{"id":44494229,"url":"https://github.com/prompt-security/clawsec","last_synced_at":"2026-04-17T01:06:24.970Z","repository":{"id":337274741,"uuid":"1150883518","full_name":"prompt-security/clawsec","owner":"prompt-security","description":"A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.","archived":false,"fork":false,"pushed_at":"2026-04-08T21:22:40.000Z","size":21739,"stargazers_count":884,"open_issues_count":7,"forks_count":94,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-04-08T22:22:10.864Z","etag":null,"topics":["clawdbot","clawdbot-skill","molt","moltbot-skill","moltbot-skills","nanoclaw","openclaw","openclaw-extension","openclaw-plugin","openclaw-security","openclaw-skill","openclaw-skills"],"latest_commit_sha":null,"homepage":"https://prompt.security/clawsec","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/prompt-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-02-05T19:59:46.000Z","updated_at":"2026-04-08T21:22:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/prompt-security/clawsec","commit_stats":null,"previous_names":["prompt-security/clawsec"],"tags_count":46,"template":false,"template_full_name":null,"purl":"pkg:github/prompt-security/clawsec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/prompt-security","download_url":"https://codeload.github.com/prompt-security/clawsec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/sbom","scorecard":{"id":1243954,"data":{"date":"2026-02-24T13:43:41Z","repo":{"name":"github.com/prompt-security/clawsec","commit":"db0339084f6895964d2c7b80d96d3d522d0d17b8"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.8,"checks":[{"name":"Code-Review","score":1,"reason":"Found 2/12 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:19","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:18","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/community-advisory.yml:24","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/poll-nvd-cves.yml:33","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:987","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:1064","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:180","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/skill-release.yml:543","Info: topLevel permissions set to 'read-all': .github/workflows/ci.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/community-advisory.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-pages.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/poll-nvd-cves.yml:15","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: topLevel permissions set to 'read-all': .github/workflows/skill-release.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: skills/openclaw-audit-watchdog/scripts/codex_review.sh:17","Warn: npmCommand not pinned by hash: .github/workflows/skill-release.yml:1010","Warn: npmCommand not pinned by hash: .github/workflows/skill-release.yml:1121","Info:  33 out of  33 GitHub-owned GitHubAction dependencies pinned","Info:   7 out of   7 third-party GitHubAction dependencies pinned","Info:   5 out of   7 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":4,"reason":"3 out of the last 5 releases have a total of 3 signed artifacts.","details":["Info: signed release artifact: checksums.sig: https://github.com/prompt-security/clawsec/releases/tag/openclaw-audit-watchdog-v0.1.0","Info: signed release artifact: checksums.sig: https://github.com/prompt-security/clawsec/releases/tag/clawsec-suite-v0.1.2","Info: signed release artifact: checksums.sig: https://github.com/prompt-security/clawsec/releases/tag/clawsec-clawhub-checker-v0.0.1","Warn: release artifact soul-guardian-v0.0.2 not signed: https://api.github.com/repos/prompt-security/clawsec/releases/283837837","Warn: release artifact clawtributor-v0.0.3 not signed: https://api.github.com/repos/prompt-security/clawsec/releases/283547909","Warn: release artifact openclaw-audit-watchdog-v0.1.0 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/286928872","Warn: release artifact clawsec-suite-v0.1.2 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/286928912","Warn: release artifact clawsec-clawhub-checker-v0.0.1 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/286973466","Warn: release artifact soul-guardian-v0.0.2 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/283837837","Warn: release artifact