{ "schemaVersion": "1.0", "item": { "slug": "clawsec-suite", "name": "clawsec-suite", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/davida-ps/clawsec-suite", "canonicalUrl": "https://clawhub.ai/davida-ps/clawsec-suite", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/clawsec-suite", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawsec-suite", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "HEARTBEAT.md", "SKILL.md", "advisories/feed.json", "hooks/clawsec-advisory-guardian/HOOK.md", "hooks/clawsec-advisory-guardian/handler.ts" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/clawsec-suite" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/clawsec-suite", "agentPageUrl": "https://openagent3.xyz/skills/clawsec-suite/agent", "manifestUrl": "https://openagent3.xyz/skills/clawsec-suite/agent.json", "briefUrl": "https://openagent3.xyz/skills/clawsec-suite/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "ClawSec Suite", "body": "This means clawsec-suite can:\n\nmonitor the ClawSec advisory feed,\ntrack which advisories are new since last check,\ncross-reference advisories against locally installed skills,\nrecommend removal for malicious-skill advisories and require explicit user approval first,\nand still act as the setup/management entrypoint for other ClawSec protections." }, { "title": "Built into clawsec-suite", "body": "Embedded feed seed file: advisories/feed.json\nPortable heartbeat workflow in HEARTBEAT.md\nAdvisory polling + state tracking + affected-skill checks\nOpenClaw advisory guardian hook package: hooks/clawsec-advisory-guardian/\nSetup scripts for hook and optional cron scheduling: scripts/\nGuarded installer: scripts/guarded_skill_install.mjs\nDynamic catalog discovery for installable skills: scripts/discover_skill_catalog.mjs" }, { "title": "Installed separately (dynamic catalog)", "body": "clawsec-suite does not hard-code add-on skill names in this document.\n\nDiscover the current catalog from the authoritative index (https://clawsec.prompt.security/skills/index.json) at runtime:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/discover_skill_catalog.mjs\"\n\nFallback behavior:\n\nIf the remote catalog index is reachable and valid, the suite uses it.\nIf the remote index is unavailable or malformed, the script falls back to suite-local catalog metadata in skill.json." }, { "title": "Cross-shell path note", "body": "In bash/zsh, keep path variables expandable (for example, INSTALL_ROOT=\"$HOME/.openclaw/skills\").\nDo not single-quote home-variable paths (avoid '$HOME/.openclaw/skills').\nIn PowerShell, set an explicit path:\n\n$env:INSTALL_ROOT = Join-Path $HOME \".openclaw\\\\skills\"\n\n\nIf a path is passed with unresolved tokens (like \\$HOME/...), suite scripts now fail fast with a clear error." }, { "title": "Option A: Via clawhub (recommended)", "body": "npx clawhub@latest install clawsec-suite" }, { "title": "Option B: Manual download with signature + checksum verification", "body": "set -euo pipefail\n\nVERSION=\"${SKILL_VERSION:?Set SKILL_VERSION (e.g. 0.0.8)}\"\nINSTALL_ROOT=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}\"\nDEST=\"$INSTALL_ROOT/clawsec-suite\"\nBASE=\"https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v${VERSION}\"\n\nTEMP_DIR=\"$(mktemp -d)\"\ntrap 'rm -rf \"$TEMP_DIR\"' EXIT\n\n# Pinned release-signing public key (verify fingerprint out-of-band on first use)\n# Fingerprint (SHA-256 of SPKI DER): 711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8\nRELEASE_PUBKEY_SHA256=\"711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8\"\ncat > \"$TEMP_DIR/release-signing-public.pem\" <<'PEM'\n-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAS7nijfMcUoOBCj4yOXJX+GYGv2pFl2Yaha1P4v5Cm6A=\n-----END PUBLIC KEY-----\nPEM\n\nACTUAL_KEY_SHA256=\"$(openssl pkey -pubin -in \"$TEMP_DIR/release-signing-public.pem\" -outform DER | shasum -a 256 | awk '{print $1}')\"\nif [ \"$ACTUAL_KEY_SHA256\" != \"$RELEASE_PUBKEY_SHA256\" ]; then\n