{"id":44494229,"url":"https://github.com/prompt-security/clawsec","last_synced_at":"2026-06-07T12:01:16.628Z","repository":{"id":337274741,"uuid":"1150883518","full_name":"prompt-security/clawsec","owner":"prompt-security","description":"A complete security skill suite for OpenClaw, Hermes, PicoClaw and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.","archived":false,"fork":false,"pushed_at":"2026-06-03T09:12:19.000Z","size":22208,"stargazers_count":1022,"open_issues_count":8,"forks_count":105,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-06-03T10:08:38.693Z","etag":null,"topics":["clawdbot","clawdbot-skill","hermes","hermes-agent","hermes-skill","hermes-skills","molt","moltbot-skill","moltbot-skills","nanoclaw","openclaw","openclaw-extension","openclaw-plugin","openclaw-security","openclaw-skill","openclaw-skills","picoclaw","picoclaw-install"],"latest_commit_sha":null,"homepage":"https://prompt.security/clawsec","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/prompt-security.png","metadata":{"files":{"readme":"README.de.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-02-05T19:59:46.000Z","updated_at":"2026-06-03T08:10:18.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/prompt-security/clawsec","commit_stats":null,"previous_names":["prompt-security/clawsec"],"tags_count":78,"template":false,"template_full_name":null,"purl":"pkg:github/prompt-security/clawsec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/prompt-security","download_url":"https://codeload.github.com/prompt-security/clawsec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prompt-security%2Fclawsec/sbom","scorecard":{"id":1243954,"data":{"date":"2026-02-24T13:43:41Z","repo":{"name":"github.com/prompt-security/clawsec","commit":"db0339084f6895964d2c7b80d96d3d522d0d17b8"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.8,"checks":[{"name":"Code-Review","score":1,"reason":"Found 2/12 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:19","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:18","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/community-advisory.yml:24","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/poll-nvd-cves.yml:33","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:987","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:1064","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/skill-release.yml:180","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/skill-release.yml:543","Info: topLevel permissions set to 'read-all': .github/workflows/ci.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/community-advisory.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-pages.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/poll-nvd-cves.yml:15","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: topLevel permissions set to 'read-all': .github/workflows/skill-release.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: skills/openclaw-audit-watchdog/scripts/codex_review.sh:17","Warn: npmCommand not pinned by hash: .github/workflows/skill-release.yml:1010","Warn: npmCommand not pinned by hash: .github/workflows/skill-release.yml:1121","Info:  33 out of  33 GitHub-owned GitHubAction dependencies pinned","Info:   7 out of   7 third-party GitHubAction dependencies pinned","Info:   5 out of   7 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":4,"reason":"3 out of the last 5 releases have a total of 3 