clawtributor-v0.0.3 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/283547909"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 21 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":8,"reason":"23 out of 27 merged PRs checked by a CI test -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-02-24T18:32:39.340Z","repository_id":337274741,"created_at":"2026-02-24T18:32:39.340Z","updated_at":"2026-02-24T18:32:39.340Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31910584,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"ssl_error","status_checked_at":"2026-04-16T18:21:47.142Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clawdbot","clawdbot-skill","molt","moltbot-skill","moltbot-skills","nanoclaw","openclaw","openclaw-extension","openclaw-plugin","openclaw-security","openclaw-skill","openclaw-skills"],"created_at":"2026-02-13T05:00:20.134Z","updated_at":"2026-04-17T01:06:24.959Z","avatar_url":"https://github.com/prompt-security.png","language":"JavaScript","funding_links":[],"categories":["Cloud Infrastructure","Defense \u0026 Security Controls","🛡️ Security \u0026 Safety","Security","Sponsors ❤️","Entwicklertools und Observability","Security \u0026 Hardening","Cloud \u0026 DevOps","Skills \u0026 Plugins"],"sub_categories":["🔒 Security","Agent Runtime Security \u0026 Sandboxing","Security Audit Tools","Community Skills","Security Tools","ClawSec"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"./img/prompt-icon.svg\" alt=\"prompt-icon\" width=\"40\"\u003e\n  ClawSec: Security Skill Suite for AI Agents\n  \u003cimg src=\"./img/prompt-icon.svg\" alt=\"prompt-icon\" width=\"40\"\u003e\n\u003c/h1\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n## Secure Your OpenClaw and NanoClaw Agents with a Complete Security Skill Suite\n\n\u003ch4\u003eBrought to you by \u003ca href=\"https://prompt.security\"\u003ePrompt Security\u003c/a\u003e, the Platform for AI Security\u003c/h4\u003e\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n![Prompt Security Logo](./img/Black+Color.png)\n\u003cimg src=\"./public/img/mascot.png\" alt=\"clawsec mascot\" width=\"200\" /\u003e\n\n\u003c/div\u003e\n\u003cdiv align=\"center\"\u003e\n\n🌐 **Live at: [https://clawsec.prompt.security](https://clawsec.prompt.security) [https://prompt.security/clawsec](https://prompt.security/clawsec)**\n\n[![CI](https://github.com/prompt-security/clawsec/actions/workflows/ci.yml/badge.svg)](https://github.com/prompt-security/clawsec/actions/workflows/ci.yml)\n[![Deploy Pages](https://github.com/prompt-security/clawsec/actions/workflows/deploy-pages.yml/badge.svg)](https://github.com/prompt-security/clawsec/actions/workflows/deploy-pages.yml)\n[![Poll NVD CVEs](https://github.com/prompt-security/clawsec/actions/workflows/poll-nvd-cves.yml/badge.svg)](https://github.com/prompt-security/clawsec/actions/workflows/poll-nvd-cves.yml)\n\n\n\u003c/div\u003e\n\n---\n\n## 🦞 What is ClawSec?\n\nClawSec is a **complete security skill suite for AI agent platforms**. It provides unified security monitoring, integrity verification, and threat intelligence-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.\n\n### Supported Platforms\n\n- **OpenClaw** (MoltBot, Clawdbot, and clones) - Full suite with skill installer, file integrity protection, and security audits\n- **NanoClaw** - Containerized WhatsApp bot security with MCP tools for advisory monitoring, signature verification, and file integrity\n\n### Core Capabilities\n\n- **📦 Suite Installer** - One-command installation of all security skills with integrity verification\n- **🛡️ File Integrity Protection** - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)\n- **📡 Live Security Advisories** - Automated NVD CVE polling and community threat intelligence\n- **🔍 Security Audits** - Self-check scripts to detect prompt injection markers and vulnerabilities\n- **🔐 Checksum Verification** - SHA256 checksums for all skill artifacts\n- **Health Checks** - Automated updates and integrity verification for all installed skills\n\n---\n\n## 🎬 Product Demos\n\nAnimated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.