echo \"ERROR: Release public key fingerprint mismatch\" >&2\n exit 1\nfi\n\nZIP_NAME=\"clawsec-suite-v${VERSION}.zip\"\n\n# 1) Download release archive + signed checksums manifest + signing public key\ncurl -fsSL \"$BASE/$ZIP_NAME\" -o \"$TEMP_DIR/$ZIP_NAME\"\ncurl -fsSL \"$BASE/checksums.json\" -o \"$TEMP_DIR/checksums.json\"\ncurl -fsSL \"$BASE/checksums.sig\" -o \"$TEMP_DIR/checksums.sig\"\n\n# 2) Verify checksums manifest signature before trusting any hashes\nopenssl base64 -d -A -in \"$TEMP_DIR/checksums.sig\" -out \"$TEMP_DIR/checksums.sig.bin\"\nif ! openssl pkeyutl -verify \\\n -pubin \\\n -inkey \"$TEMP_DIR/release-signing-public.pem\" \\\n -sigfile \"$TEMP_DIR/checksums.sig.bin\" \\\n -rawin \\\n -in \"$TEMP_DIR/checksums.json\" >/dev/null 2>&1; then\n echo \"ERROR: checksums.json signature verification failed\" >&2\n exit 1\nfi\n\nEXPECTED_ZIP_SHA=\"$(jq -r '.archive.sha256 // empty' \"$TEMP_DIR/checksums.json\")\"\nif [ -z \"$EXPECTED_ZIP_SHA\" ]; then\n echo \"ERROR: checksums.json missing archive.sha256\" >&2\n exit 1\nfi\n\nif command -v shasum >/dev/null 2>&1; then\n ACTUAL_ZIP_SHA=\"$(shasum -a 256 \"$TEMP_DIR/$ZIP_NAME\" | awk '{print $1}')\"\nelse\n ACTUAL_ZIP_SHA=\"$(sha256sum \"$TEMP_DIR/$ZIP_NAME\" | awk '{print $1}')\"\nfi\n\nif [ \"$EXPECTED_ZIP_SHA\" != \"$ACTUAL_ZIP_SHA\" ]; then\n echo \"ERROR: Archive checksum mismatch for $ZIP_NAME\" >&2\n exit 1\nfi\n\necho \"Checksums manifest signature and archive hash verified.\"\n\n# 3) Install verified archive\nmkdir -p \"$INSTALL_ROOT\"\nrm -rf \"$DEST\"\nunzip -q \"$TEMP_DIR/$ZIP_NAME\" -d \"$INSTALL_ROOT\"\n\nchmod 600 \"$DEST/skill.json\"\nfind \"$DEST\" -type f ! -name \"skill.json\" -exec chmod 644 {} \\;\n\necho \"Installed clawsec-suite v${VERSION} to: $DEST\"\necho \"Next step (OpenClaw): node \\\"\\$DEST/scripts/setup_advisory_hook.mjs\\\"\"" }, { "title": "OpenClaw Automation (Hook + Optional Cron)", "body": "After installing the suite, enable the advisory guardian hook:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/setup_advisory_hook.mjs\"\n\nOptional: create/update a periodic cron nudge (default every 6h) that triggers a main-session advisory scan:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/setup_advisory_cron.mjs\"\n\nWhat this adds:\n\nscan on agent:bootstrap and /new (command:new),\ncompare advisory affected entries against installed skills,\nconsider advisories with application: \"openclaw\" (and legacy entries without application for backward compatibility),\nnotify when new matches appear,\nand ask for explicit user approval before any removal flow.\n\nRestart the OpenClaw gateway after enabling the hook. Then run /new once to force an immediate scan in the next session context." }, { "title": "Guarded Skill Install Flow (Double Confirmation)", "body": "When the user asks to install a skill, treat that as the first request and run a guarded install check:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/guarded_skill_install.mjs\" --skill helper-plus --version 1.0.1\n\nBehavior:\n\nIf no advisory match is found, install proceeds.\nIf --version is omitted, matching is conservative: any advisory that references the skill name is treated as a match.\nIf advisory match is found, the script prints advisory context and exits with code 42.\nThen require an explicit second confirmation from the user and rerun with --confirm-advisory:\n\nnode \"$SUITE_DIR/scripts/guarded_skill_install.mjs\" --skill helper-plus --version 1.0.1 --confirm-advisory\n\nThis enforces:\n\nFirst confirmation: user asked to install.