: 11 new files
- **Files Modified**: 3 existing files
- **Documentation**: 740 lines across 2 comprehensive guides

## Architecture

**Phase 1:** Container agents → MCP tool → IPC → Host verifier → Ed25519 crypto
**Phase 2:** Container agents → MCP tools → IPC → Host service → File monitoring

**Storage:**
- Phase 1: Stateless (no persistent storage)
- Phase 2: /workspace/project/data/soul-guardian/ (host-only)

**Security Model:**
- Ed25519 signatures verified with pinned ClawSec public key
- SHA-256 baselines stored on host (containers cannot modify)
- Hash-chained audit logs for tamper detection
- Fail-closed error handling throughout
- IPC-only access (no direct container mounts)

## Team Credits

Designed and implemented by 5-agent Opus 4.6 team:
- signature-verification-lead: Phase 1 implementation
- integrity-monitoring-lead: Phase 2 implementation
- shared-crypto: Cryptographic utilities
- mcp-tools-architect: MCP tool schema standards
- ipc-handler-architect: IPC protocol standards

Coordination approach:
1. Design phase: Each agent analyzed and proposed solutions
2. Coordination phase: Aligned on shared components (crypto, IPC, storage)
3. Implementation phase: Parallel execution with peer support
4. Result: Zero conflicts, exceeded targets, complete documentation

## Integration

NanoClaw users can now install ClawSec security features:

**1. MCP Tools** (container):
```typescript
import { clawsecTools } from '../../../skills/clawsec-nanoclaw/mcp-tools/advisory-tools.js';
import { verifySkillPackage } from '../../../skills/clawsec-nanoclaw/mcp-tools/signature-verification.js';
import { integrityTools } from '../../../skills/clawsec-nanoclaw/mcp-tools/integrity-tools.js';
```

**2. IPC Handlers** (host):
```typescript
import { registerClawSecHandlers } from '../skills/clawsec-nanoclaw/host-services/ipc-handlers.js';
```

**3. Services** (host):
```typescript
import { SkillSignatureVerifier } from '../skills/clawsec-nanoclaw/host-services/skill-signature-handler.js';
import { IntegrityService } from '../skills/clawsec-nanoclaw/host-services/integrity-handler.js';
```

See docs/SKILL_SIGNING.md and docs/INTEGRITY.md for complete integration guides.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Fix SKILL.md format: proper YAML frontmatter, remove ASCII diagrams, focus on when-to-use

* chore: align with contributors guidelines - set version 0.0.1, add version to SKILL.md frontmatter, complete SBOM

* fix: use specific NanoClaw repo URL instead of wildcard pattern

Change github.com/*/NanoClaw to github.com/qwibitai/NanoClaw to avoid
matching unrelated projects in CVE advisory scanning.

* docs: merge NanoClaw support into main README, move NANOCLAW.md to skill README

- Add NanoClaw platform section in main README
- Update supported platforms list (OpenClaw + NanoClaw)
- Add monitored keywords for NanoClaw (WhatsApp-bot, baileys)
- Document platform-specific advisory schema
- Move NANOCLAW.md to skills/clawsec-nanoclaw/README.md

* fix: resolve ESLint and TypeScript errors in clawsec-nanoclaw skill

Fix all CI failures from prepare-to-push.sh for the nanoclaw-integration branch:

ESLint fixes:
- Add missing Node.js globals (Buffer, AbortController, clearTimeout,
  RequestInit) to eslint.config.js for TypeScript files
- Add ambient declarations for host-provided variables (server, writeIpcFile,
  TASKS_DIR, groupFolder) in MCP tool template files
- Wrap bare case statements in ipc-handlers.ts in a proper exported function
- Replace @ts-ignore with @ts-expect-error in signatures.ts
- Prefix unused variables with underscore (affectedVersion, keyDer,
  safeBasename, groupFolder)
- Add eslint-disable directives for intentional any usage in template files
- Change any to unknown in types.ts where appropriate

TypeScript fixes:
- Replace glob import with ambient namespace declaration (glob not in repo deps)
- Fix Hash.hexdigest() to Hash.digest('hex') in integrity-monitor.ts
- Fix unreachable type comparison (recommendation === 'install') in
  advisory-tools.ts

Comment syntax fixes:
- Convert block comments containing '*/30 * * * *' cron expressions to
  line comments to prevent premature comment termination in
  integrity-handler.ts and integrity-tools.ts

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: implement missing MCP tools and align documentation with code

- Rewrote signature-verification.ts with actual server.tool() implementation (was template string)
- Fixed tool naming: clawsec_verify_signature -> clawsec_verify_skill_package
- Added missing clawsec_refresh_cache to all documentation
- Updated skill.json mcp_tools array from 4 to 9 tools (added Phase 1 & 2 tools)
- All 9 MCP tools now verified: 4 advisory + 1 signature + 4 integrity

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-25 12:11:35 +02:00

8.5 KiB
Raw Blame History

ClawSec for NanoClaw - Installation Guide

This guide shows how to add ClawSec security monitoring to your NanoClaw deployment.