\n\n### Install Demo (`clawsec-suite`)\n\n[![Install demo animated preview](public/video/install-demo-preview.gif)](public/video/install-demo.mp4)\n\nDirect link: [install-demo.mp4](public/video/install-demo.mp4)\n\n### Drift Detection Demo (`soul-guardian`)\n\n[![Drift detection animated preview](public/video/soul-guardian-demo-preview.gif)](public/video/soul-guardian-demo.mp4)\n\nDirect link: [soul-guardian-demo.mp4](public/video/soul-guardian-demo.mp4)\n\n---\n\n## 🚀 Quick Start\n\n### For AI Agents\n\n```bash\n# Install the ClawSec security suite\nnpx clawhub@latest install clawsec-suite\n```\n\nAfter install, the suite can:\n1. Discover installable protections from the published skills catalog\n2. Verify release integrity using signed checksums\n3. Set up advisory monitoring and hook-based protection flows\n4. Add optional scheduled checks\n\nManual/source-first option:\n\n\u003e Read https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md and follow the installation instructions.\n\n### For Humans\n\nCopy this instruction to your AI agent:\n\n\u003e Install ClawSec with `npx clawhub@latest install clawsec-suite`, then complete the setup steps from the generated instructions.\n\n### Shell and OS Notes\n\nClawSec scripts are split between:\n- Cross-platform Node/Python tooling (`npm run build`, hook/setup `.mjs`, `utils/*.py`)\n- POSIX shell workflows (`*.sh`, most manual install snippets)\n\nFor Linux/macOS (`bash`/`zsh`):\n- Use unquoted or double-quoted home vars: `export INSTALL_ROOT=\"$HOME/.openclaw/skills\"`\n- Do **not** single-quote expandable vars (for example, avoid `'$HOME/.openclaw/skills'`)\n\nFor Windows (PowerShell):\n- Prefer explicit path building:\n  - `$env:INSTALL_ROOT = Join-Path $HOME \".openclaw\\\\skills\"`\n  - `node \"$env:INSTALL_ROOT\\\\clawsec-suite\\\\scripts\\\\setup_advisory_hook.mjs\"`\n- POSIX `.sh` scripts require WSL or Git Bash.\n\nTroubleshooting: if you see directories such as `~/.openclaw/workspace/$HOME/...`, a home variable was passed literally. Re-run using an absolute path or an unquoted home expression.\n\n---\n\n## 📱 NanoClaw Platform Support\n\nClawSec now supports **NanoClaw**, a containerized WhatsApp bot powered by Claude agents.\n\n### clawsec-nanoclaw Skill\n\n**Location**: `skills/clawsec-nanoclaw/`\n\nA complete security suite adapted for NanoClaw's containerized architecture:\n\n- **9 MCP Tools** for agents to check vulnerabilities\n  - Advisory checking and browsing\n  - Pre-installation safety checks\n  - Skill package signature verification (Ed25519)\n  - File integrity monitoring\n- **Automatic Advisory Feed** - Fetches and caches advisories every 6 hours\n- **Platform Filtering** - Shows only NanoClaw-relevant advisories\n- **IPC-Based** - Container-safe host communication\n- **Full Documentation** - Installation guide, usage examples, troubleshooting\n\n### Advisory Feed for NanoClaw\n\nThe feed now monitors NanoClaw-specific keywords:\n- `NanoClaw` - Direct product name\n- `WhatsApp-bot` - Core functionality\n- `baileys` - WhatsApp client library dependency\n\nAdvisories can specify `platforms: [\"nanoclaw\"]` for platform-specific issues.\n\n### Quick Start for NanoClaw\n\nSee [`skills/clawsec-nanoclaw/INSTALL.md`](skills/clawsec-nanoclaw/INSTALL.md) for detailed setup instructions.\n\n**Quick integration:**\n1. Copy skill to NanoClaw deployment\n2. Integrate MCP tools in container\n3. Add IPC handlers and cache service on host\n4. Restart NanoClaw\n\n---\n\n## 📦 ClawSec Suite (OpenClaw)\n\nThe **clawsec-suite** is a skill-of-skills manager that installs, verifies, and maintains security skills from the ClawSec catalog.\n\n`clawsec-suite` is optional orchestration; skills can still be installed directly as standalone packages.\n\n### ClawSec Skills\n\n| Skill | Description | Installation | Compatibility |\n|-------|-------------|--------------|---------------|\n| 📡 **clawsec-feed** | Security advisory feed monitoring with live CVE updates | ✅ Included by default | All agents |\n| 🔭 **openclaw-audit-watchdog** | Automated daily audits with DM delivery and optional email reporting | ⚙️ Optional (install separately) | OpenClaw/MoltBot/Clawdbot |\n| 👻 **soul-guardian** | Drift detection and file integrity guard with auto-restore | ⚙️ Optional | All agents |\n| 🤝 **clawtributor** | Community incident reporting | ❌ Optional (Explicit request) | All agents |\n\n\u003e ⚠️ **clawtributor** is not installed by default as it may share anonymized incident data. Install only on explicit user request.