signed artifacts.","details":["Info: signed release artifact: checksums.sig: https://github.com/prompt-security/clawsec/releases/tag/openclaw-audit-watchdog-v0.1.0","Info: signed release artifact: checksums.sig: https://github.com/prompt-security/clawsec/releases/tag/clawsec-suite-v0.1.2","Info: signed release artifact: checksums.sig: https://github.com/prompt-security/clawsec/releases/tag/clawsec-clawhub-checker-v0.0.1","Warn: release artifact soul-guardian-v0.0.2 not signed: https://api.github.com/repos/prompt-security/clawsec/releases/283837837","Warn: release artifact clawtributor-v0.0.3 not signed: https://api.github.com/repos/prompt-security/clawsec/releases/283547909","Warn: release artifact openclaw-audit-watchdog-v0.1.0 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/286928872","Warn: release artifact clawsec-suite-v0.1.2 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/286928912","Warn: release artifact clawsec-clawhub-checker-v0.0.1 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/286973466","Warn: release artifact soul-guardian-v0.0.2 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/283837837","Warn: release artifact clawtributor-v0.0.3 does not have provenance: https://api.github.com/repos/prompt-security/clawsec/releases/283547909"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 21 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":8,"reason":"23 out of 27 merged PRs checked by a CI test -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-02-24T18:32:39.340Z","repository_id":337274741,"created_at":"2026-02-24T18:32:39.340Z","updated_at":"2026-02-24T18:32:39.340Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34020187,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-07T02:00:07.652Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clawdbot","clawdbot-skill","hermes","hermes-agent","hermes-skill","hermes-skills","molt","moltbot-skill","moltbot-skills","nanoclaw","openclaw","openclaw-extension","openclaw-plugin","openclaw-security","openclaw-skill","openclaw-skills","picoclaw","picoclaw-install"],"created_at":"2026-02-13T05:00:20.134Z","updated_at":"2026-06-07T12:01:16.615Z","avatar_url":"https://github.com/prompt-security.png","language":"JavaScript","funding_links":[],"categories":["Cloud Infrastructure","🛡️ Security \u0026 Safety","Skills, Plugins, and Extensions","Defense \u0026 Security Controls","Security","Sponsors ❤️","Entwicklertools und Observability","Security \u0026 Hardening","Cloud \u0026 DevOps","Security \u0026 Review","Skills \u0026 Plugins","📦 Other","Community Plugins"],"sub_categories":["🔒 Security","Plugins and add-ons","Agent Runtime Security \u0026 Sandboxing","Security Audit Tools","Community Skills","Security Tools","ClawSec","Security \u0026 Governance"],"readme":"\u003c!-- AUTO-GENERATED TRANSLATION SCAFFOLD (de)\nSource: README.md\nReview status: draft\n--\u003e\n\n# Deutsch Translation Scaffold\n\nThis file is currently a draft scaffold. Use README.md as the canonical source.