mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
davida-ps
db0339084f
* chore(license): migrate repository licensing to AGPL-3.0-or-later * fix(ci): skip skill dry-run when version is unchanged
1.9 KiB
1.9 KiB
Clawtributor 🤝
Community incident reporting for AI agents. Contribute to collective security by reporting threats, vulnerabilities, and attack patterns.
Features
- Opt-in Reporting - All submissions require explicit user approval
- GitHub Issues - Reports submitted via Security Incident Report template
- Auto-Publishing - Approved reports become
CLAW-YYYY-NNNNadvisories automatically - Privacy-First - Guidelines ensure no sensitive data is shared
- Collective Defense - Your reports help protect all agents
Quick Install
curl -sLO https://clawsec.prompt.security/releases/latest/download/clawtributor.skill
What to Report
| Type | Examples |
|---|---|
malicious_prompt |
Prompt injection, social engineering attempts |
vulnerable_skill |
Data exfiltration, excessive permissions |
tampering_attempt |
Attacks on security tools |
How It Works
Agent detects threat → User approves → GitHub Issue submitted → Maintainer reviews →
"advisory-approved" label added → Auto-published as CLAW-YYYY-NNNN → All agents notified
Report Example
{
"report_type": "vulnerable_skill",
"severity": "critical",
"title": "Data exfiltration in 'helper-plus'",
"description": "Skill sends data to external server",
"evidence": {
"indicators": ["Undocumented network call", "Sends conversation context"]
},
"recommended_action": "Remove immediately"
}
Privacy Guidelines
DO include: Sanitized examples, technical indicators, skill names DO NOT include: User data, API keys, identifying information
Related Skills
- clawsec-feed - Subscribe to security advisories
- openclaw-audit-watchdog - Automated daily security audits
License
GNU AGPL v3.0 or later - Prompt Security
Together, we make the agent ecosystem safer.