\n\n\u003e ⚠️ **openclaw-audit-watchdog** is tailored for the OpenClaw/MoltBot/Clawdbot agent family. Other agents receive the universal skill set.\n\n### Suite Features\n\n- **Integrity Verification** - Every skill package includes `checksums.json` with SHA256 hashes\n- **Updates** - Automatic checks for new skill versions \n- **Self-Healing** - Failed integrity checks trigger automatic re-download from trusted releases\n- **Advisory Cross-Reference** - Installed skills are checked against the security advisory feed\n\n---\n\n## 📡 Security Advisory Feed\n\nClawSec maintains a continuously updated security advisory feed, automatically populated from NIST's National Vulnerability Database (NVD).\n\n### Feed URL\n\n```bash\n# Fetch latest advisories\ncurl -s https://clawsec.prompt.security/advisories/feed.json | jq '.advisories[] | select(.severity == \"critical\" or .severity == \"high\")'\n```\n\nCanonical endpoint: `https://clawsec.prompt.security/advisories/feed.json`  \nCompatibility mirror (legacy): `https://clawsec.prompt.security/releases/latest/download/feed.json`\n\n### Monitored Keywords\n\nThe feed polls CVEs related to:\n- **OpenClaw Platform**: `OpenClaw`, `clawdbot`, `Moltbot`\n- **NanoClaw Platform**: `NanoClaw`, `WhatsApp-bot`, `baileys`\n- Prompt injection patterns\n- Agent security vulnerabilities\n\n### Exploitability Context\n\nClawSec enriches CVE advisories with **exploitability context** to help agents assess real-world risk beyond raw CVSS scores. Newly analyzed advisories can include:\n\n- **Exploit Evidence**: Whether public exploits exist in the wild\n- **Weaponization Status**: If exploits are integrated into common attack frameworks\n- **Attack Requirements**: Prerequisites needed for successful exploitation (network access, authentication, user interaction)\n- **Risk Assessment**: Contextualized risk level combining technical severity with exploitability\n\nThis feature helps agents prioritize vulnerabilities that pose immediate threats versus theoretical risks, enabling smarter security decisions.\n\n### Advisory Schema\n\n**NVD CVE Advisory:**\n```json\n{\n  \"id\": \"CVE-2026-XXXXX\",\n  \"severity\": \"critical|high|medium|low\",\n  \"type\": \"vulnerable_skill\",\n  \"platforms\": [\"openclaw\", \"nanoclaw\"],\n  \"title\": \"Short description\",\n  \"description\": \"Full CVE description from NVD\",\n  \"published\": \"2026-02-01T00:00:00Z\",\n  \"cvss_score\": 8.8,\n  \"nvd_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX\",\n  \"exploitability_score\": \"high|medium|low|unknown\",\n  \"exploitability_rationale\": \"Why this CVE is or is not likely exploitable in agent deployments\",\n  \"references\": [\"...\"],\n  \"action\": \"Recommended remediation\"\n}\n```\n\n**Community Advisory:**\n```json\n{\n  \"id\": \"CLAW-2026-0042\",\n  \"severity\": \"high\",\n  \"type\": \"prompt_injection|vulnerable_skill|tampering_attempt\",\n  \"platforms\": [\"nanoclaw\"],\n  \"title\": \"Short description\",\n  \"description\": \"Detailed description from issue\",\n  \"published\": \"2026-02-01T00:00:00Z\",\n  \"affected\": [\"skill-name@1.0.0\"],\n  \"source\": \"Community Report\",\n  \"github_issue_url\": \"https://github.com/.../issues/42\",\n  \"action\": \"Recommended remediation\"\n}\n```\n\n**Platform values:**\n- `\"openclaw\"` - OpenClaw/Clawdbot/MoltBot only\n- `\"nanoclaw\"` - NanoClaw only\n- `[\"openclaw\", \"nanoclaw\"]` - Both platforms\n- (empty/missing) - All platforms (backward compatible)\n\n---\n\n## 🔄 CI/CD Pipelines\n\nClawSec uses automated pipelines for continuous security updates and skill distribution.\n\n### Automated Workflows\n\n| Workflow | Trigger | Description |\n|----------|---------|-------------|\n| **ci.yml** | PRs to `main`, pushes to `main` | Lint/type/build + skill test suites |\n| **pages-verify.yml** | PRs to `main` | Verifies Pages build and signing outputs without publishing |\n| **poll-nvd-cves.yml** | Daily cron (06:00 UTC) | Polls NVD for new CVEs, updates feed |\n| **community-advisory.yml** | Issue labeled `advisory-approved` | Processes community reports into advisories |\n| **skill-release.yml** | Skill tags + metadata PR changes | Validates version parity in PRs and publishes signed skill releases on tags |\n| **deploy-pages.yml** | `workflow_run` after successful trusted CI/release or manual dispatch | Builds