\n\n\u003ch1 align=\"center\"\u003e\n\u003cimg src=\"/img/prompt-icon.svg\" alt=\"prompt-icon\" breit=\"40\"\u003e\nClawSec: Security Skill Suite für KI-Agenten\n\u003cimg src=\"/img/prompt-icon.svg\" alt=\"prompt-icon\" breit=\"40\"\u003e\n\u003c/h1\u003e\n\n\u003cdiv align=\"center\"\u003e\n\nSichern Sie Ihre OpenClaw, NanoClaw und Hermes Agents mit einer kompletten Sicherheits-Fähigkeits-Suite\n\n\u003ch4\u003eBrought to you von \u003ca href=\"https://prompt.security\"\u003ePrompt Security\u003c/a\u003e, the Platform of AI Security\u003c/h4\u003e\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n![Prompt Security Logo](./img/Black+Color.png)\n\u003cimg src=\"/public/img/mascot.png\" alt=\"clawsec mascot\" breit=\"200\" /\u003e\n\n\u003c/div\u003e\n\u003cdiv align=\"center\"\u003e\n\n🌐 **Live at: [https://clawsec.prompt.security](https://clawsec.prompt.security)[https://prompt.security/clawsec](https://prompt.security/clawsec)**\n\n[![CI](https://github.com/prompt-security/clawsec/actions/workflows/ci.yml/badge.svg)](https://github.com/prompt-security/clawsec/actions/workflows/ci.yml)\n[![Deploy Pages](https://github.com/prompt-security/clawsec/actions/workflows/deploy-pages.yml/badge.svg)](https://github.com/prompt-security/clawsec/actions/workflows/deploy-pages.yml)\n[![Poll NVD CVEs](https://github.com/prompt-security/clawsec/actions/workflows/poll-nvd-cves.yml/badge.svg)](https://github.com/prompt-security/clawsec/actions/workflows/poll-nvd-cves.yml)\n\n\n\u003c/div\u003e\n\n--\n\nÜbersetzungen\n\n- Español: [README.es.md](README.es.md)\n- 한국어: [README.ko.md](README.ko.md)\n\nWas ist ClawSec?\n\nClawSec ist eine ** umfassende Sicherheits-Fähigkeits-Suite für AI-Agent-Plattformen*. Es bietet eine einheitliche Sicherheitsüberwachung, Integritätsprüfung und Bedrohung Intelligenz-Schutz der kognitiven Architektur Ihres Agenten gegen schnelle Injektion, Drift und schädliche Anweisungen.\n\n### Unterstützte Plattformen\n\n- **OpenClaw** (MoltBot, Clawdbot und Klone) - Komplette Suite mit Skill-Installer, Dateiintegritätsschutz und Sicherheitsaudits\n- **NanoKlaue** - Gebindet App-Bot-Sicherheit mit MCP-Tools für die Überwachung, Unterschriftsprüfung und Dateiintegrität\n- **Hermes** - Hermes-native Sicherheitskompetenzen für eine unterzeichnete Beratungs-Feed-Verifikation, beratungssichere Verifikation, deterministische Attestations-Generierung, fehlgeschlossene Verifikation und grundlegende Drifterkennung\n- **Picoclaw** - Leichte AI-Gateway-Sicherheitsüberprüfungen mit Beratendem Bewusstsein, config Drift-Erkennung, Release-artifact-Verifikation und einem optionalen separaten Selbst-Pen-Testpaket\n\n### Skill Feature Matrix\n\n| Skill name | unterstützte Plattform| Sicherheits-Feed-Verifikation- config Drift | Agent Self Pen-Tests- Supply-Chain-Verifikation |\n...\n| claw-release | OpenClaw | Nein | Nein | Nein | Nein | Ja |\n| clawsec-clawhub-checker | OpenClaw + clawsec-suite Integration | Nein | Nein | Nein | Ja |\n| clawsec-feed | OpenClaw | Ja | Nein | Nein | Ja |\nJa | Ja | Ja | Ja | Ja | Ja |\n| clawsec-scanner | OpenClaw | Ja | Nein | Ja | Ja | Ja |\n| clawsec-suite | OpenClaw | Ja | Ja | Nein | Ja |\n| Clawtributor | OpenClaw | Ja | Nein | Nein\n| hermes-attestation-guardian | Hermes | Ja (signierte beratende Feed-Verifikation) | Ja | Nein | Limited (nur Vorabbeleuchtung; keine Artefaktsignatur/provenance install-Verifikation) |\n| Openclaw-audit-watchdog | OpenClaw | Nein | Nein | Ja | Nein\n| Picoclaw-security-guardian | Picoclaw | Ja | Ja | Nein\n| Picoclaw-self-pen-testing\n| Seelenhüter | OpenClaw | Nein | Nein | Nein\n\n### Core Caps\n\n- **📦 Suite Installer** - One-Command-Installation aller Sicherheitsfertigkeiten mit Integritätsprüfung\n- **🛡️ Datei-Integrity-Schutz* - Drift-Erkennung und Auto-Restore für kritische Agent-Dateien (SOUL.md, IDENTITY.md, etc.)