\nSecond confirmation: user explicitly approves install after seeing advisory details." }, { "title": "Embedded Advisory Feed Behavior", "body": "The embedded feed logic uses these defaults:\n\nRemote feed URL: https://clawsec.prompt.security/advisories/feed.json\nRemote feed signature URL: ${CLAWSEC_FEED_URL}.sig (override with CLAWSEC_FEED_SIG_URL)\nRemote checksums manifest URL: sibling checksums.json (override with CLAWSEC_FEED_CHECKSUMS_URL)\nLocal seed fallback: ~/.openclaw/skills/clawsec-suite/advisories/feed.json\nLocal feed signature: ${CLAWSEC_LOCAL_FEED}.sig (override with CLAWSEC_LOCAL_FEED_SIG)\nLocal checksums manifest: ~/.openclaw/skills/clawsec-suite/advisories/checksums.json\nPinned feed signing key: ~/.openclaw/skills/clawsec-suite/advisories/feed-signing-public.pem (override with CLAWSEC_FEED_PUBLIC_KEY)\nState file: ~/.openclaw/clawsec-suite-feed-state.json\nHook rate-limit env (OpenClaw hook): CLAWSEC_HOOK_INTERVAL_SECONDS (default 300)\n\nFail-closed verification: Feed signatures are required by default. Checksum manifests are verified when companion checksum artifacts are available. Set CLAWSEC_ALLOW_UNSIGNED_FEED=1 only as a temporary migration bypass when adopting this version before signed feed artifacts are available upstream." }, { "title": "Quick feed check", "body": "FEED_URL=\"${CLAWSEC_FEED_URL:-https://clawsec.prompt.security/advisories/feed.json}\"\nSTATE_FILE=\"${CLAWSEC_SUITE_STATE_FILE:-$HOME/.openclaw/clawsec-suite-feed-state.json}\"\n\nTMP=\"$(mktemp -d)\"\ntrap 'rm -rf \"$TMP\"' EXIT\n\nif ! curl -fsSLo \"$TMP/feed.json\" \"$FEED_URL\"; then\n echo \"ERROR: Failed to fetch advisory feed\"\n exit 1\nfi\n\nif ! jq -e '.version and (.advisories | type == \"array\")' \"$TMP/feed.json\" >/dev/null; then\n echo \"ERROR: Invalid advisory feed format\"\n exit 1\nfi\n\nmkdir -p \"$(dirname \"$STATE_FILE\")\"\nif [ ! -f \"$STATE_FILE\" ]; then\n echo '{\"schema_version\":\"1.0\",\"known_advisories\":[],\"last_feed_check\":null,\"last_feed_updated\":null}' > \"$STATE_FILE\"\n chmod 600 \"$STATE_FILE\"\nfi\n\nNEW_IDS_FILE=\"$TMP/new_ids.txt\"\njq -r --argfile state \"$STATE_FILE\" '($state.known_advisories // []) as $known | [.advisories[]?.id | select(. != null and ($known | index(.) | not))] | .[]?' \"$TMP/feed.json\" > \"$NEW_IDS_FILE\"\n\nif [ -s \"$NEW_IDS_FILE\" ]; then\n echo \"New advisories detected:\"\n while IFS= read -r id; do\n [ -z \"$id\" ] && continue\n jq -r --arg id \"$id\" '.advisories[] | select(.id == $id) | \"- [\\(.severity | ascii_upcase)] \\(.id): \\(.title)\"' \"$TMP/feed.json\"\n jq -r --arg id \"$id\" '.advisories[] | select(.id == $id) | \" Exploitability: \\(.exploitability_score // \"unknown\" | ascii_upcase)\"' \"$TMP/feed.json\"\n done < \"$NEW_IDS_FILE\"\nelse\n echo \"FEED_OK - no new advisories\"\nfi" }, { "title": "Exploitability Context", "body": "Advisories in the feed can include exploitability_score and exploitability_rationale fields to help agents prioritize real-world threats:\n\nExploitability scores: high, medium, low, or unknown\nContext-aware assessment: Considers attack vector, authentication requirements, and AI agent deployment patterns\nExploit availability: Detects public exploits and weaponization status\n\nWhen processing advisories, prioritize by exploitability in addition to severity. A HIGH severity + HIGH exploitability CVE is more urgent than a CRITICAL severity + LOW exploitability CVE.\n\nFor detailed methodology, see the exploitability scoring documentation." }, { "title": "Heartbeat Integration", "body": "Use the suite heartbeat script as the single periodic security check entrypoint:\n\nskills/clawsec-suite/HEARTBEAT.md\n\nIt handles:\n\nsuite update checks,\nfeed polling,\nnew-advisory detection,\naffected-skill cross-referencing,\napproval-gated response guidance for malicious/removal advisories,\nand persistent state updates." }, { "title": "Approval-Gated Response Contract", "body": "If an advisory indicates a malicious or removal-recommended skill and that skill is installed:\n\nNotify the user immediately with advisory details and severity.\nRecommend removing or disabling the affected skill.\nTreat the original install request as first intent only.\nAsk for explicit second confirmation before deletion/disable action (or before proceeding with risky install).\nOnly proceed after that second confirmation.