and deploys the web interface to GitHub Pages |\n| **wiki-sync.yml** | Pushes to `main` touching `wiki/**` | Syncs `wiki/` to the GitHub Wiki mirror |\n\n### Skill Release Pipeline\n\nWhen a skill is tagged (e.g., `soul-guardian-v1.0.0`), the pipeline:\n\n1. **Validates** - Checks `skill.json` version matches tag\n2. **Enforces key consistency** - Verifies pinned release key references are consistent across repo PEMs and `skills/clawsec-suite/SKILL.md`\n3. **Generates Checksums** - Creates `checksums.json` with SHA256 hashes for all SBOM files\n4. **Signs + verifies** - Signs `checksums.json` and validates the generated `signing-public.pem` fingerprint against canonical repo key material\n5. **Releases** - Publishes to GitHub Releases with all artifacts\n6. **Supersedes Old Releases** - Deletes older versions within the same major line (tags remain)\n7. **Triggers Pages Update** - Refreshes the skills catalog on the website\n\n### Signing Key Consistency Guardrails\n\nTo prevent supply-chain drift, CI now fails fast when signing key references diverge.\n\nGuardrail script:\n- `scripts/ci/verify_signing_key_consistency.sh`\n\nWhat it checks:\n- `skills/clawsec-suite/SKILL.md` inline public key fingerprint matches `RELEASE_PUBKEY_SHA256`\n- Canonical PEM files all match the same fingerprint:\n  - `clawsec-signing-public.pem`\n  - `advisories/feed-signing-public.pem`\n  - `skills/clawsec-suite/advisories/feed-signing-public.pem`\n- Generated public key in workflows matches canonical key:\n  - `release-assets/signing-public.pem` (release workflow)\n  - `public/signing-public.pem` (pages workflow)\n\nWhere enforced:\n- `.github/workflows/skill-release.yml`\n- `.github/workflows/deploy-pages.yml`\n\n### Release Versioning \u0026 Superseding\n\nClawSec follows [semantic versioning](https://semver.org/). When a new version is released:\n\n| Scenario | Behavior |\n|----------|----------|\n| New patch/minor (e.g., 1.0.1, 1.1.0) | Previous releases with same major version are **deleted** |\n| New major (e.g., 2.0.0) | Previous major version (1.x.x) remains for backwards compatibility |\n\n**Why do old releases disappear?**\n\nWhen you release `skill-v0.0.2`, the previous `skill-v0.0.1` release is automatically deleted to keep the releases page clean. Only the latest version within each major version is retained.\n\n- **Git tags are preserved** - You can always recreate a release from an existing tag if needed\n- **Major versions coexist** - Both `skill-v1.x.x` and `skill-v2.x.x` latest releases remain available for backwards compatibility\n\n### Release Artifacts\n\nEach skill release includes:\n- `checksums.json` - SHA256 hashes for integrity verification\n- `skill.json` - Skill metadata\n- `SKILL.md` - Main skill documentation\n- Additional files from SBOM (scripts, configs, etc.)\n\n### Signing Operations Documentation\n\nFor feed/release signing rollout and operations guidance:\n- [`wiki/security-signing-runbook.md`](wiki/security-signing-runbook.md) - key generation, GitHub secrets, rotation/revocation, incident response\n- [`wiki/migration-signed-feed.md`](wiki/migration-signed-feed.md) - phased migration from unsigned feed, enforcement gates, rollback plan\n\n---\n\n## 🛠️ Offline Tools\n\nClawSec includes Python utilities for local skill development and validation.\n\n### Skill Validator\n\nValidates a skill folder against the required schema:\n\n```bash\npython utils/validate_skill.py skills/clawsec-feed\n```\n\nChecks:\n- `skill.json` exists and is valid JSON\n- Required fields present (name, version, description, author, license)\n- SBOM files exist and are readable\n- OpenClaw metadata is properly structured\n\n### Skill Checksums Generator\n\nGenerates `checksums.json` with SHA256 hashes for a skill:\n\n```bash\npython utils/package_skill.py skills/clawsec-feed ./dist\n```\n\nOutputs:\n- `checksums.json` - SHA256 hashes for verification\n\n---\n\n## 🛠️ Local Development\n\n### Prerequisites\n\n- Node.js 20+\n- Python 3.10+ (for offline tools)\n- npm\n\n### Setup\n\n```bash\n# Install dependencies\nnpm install\n\n# Start development server\nnpm run dev\n```\n\n### Populate Local Data\n\n```bash\n# Populate skills catalog from local skills/ directory\n./scripts/populate-local-skills.sh\n\n# Populate advisory feed with real NVD CVE data\n./scripts/populate-local-feed.sh --days 120\n\n# Generate wiki llms exports from wiki/ (for local preview)\n./scripts/populate-local-wiki.sh\n\n# Direct generator entrypoint (used by predev/prebuild)\nnpm run gen:wiki-llms\n```\n\nNotes:\n- `npm run dev` and `npm run build` automatically regenerate wiki `llms.txt` exports (`predev`/`prebuild` hooks).