\n- **📡 Live Security Advisories* - Automatisierte NVD CVE Umfragen und Community-Drohung Intelligenz\n- **🔍 Security Audits** - Self-Check-Skripte, um schnelle Injektionsmarker und Schwachstellen zu erkennen\n- **🔐 Prüfsummenverifikation** - SHA256 Prüfsummen für alle Fähigkeiten Artefakte\n- **Health Checks* - Automatisierte Updates und Integritätsprüfung für alle installierten Fähigkeiten\n\n--\n\nProduktdemonstrationen\n\nAnimierte Vorschauen unten sind GIFs (keine Audio). Klicken Sie auf jede Vorschau, um das volle MP4 mit Audio zu öffnen.\n\n### Demo installieren (`clawsec-suite`)\n\n[![Install demo animated preview](public/video/install-demo-preview.gif)(öffentlich/video/install-demo.mp4)\n\nDirekter Link: [install-demo.mp4](public/video/install-demo.mp4)\n\n### Drift Detection Demo (`soul-guardian`)\n\n[![Drift detection animated preview](public/video/soul-guardian-demo-preview.gif)(öffentlich/video/soul-guardian-demo.mp4)\n\nDirekter Link: [soul-guardian-demo.mp4](public/video/soul-guardian-demo.mp4)\n\n--\n\n🚀 Schneller Start\n\n### For AI Agents\n\n```bash\n# Install the ClawSec security suite\nnpx clawhub@latest install clawsec-suite\n```\n\nNach der Installation kann die Suite:\nANHANG Entdecken Sie installierbare Schutze aus dem veröffentlichten Kompetenzkatalog\n2. Verifizieren Sie die Freigabeintegrität mit unterzeichneten Prüfsummen\n3. Einrichtung von Beratungs- und hakenbasierten Schutzströmen\n4. Optionale geplante Überprüfungen hinzufügen\n\nManual/source-first option:\n\n\u003e Weiterlesen https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md und folgen den Installationsanweisungen.\n\n### For Humans\n\nKopieren Sie diese Anleitung zu Ihrem KI-Agent:\n\n\u003e Installieren Sie ClawSec mit `npx clawhub@latest install clawsec-suite`, füllen Sie dann die Setup-Schritte aus den generierten Anweisungen aus.\n\n### Shell and OS Notes\n\nClawSec-Skripte werden aufgeteilt zwischen:\n- Cross-Plattform Node/Python-Tooling (`npm run build`, Haken/Setup `.mjs`_ `utils/*.py`_\n- POSIX Shell Workflows (`*.sh`, die meisten manuellen Installationsschnipsel)\n\nFür Linux/macOS (`bash`/`zsh`):\n- Verwenden Sie nicht zitiertes oder doppelt zitiertes Zuhause vars: `export INSTALL_ROOT=\"$HOME/.openclaw/skills\"`\n- Do **not** Einquoten-Expandierbare Vars (zum Beispiel `'$HOME/.openclaw/skills'`)\n\nFür Windows (PowerShell):\n- Präferen Sie explizite Pfadaufbau:\n- Was?\n- Was?\n- POSIX `.sh` Skripte benötigen WSL oder Git Bash.\n\nFehlerbehebung: Wenn Sie Verzeichnisse wie `~/.openclaw/workspace/$HOME/...` sehen, wurde eine Heimvariable buchstäblich übergeben. Re-run mit einem absoluten Pfad oder einem nicht zitierten Heimausdruck.\n\n--\n\nPlattform \u0026 Suite Dokumentation\n\nDetaillierte Plattform und Suiten docs live in den Wiki-Modulen:\n- NanoClaw: [wiki/modules/nanoclaw-integration.md](wiki/modules/nanoclaw-integration.md)\n- Hermes: [wiki/modules/hermes-attestation-guardian.md](wiki/modules/hermes-attestation-guardian.md)\n- Picoclaw: [wiki/modules/picoclaw-security-guardian.md](wiki/modules/picoclaw-security-guardian.md)\n- Picoclaw Selbstprüfung: [wiki/modules/picoclaw-self-pen-testing.md](wiki/modules/picoclaw-self-pen-testing.md)\n- ClawSec Suite (OpenClaw): [wiki/modules/clawsec-suite.md](wiki/modules/clawsec-suite.md)\n- CI/CD-Pipelines: [wiki/modules/automation-release.md](wiki/modules/automation-release.md)\n\nSchnelle Installation von