Back to Details

clawsec-suite

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

ClawSec Suite

ClawSec套件

This means 
clawsec-suite
can:
  • monitor the ClawSec advisory feed,
  • track which advisories are new since last check,
  • cross-reference advisories against locally installed skills,
  • recommend removal for malicious-skill advisories and require explicit user approval first,
  • and still act as the setup/management entrypoint for other ClawSec protections.
这意味着
clawsec-suite
具备以下功能:
  • 监控ClawSec咨询源,
  • 追踪自上次检查以来新增的咨询,
  • 将咨询与本地已安装的Skill进行交叉比对,
  • 针对恶意Skill的咨询建议移除操作,并需要用户明确批准后执行,
  • 同时仍可作为其他ClawSec防护功能的设置/管理入口。

Included vs Optional Protections

内置防护与可选防护

Built into clawsec-suite

clawsec-suite内置功能

  • Embedded feed seed file: 
    advisories/feed.json
  • Portable heartbeat workflow in 
    HEARTBEAT.md
  • Advisory polling + state tracking + affected-skill checks
  • OpenClaw advisory guardian hook package: 
    hooks/clawsec-advisory-guardian/
  • Setup scripts for hook and optional cron scheduling: 
    scripts/
  • Guarded installer: 
    scripts/guarded_skill_install.mjs
  • Dynamic catalog discovery for installable skills: 
    scripts/discover_skill_catalog.mjs
  • 内置源种子文件:
    advisories/feed.json
  • HEARTBEAT.md
    中的可移植心跳工作流
  • 咨询轮询 + 状态追踪 + 受影响Skill检查
  • OpenClaw咨询守护钩子包:
    hooks/clawsec-advisory-guardian/
  • 钩子和可选定时任务调度的设置脚本:
    scripts/
  • 受保护的安装程序:
    scripts/guarded_skill_install.mjs
  • 可安装Skill的动态目录发现:
    scripts/discover_skill_catalog.mjs

Installed separately (dynamic catalog)

需单独安装(动态目录)

clawsec-suite
does not hard-code add-on skill names in this document.
Discover the current catalog from the authoritative index (
https://clawsec.prompt.security/skills/index.json
) at runtime:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/discover_skill_catalog.mjs"
Fallback behavior:
  • If the remote catalog index is reachable and valid, the suite uses it.
  • If the remote index is unavailable or malformed, the script falls back to suite-local catalog metadata in 
    skill.json
    .
clawsec-suite
不会在本文档中硬编码附加Skill的名称。
在运行时从权威索引(
https://clawsec.prompt.security/skills/index.json
)发现当前目录:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/discover_skill_catalog.mjs"
回退机制:
  • 如果远程目录索引可访问且有效,套件将使用该索引。
  • 如果远程索引不可用或格式错误,脚本将回退到套件本地的
    skill.json
    目录元数据。

Installation

安装方法

Option A: Via clawhub (recommended)

选项A:通过clawhub安装(推荐)

bash
npx clawhub@latest install clawsec-suite
bash
npx clawhub@latest install clawsec-suite

Option B: Manual download with signature + checksum verification

选项B:手动下载并验证签名与校验和

bash
set -euo pipefail

VERSION="${SKILL_VERSION:?Set SKILL_VERSION (e.g. 0.0.8)}"
INSTALL_ROOT="${INSTALL_ROOT:-$HOME/.openclaw/skills}"
DEST="$INSTALL_ROOT/clawsec-suite"
BASE="https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v${VERSION}"

TEMP_DIR="$(mktemp -d)"
trap 'rm -rf "$TEMP_DIR"' EXIT
bash
set -euo pipefail

VERSION="${SKILL_VERSION:?Set SKILL_VERSION (e.g. 0.0.8)}"
INSTALL_ROOT="${INSTALL_ROOT:-$HOME/.openclaw/skills}"
DEST="$INSTALL_ROOT/clawsec-suite"
BASE="https://github.com/prompt-security/clawsec/releases/download/clawsec-suite-v${VERSION}"

TEMP_DIR="$(mktemp -d)"
trap 'rm -rf "$TEMP_DIR"' EXIT

Pinned release-signing public key (verify fingerprint out-of-band on first use)

Pinned release-signing public key (verify fingerprint out-of-band on first use)

Fingerprint (SHA-256 of SPKI DER): 711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8

Fingerprint (SHA-256 of SPKI DER): 711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8

RELEASE_PUBKEY_SHA256="711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8" cat > "$TEMP_DIR/release-signing-public.pem" <<'PEM' -----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAS7nijfMcUoOBCj4yOXJX+GYGv2pFl2Yaha1P4v5Cm6A= -----END PUBLIC KEY----- PEM
ACTUAL_KEY_SHA256="$(openssl pkey -pubin -in "$TEMP_DIR/release-signing-public.pem" -outform DER | shasum -a 256 | awk '{print $1}')" if [ "$ACTUAL_KEY_SHA256" != "$RELEASE_PUBKEY_SHA256" ]; then echo "ERROR: Release public key fingerprint mismatch" >&2 exit 1 fi
ZIP_NAME="clawsec-suite-v${VERSION}.zip"
RELEASE_PUBKEY_SHA256="711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8" cat > "$TEMP_DIR/release-signing-public.pem" <<'PEM' -----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAS7nijfMcUoOBCj4yOXJX+GYGv2pFl2Yaha1P4v5Cm6A= -----END PUBLIC KEY----- PEM
ACTUAL_KEY_SHA256="$(openssl pkey -pubin -in "$TEMP_DIR/release-signing-public.pem" -outform DER | shasum -a 256 | awk '{print $1}')" if [ "$ACTUAL_KEY_SHA256" != "$RELEASE_PUBKEY_SHA256" ]; then echo "ERROR: Release public key fingerprint mismatch" >&2 exit 1 fi
ZIP_NAME="clawsec-suite-v${VERSION}.zip"