\n\nThe suite hook and heartbeat guidance are intentionally non-destructive by default." }, { "title": "Advisory Suppression / Allowlist", "body": "The advisory guardian pipeline supports opt-in suppression for advisories that have been reviewed and accepted by your security team. This is useful for first-party tooling or advisories that do not apply to your deployment." }, { "title": "Activation", "body": "Advisory suppression requires a single gate: the configuration file must contain \"enabledFor\" with \"advisory\" in the array. No CLI flag is needed -- the sentinel in the config file IS the opt-in gate.\n\nIf the enabledFor array is missing, empty, or does not include \"advisory\", all advisories are reported normally." }, { "title": "Config File Resolution (4-tier)", "body": "The advisory guardian resolves the suppression config using the same priority order as the audit pipeline:\n\nExplicit --config argument\nOPENCLAW_AUDIT_CONFIG environment variable\n~/.openclaw/security-audit.json\n.clawsec/allowlist.json" }, { "title": "Config Format", "body": "{\n \"enabledFor\": [\"advisory\"],\n \"suppressions\": [\n {\n \"checkId\": \"CVE-2026-25593\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party security tooling — reviewed by security team\",\n \"suppressedAt\": \"2026-02-15\"\n },\n {\n \"checkId\": \"CLAW-2026-0001\",\n \"skill\": \"example-skill\",\n \"reason\": \"Advisory does not apply to our deployment configuration\",\n \"suppressedAt\": \"2026-02-16\"\n }\n ]\n}" }, { "title": "Sentinel Semantics", "body": "\"enabledFor\": [\"advisory\"] -- only advisory suppression active\n\"enabledFor\": [\"audit\"] -- only audit suppression active (no effect on advisory pipeline)\n\"enabledFor\": [\"audit\", \"advisory\"] -- both pipelines honor suppressions\nMissing or empty enabledFor -- no suppression active (safe default)" }, { "title": "Matching Rules", "body": "checkId: exact match against the advisory ID (e.g., CVE-2026-25593 or CLAW-2026-0001)\nskill: case-insensitive match against the affected skill name from the advisory\nBoth fields must match for an advisory to be suppressed" }, { "title": "Required Fields per Suppression Entry", "body": "FieldDescriptionExamplecheckIdAdvisory ID to suppressCVE-2026-25593skillAffected skill nameclawsec-suitereasonJustification for audit trail (required)First-party tooling, reviewed by security teamsuppressedAtISO 8601 date (YYYY-MM-DD)2026-02-15" }, { "title": "Shared Config with Audit Pipeline", "body": "The advisory and audit pipelines share the same config file. Use the enabledFor array to control which pipelines honor the suppression list:\n\n{\n \"enabledFor\": [\"audit\", \"advisory\"],\n \"suppressions\": [\n {\n \"checkId\": \"skills.code_safety\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party tooling — audit finding accepted\",\n \"suppressedAt\": \"2026-02-15\"\n },\n {\n \"checkId\": \"CVE-2026-25593\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party tooling — advisory reviewed\",\n \"suppressedAt\": \"2026-02-15\"\n }\n ]\n}\n\nAudit entries (with check identifiers like skills.code_safety) are only matched by the audit pipeline. Advisory entries (with advisory IDs like CVE-2026-25593 or CLAW-2026-0001) are only matched by the advisory pipeline. Each pipeline filters for its own relevant entries." }, { "title": "Optional Skill Installation", "body": "Discover currently available installable skills dynamically, then install the ones you want:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/discover_skill_catalog.mjs\"\n\n# then install any discovered skill by name\nnpx clawhub@latest install \n\nMachine-readable output is also available for automation:\n\nnode \"$SUITE_DIR/scripts/discover_skill_catalog.mjs\" --json" }, { "title": "Security Notes", "body": "Always verify checksums.json signature before trusting its file URLs/hashes, then verify each file checksum.\nVerify advisory feed detached signatures; do not enable CLAWSEC_ALLOW_UNSIGNED_FEED outside temporary migration windows.