soul-guardian 0.0.7

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill soul-guardian --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill soul-guardian --agent openclaw --global --yes

Update an installed skill:

npx skills update soul-guardian

Quick Install

Via ClawHub (recommended):

npx clawhub@latest install clawsec-openclaw-soul-guardian

If you already have clawsec-suite installed:
Ask your agent to pull soul-guardian from the ClawSec catalog and it will handle setup and verification automatically.

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/soul-guardian-v0.0.7/soul-guardian-v0.0.7.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/soul-guardian-v0.0.7/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/soul-guardian-v0.0.7/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/soul-guardian-v0.0.7/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) soul-guardian-v0.0.7.zip" | sha256sum -c
# 4. Extract (creates soul-guardian/ directory)
unzip soul-guardian-v0.0.7.zip

SkillSpector Security Report

Skill: soul-guardian
Source: /tmp/tmp.CyU3LZa2yq/soul-guardian
Scanned: 2026年06月10日 14:25:21 UTC

Risk Assessment

Components (6)

Issues (61)

🟡 MEDIUM: AST4

Location: scripts/install_launchd_plist.py:59
Confidence: 70%

Message: subprocess module call

Remediation: Use subprocess.run() with shell=False and an explicit argument list. Validate all inputs and avoid passing user-controlled data to commands.

🟡 MEDIUM: AST4

Location: scripts/install_launchd_plist.py:237
Confidence: 70%

Message: subprocess module call

Remediation: Use subprocess.run() with shell=False and an explicit argument list. Validate all inputs and avoid passing user-controlled data to commands.

🟡 MEDIUM: AST4

Location: scripts/install_launchd_plist.py:244
Confidence: 70%

Message: subprocess module call

Remediation: Use subprocess.run() with shell=False and an explicit argument list. Validate all inputs and avoid passing user-controlled data to commands.

🟡 MEDIUM: AST4

Location: scripts/install_launchd_plist.py:245
Confidence: 70%

Message: subprocess module call

Remediation: Use subprocess.run() with shell=False and an explicit argument list. Validate all inputs and avoid passing user-controlled data to commands.

🟡 MEDIUM: LP3

Location: SKILL.md:1
Confidence: 70%

Message: Skill has no declared permissions but code capabilities were detected: file_read, file_write, shell.

Remediation: Add a 'permissions' field to SKILL.md listing the capabilities this skill requires.

🟡 MEDIUM: EA1

Location: scripts/soul_guardian.py:893
Confidence: 80%

Message: Unrestricted Tool Access

Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.

🔴 HIGH: OH1

Location: scripts/install_launchd_plist.py:59
Confidence: 95%

Message: Unvalidated Output Injection

Remediation: Validate and sanitize all model output before using it in downstream contexts. Use parameterized queries for SQL, shell quoting for commands, and HTML encoding for web output.

🟡 MEDIUM: RA2

Location: CHANGELOG.md:23
Confidence: 80%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: CHANGELOG.md:27
Confidence: 80%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: CHANGELOG.md:38
Confidence: 80%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: CHANGELOG.md:43
Confidence: 80%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: CHANGELOG.md:27
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: CHANGELOG.md:27
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: CHANGELOG.md:42
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:127
Confidence: 80%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:246
Confidence: 80%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:250
Confidence: 80%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:2
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:24
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:47
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:48
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:64
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:64
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:79
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: scripts/install_launchd_plist.py:82
Confidence: 75%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files)...

picoclaw-self-pen-testing 0.0.3

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill picoclaw-self-pen-testing --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill picoclaw-self-pen-testing --agent openclaw --global --yes

Update an installed skill:

npx skills update picoclaw-self-pen-testing

Quick Install

GitHub release artifact (recommended):
Ask your agent to read the published skill instructions from this GitHub release and follow them:

https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/SKILL.md

Or download them locally:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/SKILL.md

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/picoclaw-self-pen-testing-v0.0.3.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) picoclaw-self-pen-testing-v0.0.3.zip" | sha256sum -c
# 4. Extract (creates picoclaw-self-pen-testing/ directory)
unzip picoclaw-self-pen-testing-v0.0.3.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: picoclaw-self-pen-testing
Source: /tmp/tmp.RTIXOo8QnY/picoclaw-self-pen-testing
Scanned: 2026年06月10日 14:59:39 UTC

Risk Assessment

Components (7)

Issues (2)

🔴 HIGH: SC2

Location: SKILL.md:47
Confidence: 90%

Message: External Script Fetching

Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.

