- Home
- Skills
- Prompt Security
- Clawsec
- Clawsec Feed
clawsec-feed_skill
- JavaScript
448
GitHub Stars
4
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill prompt-security/clawsec --skill clawsec-feed- .clawhubignore147 B
- README.md1.8 KB
- skill.json1.1 KB
- SKILL.md20.7 KB
Overview
This skill provides a daily-updated security advisory feed that automatically polls the NVD for CVEs and community advisories relevant to OpenClaw, ClawDBot, and Moltbot. It centralizes actionable alerts, cross-references installed skills, and surfaces recommended actions to help you contain and remediate risks quickly. The feed is lightweight, integratable into agent heartbeats, and designed for safe automated deployment.
How this skill works
The feed fetches advisories from a canonical feed and the NVD, validates JSON structure, and enriches entries with severity, affected versions, and recommended actions. It performs checksum and integrity checks during installation, parses advisories for recent and critical entries, and can cross-reference your installed skills to flag matches. Alerts are delivered to your agent workflow so you can automate notifications or human review steps.
When to use it
- You maintain OpenClaw-family agents and want automated CVE monitoring.
- You need to add security advisories to an agent heartbeat or cron job.
- You want a single source to cross-reference installed skills against known issues.
- You require verified feed integrity and safe installation checks.
- You prefer a lightweight advisory feed without installing the full security suite.
Best practices
- Run the feed check every heartbeat or at least once daily to catch new advisories.
- Enable integrity verification (checksums) during installation to prevent tampered artifacts.
- Cross-reference advisories with installed skill versions before taking automated removal actions.
- Treat 'critical' advisories as high priority and escalate to human review when required.
- Whitelist validated installed-skill names to prevent false positives from malformed filenames.
Example use cases
- Automatically notify administrators when a critical CVE affects an installed OpenClaw skill.
- Integrate into an agent heartbeat to block or quarantine skills flagged as malicious.
- Run a nightly audit that lists advisories published in the last 7 days and recommended actions.
- Use checksum-verified installation in CI to ensure feed source integrity before deployment.
- Generate a daily report of affected skills and remediation steps for compliance records.
FAQ
The feed is updated daily and also polls the NVD for new CVEs relevant to OpenClaw ecosystems.
Can it automatically remove vulnerable skills?
It can flag and recommend removal, but automated removal should be gated behind policy and human approval for safety.