Overview

ClawSec provides security advisory monitoring for NanoClaw through:

  • MCP Tools: Agents can check for vulnerabilities via clawsec_check_advisories
  • Advisory Feed: Automatic monitoring of https://clawsec.prompt.security/advisories/feed.json
  • Signature Verification: Ed25519-signed feeds ensure integrity
  • Platform Targeting: Advisories can be NanoClaw-specific or cross-platform

Prerequisites

  • NanoClaw >= 0.1.0
  • Node.js >= 18.0.0
  • Write access to NanoClaw installation directory

Installation Steps

1. Copy Skill Files

Copy the clawsec-nanoclaw skill directory to your NanoClaw installation:

# From the ClawSec repository
cp -r skills/clawsec-nanoclaw /path/to/your/nanoclaw/skills/

2. Integrate MCP Tools

Add the ClawSec MCP tools to your NanoClaw container agent runner.

File: container/agent-runner/src/ipc-mcp-stdio.ts

// Add these imports at the top to register all ClawSec MCP tools:

// Advisory tools: clawsec_check_advisories, clawsec_check_skill_safety,
//                 clawsec_list_advisories, clawsec_refresh_cache
import '../../../skills/clawsec-nanoclaw/mcp-tools/advisory-tools.js';

// Signature verification: clawsec_verify_skill_package
import '../../../skills/clawsec-nanoclaw/mcp-tools/signature-verification.js';

// Integrity monitoring: clawsec_check_integrity, clawsec_approve_change,
//                       clawsec_integrity_status, clawsec_verify_audit
import '../../../skills/clawsec-nanoclaw/mcp-tools/integrity-tools.js';

Each file calls server.tool() directly to register its tools. The server, writeIpcFile, TASKS_DIR, and groupFolder variables must be available in the scope where these files are imported (they are declared as ambient globals in each tool file).

3. Integrate IPC Handlers

Add the host-side IPC handlers for ClawSec operations.

File: host/ipc-handler.ts

// Add this import at the top
import { registerClawSecHandlers } from '../skills/clawsec-nanoclaw/host-services/ipc-handlers.js';

// In your IPC handler setup function
export function setupIpcHandlers() {
  // ... your existing handlers ...

  // Register ClawSec handlers
  registerClawSecHandlers();
}

4. Start Advisory Cache Service

Add the advisory cache manager to your host services.

File: host/index.ts (or your main entry point)

// Add this import
import { startAdvisoryCache } from '../skills/clawsec-nanoclaw/host-services/advisory-cache.js';

// Start the service when your host process starts
async function main() {
  // ... your existing initialization ...

  // Start ClawSec advisory cache (fetches feed every 6 hours)
  startAdvisoryCache({
    cacheFile: '/workspace/project/data/clawsec-advisory-cache.json',
    feedUrl: 'https://clawsec.prompt.security/advisories/feed.json',
    publicKeyPath: '/workspace/project/skills/clawsec-nanoclaw/advisories/feed-signing-public.pem',
    refreshInterval: 6 * 60 * 60 * 1000, // 6 hours
  });

  // ... rest of your startup ...
}

5. Restart NanoClaw

Restart your NanoClaw instance to load the new MCP tools and services:

# Stop NanoClaw
docker-compose down

# Start with new configuration
docker-compose up -d

Verification

Test that ClawSec is working:

1. Check MCP Tools Available

From within a NanoClaw agent session, the following tools should be available:

Advisory Tools (mcp-tools/advisory-tools.ts):

  • clawsec_check_advisories - Scan installed skills for vulnerabilities
  • clawsec_check_skill_safety - Pre-installation safety check
  • clawsec_list_advisories - List all advisories with filtering
  • clawsec_refresh_cache - Request immediate advisory cache refresh

Signature Verification (mcp-tools/signature-verification.ts):

  • clawsec_verify_skill_package - Verify Ed25519 signature on skill packages

Integrity Monitoring (mcp-tools/integrity-tools.ts):

  • clawsec_check_integrity - Check protected files for unauthorized changes
  • clawsec_approve_change - Approve intentional file modification as new baseline
  • clawsec_integrity_status - View current baseline status
  • clawsec_verify_audit - Verify audit log hash chain integrity

2. Test Advisory Checking

Ask your NanoClaw agent:

Check if any of my installed skills have security advisories

The agent should use the clawsec_check_advisories tool and report results.