\nKeep advisory polling rate-limited (at least 5 minutes between checks).\nTreat critical and high advisories affecting installed skills as immediate action items.\nIf you migrate off standalone clawsec-feed, keep one canonical state file to avoid duplicate notifications.\nPin and verify public key fingerprints out-of-band before first use." } ], "body": "ClawSec Suite\n\nThis means clawsec-suite can:\n\nmonitor the ClawSec advisory feed,\ntrack which advisories are new since last check,\ncross-reference advisories against locally installed skills,\nrecommend removal for malicious-skill advisories and require explicit user approval first,\nand still act as the setup/management entrypoint for other ClawSec protections.\nIncluded vs Optional Protections\nBuilt into clawsec-suite\nEmbedded feed seed file: advisories/feed.json\nPortable heartbeat workflow in HEARTBEAT.md\nAdvisory polling + state tracking + affected-skill checks\nOpenClaw advisory guardian hook package: hooks/clawsec-advisory-guardian/\nSetup scripts for hook and optional cron scheduling: scripts/\nGuarded installer: scripts/guarded_skill_install.mjs\nDynamic catalog discovery for installable skills: scripts/discover_skill_catalog.mjs\nInstalled separately (dynamic catalog)\n\nclawsec-suite does not hard-code add-on skill names in this document.\n\nDiscover the current catalog from the authoritative index (https://clawsec.prompt.security/skills/index.json) at runtime:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/discover_skill_catalog.mjs\"\n\n\nFallback behavior:\n\nIf the remote catalog index is reachable and valid, the suite uses it.\nIf the remote index is unavailable or malformed, the script falls back to suite-local catalog metadata in skill.json.\nInstallation\nCross-shell path note\nIn bash/zsh, keep path variables expandable (for example, INSTALL_ROOT=\"$HOME/.openclaw/skills\").\nDo not single-quote home-variable paths (avoid '$HOME/.openclaw/skills').\nIn PowerShell, set an explicit path:\n$env:INSTALL_ROOT = Join-Path $HOME \".openclaw\\\\skills\"\nIf a path is passed with unresolved tokens (like \\$HOME/...), suite scripts now fail fast with a clear error.\nOption A: Via clawhub (recommended)\nnpx clawhub@latest install clawsec-suite\n\nOption B: Manual download with signature + checksum verification\nset -euo pipefail\n\nVERSION=\"${SKILL_VERSION:?Set SKILL_VERSION (e.g. 0.0.8)}\"\nINSTALL_ROOT=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}\"\nDEST=\"$INSTALL_ROOT/clawsec-suite\"\nBASE=\"https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v${VERSION}\"\n\nTEMP_DIR=\"$(mktemp -d)\"\ntrap 'rm -rf \"$TEMP_DIR\"' EXIT\n\n# Pinned release-signing public key (verify fingerprint out-of-band on first use)\n# Fingerprint (SHA-256 of SPKI DER): 711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8\nRELEASE_PUBKEY_SHA256=\"711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8\"\ncat > \"$TEMP_DIR/release-signing-public.pem\" <<'PEM'\n-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAS7nijfMcUoOBCj4yOXJX+GYGv2pFl2Yaha1P4v5Cm6A=\n-----END PUBLIC KEY-----\nPEM\n\nACTUAL_KEY_SHA256=\"$(openssl pkey -pubin -in \"$TEMP_DIR/release-signing-public.pem\" -outform DER | shasum -a 256 | awk '{print $1}')\"\nif [ \"$ACTUAL_KEY_SHA256\" != \"$RELEASE_PUBKEY_SHA256\" ]; then\n echo \"ERROR: Release public key fingerprint mismatch\" >&2\n exit 1\nfi\n\nZIP_NAME=\"clawsec-suite-v${VERSION}.zip\"\n\n# 1) Download release archive + signed checksums manifest + signing public key\ncurl -fsSL \"$BASE/$ZIP_NAME\" -o \"$TEMP_DIR/$ZIP_NAME\"\ncurl -fsSL \"$BASE/checksums.json\" -o \"$TEMP_DIR/checksums.json\"\ncurl -fsSL \"$BASE/checksums.sig\" -o \"$TEMP_DIR/checksums.sig\"\n\n# 2) Verify checksums manifest signature before trusting any hashes\nopenssl base64 -d -A -in \"$TEMP_DIR/checksums.sig\" -out \"$TEMP_DIR/checksums.sig.bin\"\nif ! openssl pkeyutl -verify \\\n -pubin \\\n -inkey \"$TEMP_DIR/release-signing-public.pem\" \\\n -sigfile \"$TEMP_DIR/checksums.sig.bin\" \\\n -rawin \\\n -in \"$TEMP_DIR/checksums.json\" >/dev/null 2>&1; then\n echo \"ERROR: checksums.json signature verification failed\" >&2\n exit 1\nfi\n\nEXPECTED_ZIP_SHA=\"$(jq -r '.archive.sha256 // empty' \"$TEMP_DIR/checksums.json\")\"\nif [ -z \"$EXPECTED_ZIP_SHA\" ]; then\n echo \"ERROR: checksums.json missing archive.sha256\" >&2\n exit 1\nfi\n\nif command -v shasum >/dev/null 2>&1; then\n ACTUAL_ZIP_SHA=\"$(shasum -a 256 \"$TEMP_DIR/$ZIP_NAME\" | awk '{print $1}')\"\nelse\n ACTUAL_ZIP_SHA=\"$(sha256sum \"$TEMP_DIR/$ZIP_NAME\" | awk '{print $1}')\"\nfi\n\nif [ \"$EXPECTED_ZIP_SHA\" != \"$ACTUAL_ZIP_SHA\" ]; then\n echo \"ERROR: Archive checksum mismatch for $ZIP_NAME\" >&2\n exit 1\nfi\n\necho \"Checksums manifest signature and archive hash verified.\"\n\n# 3) Install verified archive\nmkdir -p \"$INSTALL_ROOT\"\nrm -rf \"$DEST\"\nunzip -q \"$TEMP_DIR/$ZIP_NAME\" -d \"$INSTALL_ROOT\"\n\nchmod 600 \"$DEST/skill.json\"\nfind \"$DEST\" -type f ! -name \"skill.json\" -exec chmod 644 {} \\;\n\necho \"Installed clawsec-suite v${VERSION} to: $DEST\"\necho \"Next step (OpenClaw): node \\\"\\$DEST/scripts/setup_advisory_hook.mjs\\\"\"\n\nOpenClaw Automation (Hook + Optional Cron)\n\nAfter installing the suite, enable the advisory guardian hook:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/setup_advisory_hook.mjs\"\n\n\nOptional: create/update a periodic cron nudge (default every 6h) that triggers a main-session advisory scan:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/setup_advisory_cron.mjs\"\n\n\nWhat this adds:\n\nscan on agent:bootstrap and /new (command:new),\ncompare advisory affected entries against installed skills,\nconsider advisories with application: \"openclaw\" (and legacy entries without application for backward compatibility),\nnotify when new matches appear,\nand ask for explicit user approval before any removal flow.\n\nRestart the OpenClaw gateway after enabling the hook. Then run /new once to force an immediate scan in the next session context.\n\nGuarded Skill Install Flow (Double Confirmation)\n\nWhen the user asks to install a skill, treat that as the first request and run a guarded install check:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/guarded_skill_install.mjs\" --skill helper-plus --version 1.0.1\n\n\nBehavior:\n\nIf no advisory match is found, install proceeds.\nIf --version is omitted, matching is conservative: any advisory that references the skill name is treated as a match.\nIf advisory match is found, the script prints advisory context and exits with code 42.\nThen require an explicit second confirmation from the user and rerun with --confirm-advisory:\nnode \"$SUITE_DIR/scripts/guarded_skill_install.mjs\" --skill helper-plus --version 1.0.1 --confirm-advisory\n\n\nThis enforces:\n\nFirst confirmation: user asked to install.\nSecond confirmation: user explicitly approves install after seeing advisory details.\nEmbedded Advisory Feed Behavior\n\nThe embedded feed logic uses these defaults:\n\nRemote feed URL: https://clawsec.prompt.security/advisories/feed.json\nRemote feed signature URL: ${CLAWSEC_FEED_URL}.sig (override with CLAWSEC_FEED_SIG_URL)\nRemote checksums manifest URL: sibling checksums.json (override with CLAWSEC_FEED_CHECKSUMS_URL)\nLocal seed fallback: ~/.openclaw/skills/clawsec-suite/advisories/feed.json\nLocal feed signature: ${CLAWSEC_LOCAL_FEED}.sig (override with CLAWSEC_LOCAL_FEED_SIG)\nLocal checksums manifest: ~/.openclaw/skills/clawsec-suite/advisories/checksums.json\nPinned feed signing key: ~/.openclaw/skills/clawsec-suite/advisories/feed-signing-public.pem (override with CLAWSEC_FEED_PUBLIC_KEY)\nState file: ~/.openclaw/clawsec-suite-feed-state.json\nHook rate-limit env (OpenClaw hook): CLAWSEC_HOOK_INTERVAL_SECONDS (default 300)\n\nFail-closed verification: Feed signatures are required by default. Checksum manifests are verified when companion checksum artifacts are available. Set CLAWSEC_ALLOW_UNSIGNED_FEED=1 only as a temporary migration bypass when adopting this version before signed feed artifacts are available upstream.