Links:\n- NanoClaw installiert: [skills/clawsec-nanoclaw/INSTALL.md](skills/clawsec-nanoclaw/INSTALL.md)\n- Hermes Geschick Paket: `skills/hermes-attestation-guardian/`\n- Picoclaw Schutzpaket: `skills/picoclaw-security-guardian/`\n- Picoclaw Selbstprüfungspaket: `skills/picoclaw-self-pen-testing/`\n- Suite-Paket: `skills/clawsec-suite/`\n\n--\n\n📡 Sicherheitsberatung Fütterung\n\nClawSec unterhält einen kontinuierlich aktualisierten Sicherheitsberatungsfeed, der automatisch aus der NIST National Vulnerability Database (NVD) besiedelt wird.\n\n### Feed URL\n\n```bash\n# Fetch latest advisories\ncurl -s https://clawsec.prompt.security/advisories/feed.json | jq '.advisories[] | select(.severity == \"critical\" or .severity == \"high\")'\n```\n\nKanonischer Endpunkt: `https://clawsec.prompt.security/advisories/feed.json`\nKompatibilitätsspiegel (Legalacy): `https://clawsec.prompt.security/releases/latest/download/feed.json`\n\n### Überwachte Keywords\n\nDie Feed-Quoten CVEs bezogen auf:\n**OpenClaw Platform**: `OpenClaw`, `clawdbot`__, `Moltbot`\n**NanoClaw Platform**: `NanoClaw`____________________________________________________\n- **Picoclaw Platform*: `Picoclaw`, `picoclaw`, leichte AI Gateways, MCP Gateway Belichtung\n- Prompt Injektionsmuster\n- Sicherheitslücken von Agenten\n\n### Exploitability Context\n\nClawSec bereichert CVE-Advisories mit **-Exploitability-Kontext**, um Agenten dabei zu helfen, das reale Risiko über die rohen CVSS-Score hinaus zu bewerten. Neu analysierte Berater können:\n\n- **Exploit Evidence**: Ob öffentliche Ausbeutungen in der Wildnis existieren\n- **Beantwortungsstatus**: Wenn Exploits in gemeinsame Angriffsrahmen integriert werden\n- **Anforderungen**: Voraussetzungen für eine erfolgreiche Nutzung (Netzwerkzugriff, Authentifizierung, Benutzerinteraktion)\n- **Risikobewertung**: Kontextualisiertes Risikoniveau, das technische Schwere mit Ausbeutbarkeit kombiniert\n\nDiese Funktion hilft Agenten, Schwachstellen zu priorisieren, die unmittelbare Bedrohungen gegenüber theoretischen Risiken darstellen und intelligentere Sicherheitsentscheidungen ermöglichen.\n\n### Advisory Schema\n\n**NVD CVE Beratung:**\n```json\n{\n  \"id\": \"CVE-2026-XXXXX\",\n  \"severity\": \"critical|high|medium|low\",\n  \"type\": \"vulnerable_skill\",\n  \"platforms\": [\"openclaw\", \"nanoclaw\"],\n  \"title\": \"Short description\",\n  \"description\": \"Full CVE description from NVD\",\n  \"published\": \"2026-02-01T00:00:00Z\",\n  \"cvss_score\": 8.8,\n  \"nvd_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX\",\n  \"exploitability_score\": \"high|medium|low|unknown\",\n  \"exploitability_rationale\": \"Why this CVE is or is not likely exploitable in agent deployments\",\n  \"references\": [\"...\"],\n  \"action\": \"Recommended remediation\"\n}\n```\n\n**Gemeinschaftsbeirat:**\n```json\n{\n  \"id\": \"CLAW-2026-0042\",\n  \"severity\": \"high\",\n  \"type\": \"prompt_injection|vulnerable_skill|tampering_attempt\",\n  \"platforms\": [\"nanoclaw\"],\n  \"title\": \"Short description\",\n  \"description\": \"Detailed description from issue\",\n  \"published\": \"2026-02-01T00:00:00Z\",\n  \"affected\": [\"skill-name@1.0.0\"],\n  \"source\": \"Community Report\",\n  \"github_issue_url\": \"https://github.com/.../issues/42\",\n  \"action\": \"Recommended remediation\"\n}\n```\n\n**Platformwerte:**\n- `\"openclaw\"` - OpenClaw/Clawdbot/Molt Nur\n- `\"nanoclaw\"` - NanoClaw nur\n- Nur Hermes\n- Nur Picoclaw\n- `[\"openclaw\", \"nanoclaw\", \"hermes\", \"picoclaw\"]` - Alle Kernplattformen\n- (leer/missing) - Alle Plattformen (backward kompatibel)\n\n--\n\n🔄 CI/CD Pipelines\n\nCI/CD Pipelinedetails wurden auf die Wiki-Modulseite verschoben:\n- Was?