3. Check Advisory Cache

Verify the cache file was created:

cat /workspace/project/data/clawsec-advisory-cache.json

You should see:

  • feed: Array of advisories
  • signature: Ed25519 signature
  • lastFetch: Timestamp of last update
  • verified: Should be true

Usage Examples

Agent Commands

Once installed, your NanoClaw agents can:

Check for vulnerabilities:

Scan my installed skills for security issues

Pre-installation check:

Is it safe to install skill-name@1.0.0?

List all advisories:

Show me all ClawSec security advisories

Manual Tool Invocation

You can also call the MCP tools directly from agent code:

// Check all installed skills
const result = await tools.clawsec_check_advisories({
  skillsRoot: '/workspace/project/skills'
});

// Check specific skill before installation
const safetyCheck = await tools.clawsec_check_skill_safety({
  skillName: 'risky-skill',
  version: '1.0.0'
});

Configuration

Cache Location

Default: /workspace/project/data/clawsec-advisory-cache.json

To change, update the cacheFile parameter in startAdvisoryCache().

Refresh Interval

Default: 6 hours

To change, update the refreshInterval parameter (in milliseconds).

Feed URL

Default: https://clawsec.prompt.security/advisories/feed.json

To use a mirror or custom feed, update the feedUrl parameter.

Platform-Specific Advisories

ClawSec advisories can target specific platforms:

  • platforms: ["nanoclaw"]: Only affects NanoClaw
  • platforms: ["openclaw"]: Only affects OpenClaw/MoltBot
  • platforms: ["openclaw", "nanoclaw"]: Affects both
  • No platforms field: Applies to all platforms

The MCP tools automatically filter advisories based on your platform.

Security

Signature Verification

All advisory feeds are Ed25519 signed. The public key is pinned in:

skills/clawsec-nanoclaw/advisories/feed-signing-public.pem

Feeds failing signature verification are rejected.

Cache Integrity

The advisory cache includes:

  • Cryptographic signature of feed contents
  • Verification status
  • Timestamp of last successful fetch

Never manually edit the cache file - it will break signature verification.

Troubleshooting

Tools Not Appearing

Problem: MCP tools not showing up in agent

Solution:

  1. Check that you added the import and registration in ipc-mcp-stdio.ts
  2. Restart the container
  3. Check container logs for import errors

Cache Not Updating

Problem: Advisory cache is empty or stale

Solution:

  1. Check that startAdvisoryCache() is called in your host entry point
  2. Verify network access to clawsec.prompt.security
  3. Check host logs for fetch errors
  4. Manually trigger: curl https://clawsec.prompt.security/advisories/feed.json

Signature Verification Failing

Problem: Cache shows "verified": false

Solution:

  1. Ensure public key file exists at correct path
  2. Check file permissions (should be readable)
  3. Verify feed URL is correct (not using HTTP instead of HTTPS)
  4. Check for corrupted downloads (try clearing cache and refetching)

IPC Communication Issues

Problem: Tools return errors about IPC

Solution:

  1. Verify IPC handlers are registered in host/ipc-handler.ts
  2. Check that IPC directory exists and is writable
  3. Ensure host process is running
  4. Check host logs for handler errors

Uninstallation

To remove ClawSec from NanoClaw:

  1. Remove MCP tool registration from ipc-mcp-stdio.ts
  2. Remove IPC handler registration from host/ipc-handler.ts
  3. Remove startAdvisoryCache() call from host entry point
  4. Delete the skill directory: rm -rf skills/clawsec-nanoclaw
  5. Delete the cache file: rm /workspace/project/data/clawsec-advisory-cache.json
  6. Restart NanoClaw

Support

License

AGPL-3.0-or-later

Questions? Open an issue or check the main ClawSec documentation.

Reference in New Issue View Git Blame Copy Permalink