🟡 MEDIUM: TM3

Location: lib/self_pen_test.mjs:6
Confidence: 80%

Message: Unsafe Defaults

Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.

Metadata

• Executable Scripts: No

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-self-pen-testing-v0.0.3/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

picoclaw-security-guardian 0.0.4

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill picoclaw-security-guardian --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill picoclaw-security-guardian --agent openclaw --global --yes

Update an installed skill:

npx skills update picoclaw-security-guardian

Quick Install

GitHub release artifact (recommended):
Ask your agent to read the published skill instructions from this GitHub release and follow them:

https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/SKILL.md

Or download them locally:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/SKILL.md

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/picoclaw-security-guardian-v0.0.4.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) picoclaw-security-guardian-v0.0.4.zip" | sha256sum -c
# 4. Extract (creates picoclaw-security-guardian/ directory)
unzip picoclaw-security-guardian-v0.0.4.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: picoclaw-security-guardian
Source: /tmp/tmp.E6RKaRy0oX/picoclaw-security-guardian
Scanned: 2026年06月10日 14:59:36 UTC

Risk Assessment

Components (12)

Issues (4)

🔴 HIGH: SC2

Location: SKILL.md:47
Confidence: 90%

Message: External Script Fetching

Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.

🟡 MEDIUM: TM3

Location: lib/profile.mjs:168
Confidence: 80%

Message: Unsafe Defaults

Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.

🟡 MEDIUM: TM3

Location: lib/profile.mjs:173
Confidence: 80%

Message: Unsafe Defaults

Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.

🟡 MEDIUM: TM3

Location: lib/profile.mjs:182
Confidence: 80%

Message: Unsafe Defaults

Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.

Metadata

• Executable Scripts: No

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/picoclaw-security-guardian-v0.0.4/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

openclaw-audit-watchdog 0.1.7

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill openclaw-audit-watchdog --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill openclaw-audit-watchdog --agent openclaw --global --yes

Update an installed skill:

npx skills update openclaw-audit-watchdog

Quick Install

Via ClawHub (recommended):

npx clawhub@latest install clawsec-openclaw-audit-watchdog

If you already have clawsec-suite installed:
Ask your agent to pull openclaw-audit-watchdog from the ClawSec catalog and it will handle setup and verification automatically.

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/openclaw-audit-watchdog-v0.1.7/openclaw-audit-watchdog-v0.1.7.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/openclaw-audit-watchdog-v0.1.7/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/openclaw-audit-watchdog-v0.1.7/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/openclaw-audit-watchdog-v0.1.7/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) openclaw-audit-watchdog-v0.1.7.zip" | sha256sum -c
# 4. Extract (creates openclaw-audit-watchdog/ directory)
unzip openclaw-audit-watchdog-v0.1.7.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: openclaw-audit-watchdog
Source: /tmp/tmp.HWFX58SLpE/openclaw-audit-watchdog
Scanned: 2026年06月10日 14:59:20 UTC

Risk Assessment

Components (10)

Issues (6)

🟡 MEDIUM: PE2

Location: SKILL.md:280
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: RA2

Location: SKILL.md:171
Confidence: 60%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🔴 HIGH: SC2

Location: SKILL.md:94
Confidence: 90%

Message: External Script Fetching

Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.

🔴 HIGH: P6

Location: scripts/render_report.mjs:96
Confidence: 85%

Message: Direct Prompt Extraction

Remediation: Remove any instructions that reveal, print, or output system prompts or internal rules. System instructions should never be exposed to end users.

🔴 HIGH: TM1

Location: scripts/run_audit_and_format.sh:48
Confidence: 95%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

🔴 HIGH: TM1

Location: scripts/run_audit_and_format.sh:78
Confidence: 95%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

Metadata

• Executable Scripts: Yes

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/openclaw-audit-watchdog-v0.1.7/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/openclaw-audit-watchdog-v0.1.7/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/openclaw-audit-watchdog-v0.1.7/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

hermes-attestation-guardian 0.1.4

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill hermes-attestation-guardian --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill hermes-attestation-guardian --agent openclaw --global --yes

Update an installed skill:

npx skills update hermes-attestation-guardian

Quick Install

GitHub release artifact (recommended):
Ask your agent to read the published skill instructions from this GitHub release and follow them:

https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/SKILL.md

Or download them locally:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/SKILL.md

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/hermes-attestation-guardian-v0.1.4.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) hermes-attestation-guardian-v0.1.4.zip" | sha256sum -c
# 4. Extract (creates hermes-attestation-guardian/ directory)
unzip hermes-attestation-guardian-v0.1.4.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: hermes-attestation-guardian
Source: /tmp/tmp.n3Tqat7Eql/hermes-attestation-guardian
Scanned: 2026年06月10日 14:59:14 UTC

Risk Assessment

Components (16)

Issues (1)

🔴 HIGH: SC2

Location: SKILL.md:44
Confidence: 90%

Message: External Script Fetching

Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.