\n- `public/wiki/` is generated output (local + CI) and is intentionally gitignored.\n\n### Build\n\n```bash\nnpm run build\n```\n\n---\n\n## 📁 Project Structure\n\n```\n├── advisories/\n│   └── feed.json              # Main advisory feed (auto-updated from NVD)\n├── components/                 # React components\n├── pages/                      # Page components\n├── wiki/                       # Source-of-truth docs (synced to GitHub Wiki)\n├── scripts/\n│   ├── generate-wiki-llms.mjs # wiki/*.md -\u003e public/wiki/**/llms.txt\n│   ├── populate-local-feed.sh # Local CVE feed populator\n│   ├── populate-local-skills.sh # Local skills catalog populator\n│   ├── populate-local-wiki.sh # Local wiki llms export populator\n│   └── release-skill.sh       # Manual skill release helper\n├── skills/\n│   ├── clawsec-suite/       # 📦 Suite installer (skill-of-skills - start here and have your agent do the rest)\n│   ├── clawsec-feed/        # 📡 Advisory feed skill\n│   ├── clawsec-scanner/     # 🔍 Vulnerability scanner (deps + SAST + OpenClaw DAST)\n│   ├── clawsec-nanoclaw/    # 📱 NanoClaw platform security suite\n│   ├── clawsec-clawhub-checker/ # 🧪 ClawHub reputation checks\n│   ├── clawtributor/           # 🤝 Community reporting skill\n│   ├── openclaw-audit-watchdog/ # 🔭 Automated audit skill\n│   └── soul-guardian/         # 👻 File integrity skill\n├── utils/\n│   ├── package_skill.py       # Skill packager utility\n│   └── validate_skill.py      # Skill validator utility\n├── .github/workflows/\n│   ├── ci.yml                 # Cross-platform lint/type/build + tests\n│   ├── pages-verify.yml       # PR-only pages build verification\n│   ├── poll-nvd-cves.yml      # CVE polling pipeline\n│   ├── community-advisory.yml # Approved issue -\u003e advisory PR\n│   ├── skill-release.yml      # Skill release pipeline\n│   ├── wiki-sync.yml          # Sync repo wiki/ to GitHub Wiki\n│   └── deploy-pages.yml       # Pages deployment\n└── public/                     # Static assets + generated publish artifacts\n```\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n### Submitting Security Advisories\n\nFound a prompt injection vector, malicious skill, or security vulnerability? Report it via GitHub Issues:\n\n1. Open a new issue using the **Security Incident Report** template\n2. Fill out the required fields (severity, type, description, affected skills)\n3. A maintainer will review and add the `advisory-approved` label\n4. The advisory is automatically published to the feed as `CLAW-{YEAR}-{ISSUE#}`\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md#submitting-security-advisories) for detailed guidelines.\n\n### Adding New Skills\n\n1. Create a skill folder under `skills/`\n2. Add `skill.json` with required metadata and SBOM\n3. Add `SKILL.md` with agent-readable instructions\n4. Validate with `python utils/validate_skill.py skills/your-skill`\n5. Submit a PR for review\n\n## 📚 Documentation Source of Truth\n\nFor all wiki content, edit files under `wiki/` in this repository. The GitHub Wiki (`\u003crepo\u003e.wiki.git`) is synced from `wiki/` by `.github/workflows/wiki-sync.yml` when `wiki/**` changes on `main`.\n\nLLM exports are generated from `wiki/` into `public/wiki/`:\n- `/wiki/llms.txt` is the LLM-ready export for `wiki/INDEX.md` (or a generated fallback index if `INDEX.md` is missing).\n- `/wiki/\u003cpage\u003e/llms.txt` is the LLM-ready export for that single wiki page.\n\n---\n\n## 📄 License\n\n- Source code: GNU AGPL v3.0 or later - See [LICENSE](LICENSE) for details.\n- Fonts in `font/`: Licensed separately - See [`font/README.md`](font/README.md).\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**ClawSec** · Prompt Security, SentinelOne\n\n🦞 Hardening agentic workflows, one skill at a time.\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprompt-security%2Fclawsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprompt-security%2Fclawsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprompt-security%2Fclawsec/lists"}