\n\nQuick feed check\nFEED_URL=\"${CLAWSEC_FEED_URL:-https://clawsec.prompt.security/advisories/feed.json}\"\nSTATE_FILE=\"${CLAWSEC_SUITE_STATE_FILE:-$HOME/.openclaw/clawsec-suite-feed-state.json}\"\n\nTMP=\"$(mktemp -d)\"\ntrap 'rm -rf \"$TMP\"' EXIT\n\nif ! curl -fsSLo \"$TMP/feed.json\" \"$FEED_URL\"; then\n echo \"ERROR: Failed to fetch advisory feed\"\n exit 1\nfi\n\nif ! jq -e '.version and (.advisories | type == \"array\")' \"$TMP/feed.json\" >/dev/null; then\n echo \"ERROR: Invalid advisory feed format\"\n exit 1\nfi\n\nmkdir -p \"$(dirname \"$STATE_FILE\")\"\nif [ ! -f \"$STATE_FILE\" ]; then\n echo '{\"schema_version\":\"1.0\",\"known_advisories\":[],\"last_feed_check\":null,\"last_feed_updated\":null}' > \"$STATE_FILE\"\n chmod 600 \"$STATE_FILE\"\nfi\n\nNEW_IDS_FILE=\"$TMP/new_ids.txt\"\njq -r --argfile state \"$STATE_FILE\" '($state.known_advisories // []) as $known | [.advisories[]?.id | select(. != null and ($known | index(.) | not))] | .[]?' \"$TMP/feed.json\" > \"$NEW_IDS_FILE\"\n\nif [ -s \"$NEW_IDS_FILE\" ]; then\n echo \"New advisories detected:\"\n while IFS= read -r id; do\n [ -z \"$id\" ] && continue\n jq -r --arg id \"$id\" '.advisories[] | select(.id == $id) | \"- [\\(.severity | ascii_upcase)] \\(.id): \\(.title)\"' \"$TMP/feed.json\"\n jq -r --arg id \"$id\" '.advisories[] | select(.id == $id) | \" Exploitability: \\(.exploitability_score // \"unknown\" | ascii_upcase)\"' \"$TMP/feed.json\"\n done < \"$NEW_IDS_FILE\"\nelse\n echo \"FEED_OK - no new advisories\"\nfi\n\nExploitability Context\n\nAdvisories in the feed can include exploitability_score and exploitability_rationale fields to help agents prioritize real-world threats:\n\nExploitability scores: high, medium, low, or unknown\nContext-aware assessment: Considers attack vector, authentication requirements, and AI agent deployment patterns\nExploit availability: Detects public exploits and weaponization status\n\nWhen processing advisories, prioritize by exploitability in addition to severity. A HIGH severity + HIGH exploitability CVE is more urgent than a CRITICAL severity + LOW exploitability CVE.\n\nFor detailed methodology, see the exploitability scoring documentation.\n\nHeartbeat Integration\n\nUse the suite heartbeat script as the single periodic security check entrypoint:\n\nskills/clawsec-suite/HEARTBEAT.md\n\nIt handles:\n\nsuite update checks,\nfeed polling,\nnew-advisory detection,\naffected-skill cross-referencing,\napproval-gated response guidance for malicious/removal advisories,\nand persistent state updates.\nApproval-Gated Response Contract\n\nIf an advisory indicates a malicious or removal-recommended skill and that skill is installed:\n\nNotify the user immediately with advisory details and severity.\nRecommend removing or disabling the affected skill.\nTreat the original install request as first intent only.\nAsk for explicit second confirmation before deletion/disable action (or before proceeding with risky install).\nOnly proceed after that second confirmation.\n\nThe suite hook and heartbeat guidance are intentionally non-destructive by default.\n\nAdvisory Suppression / Allowlist\n\nThe advisory guardian pipeline supports opt-in suppression for advisories that have been reviewed and accepted by your security team. This is useful for first-party tooling or advisories that do not apply to your deployment.\n\nActivation\n\nAdvisory suppression requires a single gate: the configuration file must contain \"enabledFor\" with \"advisory\" in the array. No CLI flag is needed -- the sentinel in the config file IS the opt-in gate.\n\nIf the enabledFor array is missing, empty, or does not include \"advisory\", all advisories are reported normally.