Metadata

• Executable Scripts: No

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/hermes-attestation-guardian-v0.1.4/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

clawtributor 0.0.7

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.
• Marked Clawtributor as a harness-neutral global skill for OpenClaw, NanoClaw, Hermes, and Picoclaw installer grouping.
• Removed OpenClaw CLI as a declared runtime requirement because reporting is manual, approval-gated, and not tied to an OpenClaw command path.
• Documented Vercel skills installer usage alongside the OpenClaw/ClawHub install path.
• Moved local report/state guidance to ~/.clawsec/clawtributor/.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill clawtributor --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill clawtributor --agent openclaw --global --yes

Update an installed skill:

npx skills update clawtributor

Quick Install

Via ClawHub (recommended):

npx clawhub@latest install clawsec-clawtributor

If you already have clawsec-suite installed:
Ask your agent to pull clawtributor from the ClawSec catalog and it will handle setup and verification automatically.

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawtributor-v0.0.7/clawtributor-v0.0.7.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawtributor-v0.0.7/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawtributor-v0.0.7/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawtributor-v0.0.7/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) clawtributor-v0.0.7.zip" | sha256sum -c
# 4. Extract (creates clawtributor/ directory)
unzip clawtributor-v0.0.7.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: clawtributor
Source: /tmp/tmp.d8VnljbT7O/clawtributor
Scanned: 2026年06月10日 14:59:04 UTC

Risk Assessment

Components (4)

Issues (4)

🟡 MEDIUM: PE2

Location: SKILL.md:263
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🔴 HIGH: P1

Location: SKILL.md:199
Confidence: 90%

Message: Instruction Override

Remediation: Remove or rewrite any text that instructs the agent to ignore prompts, override safety rules, or trust unverified content. Ensure skill content cannot be injected to alter agent behavior.

🔴 HIGH: P1

Location: reporting.md:37
Confidence: 90%

Message: Instruction Override

Remediation: Remove or rewrite any text that instructs the agent to ignore prompts, override safety rules, or trust unverified content. Ensure skill content cannot be injected to alter agent behavior.

🔴 HIGH: SC2

Location: SKILL.md:92
Confidence: 90%

Message: External Script Fetching

Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.

Metadata

• Executable Scripts: No

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawtributor-v0.0.7/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawtributor-v0.0.7/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawtributor-v0.0.7/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

clawsec-suite 0.1.10

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

All notable changes to the ClawSec Suite will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill clawsec-suite --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill clawsec-suite --agent openclaw --global --yes

Update an installed skill:

npx skills update clawsec-suite

Quick Install

Via ClawHub (recommended):

npx clawhub@latest install clawsec-suite

If you already have clawsec-suite installed:
Ask your agent to pull clawsec-suite from the ClawSec catalog and it will handle setup and verification automatically.

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v0.1.10/clawsec-suite-v0.1.10.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v0.1.10/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v0.1.10/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v0.1.10/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) clawsec-suite-v0.1.10.zip" | sha256sum -c
# 4. Extract (creates clawsec-suite/ directory)
unzip clawsec-suite-v0.1.10.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: clawsec-suite
Source: /tmp/tmp.UiZ9nz1uLy/clawsec-suite
Scanned: 2026年06月10日 14:58:53 UTC

Risk Assessment

Components (28)

Issues (12)

🟡 MEDIUM: LP3

Location: SKILL.md:1
Confidence: 70%

Message: Skill has no declared permissions but code capabilities were detected: env, shell.

Remediation: Add a 'permissions' field to SKILL.md listing the capabilities this skill requires.

🟡 MEDIUM: E1

Location: HEARTBEAT.md:18
Confidence: 50%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🟡 MEDIUM: E1

Location: SKILL.md:108
Confidence: 60%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🔴 HIGH: E4

Location: advisories/feed.json:56
Confidence: 85%

Message: Context Leakage

Remediation: Remove any code that sends prompts, responses, or session data externally. Preserve user privacy; never exfiltrate conversation content.