\n\nÄhnliche Arbeitspunkte:\n- Was?\n- Was?\n\n--\n\n🛠️ Offline Tools\n\nClawSec umfasst Python utilities für lokale Fähigkeiten Entwicklung und Validierung.\n\n### Skill Validator\n\nValidiert einen Geschicksordner gegen das erforderliche Schema:\n\n```bash\npython utils/validate_skill.py skills/clawsec-feed\n```\n\nKontrollen:\n- `skill.json` existiert und ist gültig JSON\n- Erforderliche Felder vorhanden (Name, Version, Beschreibung, Autor, Lizenz)\n- SBOM-Dateien existieren und sind lesbar\n- OpenClaw Metadaten sind richtig strukturiert\n\n### Skill Checksums Generator\n\nErzeugt `checksums.json` mit SHA256 Hashes für ein Geschick:\n\n```bash\npython utils/package_skill.py skills/clawsec-feed ./dist\n```\n\nAusgänge:\n- `checksums.json` - SHA256 hathes zur Überprüfung\n\n--\n\nLokale Entwicklung\n\n### Voraussetzungen\n\n- Node.js 20+\n- Python 3.10+ (für Offline-Tools)\n- npm\n\n### Setup\n\n```bash\n# Install dependencies\nnpm install\n\n# Start development server\nnpm run dev\n```\n\n### Lokale Daten ausfüllen\n\n```bash\n# Populate skills catalog from local skills/ directory\n./scripts/populate-local-skills.sh\n\n# Populate advisory feed with real NVD CVE data\n./scripts/populate-local-feed.sh --days 120\n\n# Generate wiki llms exports from wiki/ (for local preview)\n./scripts/populate-local-wiki.sh\n\n# Direct generator entrypoint (used by predev/prebuild)\nnpm run gen:wiki-llms\n```\n\nAnmerkungen:\n- `npm run dev` und `npm run build` regenerieren automatisch wiki `llms.txt` Exporte (`predev`_`prebuild` Haken).\n- `public/wiki/` wird ausgegeben (lokal + CI) und ist absichtlich gitignored.\n\n### Build\n\n```bash\nnpm run build\n```\n\n--\n\nProjektstruktur\n\n```\n├── advisories/\n│   ├── feed.json                    # Main advisory feed\n│   ├── feed.json.sig                # Detached signature for feed.json\n│   └── feed-signing-public.pem      # Public key for feed verification\n├── components/                      # React components\n├── pages/                           # Route/page components\n├── wiki/                            # Source-of-truth docs (synced to GitHub Wiki)\n├── scripts/\n│   ├── generate-wiki-llms.mjs       # wiki/*.md -\u003e public/wiki/**/llms.txt\n│   ├── populate-local-feed.sh       # Local CVE feed populator\n│   ├── populate-local-skills.sh     # Local skills catalog populator\n│   ├── populate-local-wiki.sh       # Local wiki llms export populator\n│   ├── prepare-to-push.sh           # Local CI-style quality gate\n│   ├── validate-release-links.sh    # Release link checks\n│   └── release-skill.sh             # Manual skill release helper\n├── skills/\n│   ├── claw-release/                # 🚀 Release automation workflow skill\n│   ├── clawsec-suite/               # 📦 Suite installer (skill-of-skills)\n│   ├── clawsec-feed/                # 📡 Advisory feed skill\n│   ├── clawsec-scanner/             # 🔍 Vulnerability scanner (deps + SAST + OpenClaw DAST)\n│   ├── clawsec-nanoclaw/            # 📱 NanoClaw platform security suite\n│   ├── clawsec-clawhub-checker/     # 🧪 ClawHub reputation checks\n│   ├── clawtributor/                # 🤝 