\n\nConfig File Resolution (4-tier)\n\nThe advisory guardian resolves the suppression config using the same priority order as the audit pipeline:\n\nExplicit --config argument\nOPENCLAW_AUDIT_CONFIG environment variable\n~/.openclaw/security-audit.json\n.clawsec/allowlist.json\nConfig Format\n{\n \"enabledFor\": [\"advisory\"],\n \"suppressions\": [\n {\n \"checkId\": \"CVE-2026-25593\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party security tooling — reviewed by security team\",\n \"suppressedAt\": \"2026-02-15\"\n },\n {\n \"checkId\": \"CLAW-2026-0001\",\n \"skill\": \"example-skill\",\n \"reason\": \"Advisory does not apply to our deployment configuration\",\n \"suppressedAt\": \"2026-02-16\"\n }\n ]\n}\n\nSentinel Semantics\n\"enabledFor\": [\"advisory\"] -- only advisory suppression active\n\"enabledFor\": [\"audit\"] -- only audit suppression active (no effect on advisory pipeline)\n\"enabledFor\": [\"audit\", \"advisory\"] -- both pipelines honor suppressions\nMissing or empty enabledFor -- no suppression active (safe default)\nMatching Rules\ncheckId: exact match against the advisory ID (e.g., CVE-2026-25593 or CLAW-2026-0001)\nskill: case-insensitive match against the affected skill name from the advisory\nBoth fields must match for an advisory to be suppressed\nRequired Fields per Suppression Entry\nField\tDescription\tExample\ncheckId\tAdvisory ID to suppress\tCVE-2026-25593\nskill\tAffected skill name\tclawsec-suite\nreason\tJustification for audit trail (required)\tFirst-party tooling, reviewed by security team\nsuppressedAt\tISO 8601 date (YYYY-MM-DD)\t2026-02-15\nShared Config with Audit Pipeline\n\nThe advisory and audit pipelines share the same config file. Use the enabledFor array to control which pipelines honor the suppression list:\n\n{\n \"enabledFor\": [\"audit\", \"advisory\"],\n \"suppressions\": [\n {\n \"checkId\": \"skills.code_safety\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party tooling — audit finding accepted\",\n \"suppressedAt\": \"2026-02-15\"\n },\n {\n \"checkId\": \"CVE-2026-25593\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party tooling — advisory reviewed\",\n \"suppressedAt\": \"2026-02-15\"\n }\n ]\n}\n\n\nAudit entries (with check identifiers like skills.code_safety) are only matched by the audit pipeline. Advisory entries (with advisory IDs like CVE-2026-25593 or CLAW-2026-0001) are only matched by the advisory pipeline. Each pipeline filters for its own relevant entries.\n\nOptional Skill Installation\n\nDiscover currently available installable skills dynamically, then install the ones you want:\n\nSUITE_DIR=\"${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite\"\nnode \"$SUITE_DIR/scripts/discover_skill_catalog.mjs\"\n\n# then install any discovered skill by name\nnpx clawhub@latest install \n\n\nMachine-readable output is also available for automation:\n\nnode \"$SUITE_DIR/scripts/discover_skill_catalog.mjs\" --json\n\nSecurity Notes\nAlways verify checksums.json signature before trusting its file URLs/hashes, then verify each file checksum.\nVerify advisory feed detached signatures; do not enable CLAWSEC_ALLOW_UNSIGNED_FEED outside temporary migration windows.\nKeep advisory polling rate-limited (at least 5 minutes between checks).\nTreat critical and high advisories affecting installed skills as immediate action items.\nIf you migrate off standalone clawsec-feed, keep one canonical state file to avoid duplicate notifications.\nPin and verify public key fingerprints out-of-band before first use." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/davida-ps/clawsec-suite", "publisherUrl": "https://clawhub.ai/davida-ps/clawsec-suite", "owner": "davida-ps", "version": "0.1.4", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/clawsec-suite", "downloadUrl": "https://openagent3.xyz/downloads/clawsec-suite", "agentUrl": "https://openagent3.xyz/skills/clawsec-suite/agent", "manifestUrl": "https://openagent3.xyz/skills/clawsec-suite/agent.json", "briefUrl": "https://openagent3.xyz/skills/clawsec-suite/agent.md" } }