🟡 MEDIUM: PE2

Location: HEARTBEAT.md:83
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: SKILL.md:148
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: SKILL.md:149
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: SKILL.md:246
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: hooks/clawsec-advisory-guardian/lib/state.ts:67
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: RA2

Location: SKILL.md:144
Confidence: 60%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🔴 HIGH: RA1

Location: hooks/clawsec-advisory-guardian/HOOK.md:20
Confidence: 85%

Message: Self-Modification

Remediation: Prevent the skill from modifying its own code, SKILL.md, or configuration files. Treat skill files as read-only at runtime.

🔴 HIGH: RA1

Location: skill.json:290
Confidence: 85%

Message: Self-Modification

Remediation: Prevent the skill from modifying its own code, SKILL.md, or configuration files. Treat skill files as read-only at runtime.

Metadata

• Executable Scripts: Yes

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v0.1.10/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v0.1.10/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v0.1.10/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

clawsec-scanner 0.0.5

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill clawsec-scanner --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill clawsec-scanner --agent openclaw --global --yes

Update an installed skill:

npx skills update clawsec-scanner

Quick Install

Via ClawHub (recommended):

npx clawhub@latest install clawsec-scanner

If you already have clawsec-suite installed:
Ask your agent to pull clawsec-scanner from the ClawSec catalog and it will handle setup and verification automatically.

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-scanner-v0.0.5/clawsec-scanner-v0.0.5.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-scanner-v0.0.5/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-scanner-v0.0.5/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-scanner-v0.0.5/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) clawsec-scanner-v0.0.5.zip" | sha256sum -c
# 4. Extract (creates clawsec-scanner/ directory)
unzip clawsec-scanner-v0.0.5.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: clawsec-scanner
Source: /tmp/tmp.SpiWoO7VeQ/clawsec-scanner
Scanned: 2026年06月10日 14:58:54 UTC

Risk Assessment

Components (15)

Issues (6)

🟡 MEDIUM: LP3

Location: SKILL.md:1
Confidence: 70%

Message: Skill has no declared permissions but code capabilities were detected: env.

Remediation: Add a 'permissions' field to SKILL.md listing the capabilities this skill requires.

🟡 MEDIUM: E1

Location: SKILL.md:118
Confidence: 60%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🟡 MEDIUM: E1

Location: scripts/query_cve_databases.mjs:13
Confidence: 50%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🟡 MEDIUM: PE2

Location: SKILL.md:185
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: SKILL.md:186
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🔴 HIGH: PE3

Location: lib/utils.mjs:26
Confidence: 60%

Message: Credential Access

Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.

Metadata

• Executable Scripts: Yes

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-scanner-v0.0.5/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-scanner-v0.0.5/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-scanner-v0.0.5/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

clawsec-nanoclaw 0.0.8

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill clawsec-nanoclaw --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill clawsec-nanoclaw --agent openclaw --global --yes

Update an installed skill:

npx skills update clawsec-nanoclaw

Quick Install

GitHub release artifact (recommended):
Ask your agent to read the published skill instructions from this GitHub release and follow them:

https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/SKILL.md

Or download them locally:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/SKILL.md

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/clawsec-nanoclaw-v0.0.8.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) clawsec-nanoclaw-v0.0.8.zip" | sha256sum -c
# 4. Extract (creates clawsec-nanoclaw/ directory)
unzip clawsec-nanoclaw-v0.0.8.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: clawsec-nanoclaw
Source: /tmp/tmp.eVfs4QnH7l/clawsec-nanoclaw
Scanned: 2026年06月10日 14:58:35 UTC

Risk Assessment

Components (21)

Issues (10)

🟡 MEDIUM: LP3

Location: SKILL.md:1
Confidence: 70%

Message: Skill has no declared permissions but code capabilities were detected: env, network.

Remediation: Add a 'permissions' field to SKILL.md listing the capabilities this skill requires.

🟡 MEDIUM: EA2

Location: docs/INTEGRITY.md:168
Confidence: 75%

Message: Autonomous Decision Making

Remediation: Add human-in-the-loop confirmation for destructive, irreversible, or high-impact operations. Never auto-execute commands that modify files, send data, or alter system state.

🟡 MEDIUM: EA2

Location: mcp-tools/integrity-tools.ts:142
Confidence: 75%

Message: Autonomous Decision Making

Remediation: Add human-in-the-loop confirmation for destructive, irreversible, or high-impact operations. Never auto-execute commands that modify files, send data, or alter system state.

🔴 HIGH: SC2

Location: SKILL.md:230
Confidence: 90%

Message: External Script Fetching

Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.

