gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
b7bcb9e830642f3b1d1a7cac7f75c27976aa0269
clawsec/skills/clawsec-suite/skill.json
T
David Abutbul b7bcb9e830 fix: Bump clawsec-suite version to 0.1.4 and update CHANGELOG (qa-requested) 
Fixes:
- Bumped version from 0.1.3 to 0.1.4 in skill.json
- Added 0.1.4 release entry to CHANGELOG.md documenting audit warning feature
- Already rebased on origin/main (382db82)

Changes document the new CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0 audit warnings
for release pipeline compatibility.

Verified:
- All tests pass (8/8 guarded_install tests)
- ESLint clean with --max-warnings 0

QA Fix Session: 0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-27 21:22:19 +02:00

245 lines
7.4 KiB
JSON
Raw Blame History

{
"name": "clawsec-suite",
"version": "0.1.4",
"description": "ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
"keywords": [
"security",
"skills",
"catalog",
"installer",
"integrity",
"advisory",
"feed",
"threat-intel",
"hooks",
"approval",
"agents",
"ai",
"suite",
"openclaw",
"signature",
"verification"
],
"sbom": {
"files": [
{
"path": "SKILL.md",
"required": true,
"description": "Suite skill documentation and installation guide"
},
{
"path": "CHANGELOG.md",
"required": true,
"description": "Version history and security improvements changelog"
},
{
"path": "HEARTBEAT.md",
"required": true,
"description": "Portable heartbeat and update-check procedure"
},
{
"path": "advisories/feed.json",
"required": true,
"description": "Embedded advisory feed seed (merged from clawsec-feed)"
},
{
"path": "advisories/feed.json.sig",
"required": true,
"description": "Detached Ed25519 signature for advisory feed"
},
{
"path": "advisories/checksums.json",
"required": true,
"description": "SHA-256 checksum manifest for advisory artifacts"
},
{
"path": "advisories/checksums.json.sig",
"required": true,
"description": "Detached Ed25519 signature for checksum manifest"
},
{
"path": "advisories/feed-signing-public.pem",
"required": true,
"description": "Pinned Ed25519 public key for feed signature verification"
},
{
"path": "hooks/clawsec-advisory-guardian/HOOK.md",
"required": true,
"description": "OpenClaw hook metadata for advisory-driven malicious-skill checks"
},
{
"path": "hooks/clawsec-advisory-guardian/handler.ts",
"required": true,
"description": "OpenClaw hook handler for approval-gated advisory actions with signature verification"
},
{
"path": "hooks/clawsec-advisory-guardian/lib/utils.mjs",
"required": true,
"description": "Shared utility functions (isObject, normalizeSkillName, uniqueStrings)"
},
{
"path": "hooks/clawsec-advisory-guardian/lib/version.mjs",
"required": true,
"description": "Shared semver parsing and version matching logic"
},
{
"path": "hooks/clawsec-advisory-guardian/lib/feed.mjs",
"required": true,
"description": "Advisory feed loading with Ed25519 signature and checksum manifest verification"
},
{
"path": "hooks/clawsec-advisory-guardian/lib/types.ts",
"required": true,
"description": "TypeScript type definitions for hook and feed structures"
},
{
"path": "hooks/clawsec-advisory-guardian/lib/state.ts",
"required": true,
"description": "Advisory state persistence and loading"
},
{
"path": "hooks/clawsec-advisory-guardian/lib/matching.ts",
"required": true,
"description": "Advisory-to-skill matching and alert message generation"
},
{
"path": "scripts/setup_advisory_hook.mjs",
"required": true,
"description": "Installer script for enabling the advisory guardian hook"
},
{
"path": "scripts/setup_advisory_cron.mjs",
"required": true,
"description": "Installer script for optional periodic advisory scan cron"
},
{
"path": "scripts/guarded_skill_install.mjs",
"required": true,
"description": "Two-step confirmation installer with signature verification that blocks risky skill installs"
},
{
"path": "scripts/discover_skill_catalog.mjs",
"required": true,
"description": "Dynamic skill-catalog discovery with remote index fetch and suite-local fallback metadata"
},
{
"path": "scripts/sign_detached_ed25519.mjs",
"required": false,
"description": "Utility script for generating Ed25519 detached signatures"
},
{
"path": "scripts/verify_detached_ed25519.mjs",
"required": false,
"description": "Utility script for verifying Ed25519 detached signatures"
},
{
"path": "scripts/generate_checksums_json.mjs",
"required": false,
"description": "Utility script for generating SHA-256 checksum manifests"
}
]
},
"embedded_components": {
"clawsec-feed": {
"source_skill": "clawsec-feed",
"source_version": "0.0.4",
"paths": [
"advisories/feed.json",
"advisories/feed.json.sig",
"advisories/checksums.json",
"advisories/checksums.json.sig",
"advisories/feed-signing-public.pem"
],
"capabilities": [
"advisory-feed monitoring",
"new-advisory detection",
"affected-skill cross-reference",
"approval-gated malicious-skill removal recommendations",
"double-confirmation gating for risky skill installs",
"Ed25519 signature verification",
"checksum manifest verification"
],
"standalone_available": true,
"deprecation_plan": "standalone skill may be retired after suite migration is verified"
}
},
"catalog": {
"description": "Available protections in the ClawSec suite",
"base_url": "https://clawsec.prompt.security/releases/download",
"skills": {
"clawsec-feed": {
"description": "Advisory monitoring is now embedded in clawsec-suite",
"integrated_in_suite": true,
"standalone_available": true,
"compatible": [
"openclaw",
"moltbot",
"clawdbot",
"other"
]
},
"openclaw-audit-watchdog": {
"description": "Automated daily audits with email reporting",
"default_install": true,
"compatible": [
"openclaw",
"moltbot",
"clawdbot"
],
"note": "Tailored for OpenClaw/MoltBot family"
},
"soul-guardian": {
"description": "Drift detection and file integrity guard",
"default_install": false,
"compatible": [
"openclaw",
"moltbot",
"clawdbot",
"other"
]
},
"clawtributor": {
"description": "Community incident reporting (shares anonymized data)",
"default_install": false,
"requires_explicit_consent": true,
"compatible": [
"openclaw",
"moltbot",
"clawdbot",
"other"
]
}
}
},
"openclaw": {
"emoji": "📦",
"category": "security",
"requires": {
"bins": [
"curl",
"jq",
"shasum",
"openssl"
]
},
"triggers": [
"clawsec suite",
"security suite",
"security advisories",
"malicious skill alert",
"remove malicious skills",
"safe skill install",
"confirm skill install",
"check advisories",
"advisory feed",
"install security skills",
"verify skills",
"check skill integrity",
"update skills"
]
}
}
Reference in New Issue View Git Blame Copy Permalink