Community reporting skill\n│   ├── hermes-attestation-guardian/ # 🛡️ Hermes attestation + drift verification\n│   ├── openclaw-audit-watchdog/     # 🔭 Automated audit skill\n│   ├── picoclaw-security-guardian/  # 🦐 Picoclaw posture/advisory/drift/supply-chain checks\n│   ├── picoclaw-self-pen-testing/   # 🧪 Picoclaw self-pen-testing checks (separate package)\n│   └── soul-guardian/               # 👻 File integrity skill\n├── utils/\n│   ├── package_skill.py             # Skill packager utility\n│   └── validate_skill.py            # Skill validator utility\n├── .github/workflows/\n│   ├── ci.yml                       # Cross-platform lint/type/build + tests\n│   ├── pages-verify.yml             # PR-only pages build/signing verification\n│   ├── poll-nvd-cves.yml            # CVE polling pipeline\n│   ├── community-advisory.yml       # Approved issue -\u003e advisory PR\n│   ├── skill-release.yml            # Skill release/signing pipeline\n│   ├── deploy-pages.yml             # GitHub Pages deployment\n│   ├── wiki-sync.yml                # Sync repo wiki/ to GitHub Wiki\n│   ├── codeql.yml                   # CodeQL security analysis\n│   └── scorecard.yml                # OpenSSF Scorecard checks\n└── public/                          # Static assets + generated wiki exports\n```\n\n--\n\nBeiträge\n\nWir begrüßen Beiträge! Siehe [CONTRIBUTING.md](CONTRIBUTING.md) für Richtlinien.\n\n### Sicherheitsberater einfügen\n\nHaben Sie einen schnellen Injektionsvektor, bösartige Fähigkeiten oder Sicherheitslücke gefunden? Über GitHub Issues melden:\n\nANHANG Öffne ein neues Problem mit der Vorlage **Security Incident Report***\n2. Füllen Sie die erforderlichen Felder aus (Stärke, Art, Beschreibung, Betroffene Fähigkeiten)\n3. Ein Betreuer überprüft und fügt das `advisory-approved` Label hinzu\n4. Die Beratung wird automatisch im Feed veröffentlicht als `CLAW-{YEAR}-{ISSUE#}`\n\nSiehe `CLAW-{YEAR}-{ISSUE#}` für detaillierte Richtlinien.\n\n### Neue Fähigkeiten hinzufügen\n\nANHANG Erstellen Sie einen Kompetenzordner unter `skills/`\n2. Hinzufügen `skill.json` mit benötigten Metadaten und SBOM\n3. `SKILL.md` mit agentenlesbaren Anweisungen hinzufügen\n4. Gültig mit `python utils/validate_skill.py skills/your-skill`\n5. Eine PR zur Überprüfung einreichen\n\n📚 Dokumentation Quelle der Wahrheit\n\nFür alle Wiki-Inhalte bearbeiten Sie Dateien unter `wiki/` in diesem Repository. Das GitHub Wiki (`\u003crepo\u003e.wiki.git`) wird von `wiki/`_ durch `.github/workflows/wiki-sync.yml` synchronisiert, wenn `wiki/**`_ auf `main`__ wechselt.\n\nLLM-Exporte werden von `wiki/` in `public/wiki/`_ generiert:\n- `/wiki/llms.txt` ist der LLM-ready Export für `wiki/INDEX.md` (oder ein generierter Fallback-Index, wenn `INDEX.md` fehlt).\n- `/wiki/\u003cpage\u003e/llms.txt` ist der LLM-ready Export für diese einzelne Wiki-Seite.\n\n--\n\n📄 Lizenz\n\n- Quellcode: GNU AGPL v3.0 oder später - Siehe [LICENSE](LICENSE) für Details.\n- Schriften in `font/`: separat lizenziert - Siehe [`font/README.md`](font/README.md).\n\n--\n\n\u003cdiv align=\"center\"\u003e\n\n**ClawSec** · Sicherheitsleistung, SentinelOne\n\n🦞 Härten Agentic Workflows, eine Fähigkeit zu einer Zeit.\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprompt-security%2Fclawsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprompt-security%2Fclawsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprompt-security%2Fclawsec/lists"}