🔴 HIGH: TM1

Location: INSTALL.md:311
Confidence: 85%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

🔴 HIGH: TM1

Location: INSTALL.md:312
Confidence: 85%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

🔴 HIGH: TM1

Location: docs/INTEGRITY.md:419
Confidence: 90%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

🔴 HIGH: TM1

Location: docs/INTEGRITY.md:419
Confidence: 85%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

🔴 HIGH: TM1

Location: docs/INTEGRITY.md:453
Confidence: 85%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

🔴 HIGH: TM1

Location: docs/INTEGRITY.md:471
Confidence: 85%

Message: Tool Parameter Abuse

Remediation: Validate all tool parameters against an allowlist. Reject dangerous parameter values (shell=True, --force, -rf /) and use safe defaults.

Metadata

• Executable Scripts: Yes

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-nanoclaw-v0.0.8/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline

clawsec-feed 0.0.9

Changed

• Re-released skill package with updated marketplace grouping and signed release trust artifacts for Vercel-compatible skill installation.

Agent Skills CLI

Codex global install:

npx skills add prompt-security/clawsec --skill clawsec-feed --agent codex --global --yes

OpenClaw global install:

npx skills add prompt-security/clawsec --skill clawsec-feed --agent openclaw --global --yes

Update an installed skill:

npx skills update clawsec-feed

Quick Install

Via ClawHub (recommended):

npx clawhub@latest install clawsec-feed

If you already have clawsec-suite installed:
Ask your agent to pull clawsec-feed from the ClawSec catalog and it will handle setup and verification automatically.

Manual download with verification:

# 1. Download the release archive, checksums, and signing material
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-feed-v0.0.9/clawsec-feed-v0.0.9.zip
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-feed-v0.0.9/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-feed-v0.0.9/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-feed-v0.0.9/signing-public.pem
# 2. Verify the checksums manifest signature (Ed25519)
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json
# 3. Verify archive checksum from the signed manifest
echo "$(jq -r '.archive.sha256' checksums.json) clawsec-feed-v0.0.9.zip" | sha256sum -c
# 4. Extract (creates clawsec-feed/ directory)
unzip clawsec-feed-v0.0.9.zip

SkillSpector Security Report

SkillSpector Security Report

Skill: clawsec-feed
Source: /tmp/tmp.wvdxlx44fg/clawsec-feed
Scanned: 2026年06月10日 14:58:33 UTC

Risk Assessment

Components (4)

Issues (11)

🟡 MEDIUM: E1

Location: SKILL.md:79
Confidence: 50%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🟡 MEDIUM: E1

Location: SKILL.md:186
Confidence: 50%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🟡 MEDIUM: E1

Location: SKILL.md:808
Confidence: 50%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🟡 MEDIUM: E1

Location: skill.json:39
Confidence: 50%

Message: External Transmission

Remediation: Verify the destination URL is trusted and necessary. Remove or replace with documented APIs. Ensure no secrets, tokens, or PII are transmitted.

🟡 MEDIUM: PE2

Location: SKILL.md:290
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: SKILL.md:291
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: SKILL.md:739
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: PE2

Location: SKILL.md:752
Confidence: 80%

Message: Sudo/Root Execution

Remediation: Avoid sudo/root unless strictly required. Prefer least-privilege patterns. If elevation is needed, document the justification and scope.

🟡 MEDIUM: RA2

Location: SKILL.md:32
Confidence: 60%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟡 MEDIUM: RA2

Location: SKILL.md:174
Confidence: 60%

Message: Session Persistence

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

🟢 LOW: SC2

Location: SKILL.md:84
Confidence: 15%

Message: External Script Fetching

Remediation: Avoid downloading and executing remote scripts. Use trusted packages from PyPI/npm. If remote fetch is required, verify checksums and use HTTPS.

Metadata

• Executable Scripts: No

Generated by SkillSpector v2.1.2

Download the generated release-payload scan: skillspector-report.md

Verification

checksums.json is cryptographically signed (checksums.sig) using the ClawSec CI signing key.
Verify the signature first, then trust hashes from checksums.json:

curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-feed-v0.0.9/checksums.json
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-feed-v0.0.9/checksums.sig
curl -sLO https://github.com/prompt-security/clawsec/releases/download/clawsec-feed-v0.0.9/signing-public.pem
openssl base64 -d -A -in checksums.sig -out checksums.sig.bin
openssl pkeyutl -verify -rawin -pubin -inkey signing-public.pem -sigfile checksums.sig.bin -in checksums.json

Files

See checksums.json for the complete file manifest with SHA256 hashes.
The zip archive preserves the full directory structure of the skill.

Released by ClawSec skill distribution pipeline