1) Download release archive + signed checksums manifest + signing public key

1) Download release archive + signed checksums manifest + signing public key

curl -fsSL "$BASE/$ZIP_NAME" -o "$TEMP_DIR/$ZIP_NAME" curl -fsSL "$BASE/checksums.json" -o "$TEMP_DIR/checksums.json" curl -fsSL "$BASE/checksums.sig" -o "$TEMP_DIR/checksums.sig"
curl -fsSL "$BASE/$ZIP_NAME" -o "$TEMP_DIR/$ZIP_NAME" curl -fsSL "$BASE/checksums.json" -o "$TEMP_DIR/checksums.json" curl -fsSL "$BASE/checksums.sig" -o "$TEMP_DIR/checksums.sig"

2) Verify checksums manifest signature before trusting any hashes

2) Verify checksums manifest signature before trusting any hashes

openssl base64 -d -A -in "$TEMP_DIR/checksums.sig" -out "$TEMP_DIR/checksums.sig.bin" if ! openssl pkeyutl -verify
-pubin
-inkey "$TEMP_DIR/release-signing-public.pem"
-sigfile "$TEMP_DIR/checksums.sig.bin"
-rawin
-in "$TEMP_DIR/checksums.json" >/dev/null 2>&1; then echo "ERROR: checksums.json signature verification failed" >&2 exit 1 fi
EXPECTED_ZIP_SHA="$(jq -r '.archive.sha256 // empty' "$TEMP_DIR/checksums.json")" if [ -z "$EXPECTED_ZIP_SHA" ]; then echo "ERROR: checksums.json missing archive.sha256" >&2 exit 1 fi
if command -v shasum >/dev/null 2>&1; then ACTUAL_ZIP_SHA="$(shasum -a 256 "$TEMP_DIR/$ZIP_NAME" | awk '{print $1}')" else ACTUAL_ZIP_SHA="$(sha256sum "$TEMP_DIR/$ZIP_NAME" | awk '{print $1}')" fi
if [ "$EXPECTED_ZIP_SHA" != "$ACTUAL_ZIP_SHA" ]; then echo "ERROR: Archive checksum mismatch for $ZIP_NAME" >&2 exit 1 fi
echo "Checksums manifest signature and archive hash verified."
openssl base64 -d -A -in "$TEMP_DIR/checksums.sig" -out "$TEMP_DIR/checksums.sig.bin" if ! openssl pkeyutl -verify
-pubin
-inkey "$TEMP_DIR/release-signing-public.pem"
-sigfile "$TEMP_DIR/checksums.sig.bin"
-rawin
-in "$TEMP_DIR/checksums.json" >/dev/null 2>&1; then echo "ERROR: checksums.json signature verification failed" >&2 exit 1 fi
EXPECTED_ZIP_SHA="$(jq -r '.archive.sha256 // empty' "$TEMP_DIR/checksums.json")" if [ -z "$EXPECTED_ZIP_SHA" ]; then echo "ERROR: checksums.json missing archive.sha256" >&2 exit 1 fi
if command -v shasum >/dev/null 2>&1; then ACTUAL_ZIP_SHA="$(shasum -a 256 "$TEMP_DIR/$ZIP_NAME" | awk '{print $1}')" else ACTUAL_ZIP_SHA="$(sha256sum "$TEMP_DIR/$ZIP_NAME" | awk '{print $1}')" fi
if [ "$EXPECTED_ZIP_SHA" != "$ACTUAL_ZIP_SHA" ]; then echo "ERROR: Archive checksum mismatch for $ZIP_NAME" >&2 exit 1 fi
echo "Checksums manifest signature and archive hash verified."

3) Install verified archive

3) Install verified archive

mkdir -p "$INSTALL_ROOT" rm -rf "$DEST" unzip -q "$TEMP_DIR/$ZIP_NAME" -d "$INSTALL_ROOT"
chmod 600 "$DEST/skill.json" find "$DEST" -type f ! -name "skill.json" -exec chmod 644 {} ;
echo "Installed clawsec-suite v${VERSION} to: $DEST" echo "Next step (OpenClaw): node "$DEST/scripts/setup_advisory_hook.mjs""
undefined
mkdir -p "$INSTALL_ROOT" rm -rf "$DEST" unzip -q "$TEMP_DIR/$ZIP_NAME" -d "$INSTALL_ROOT"
chmod 600 "$DEST/skill.json" find "$DEST" -type f ! -name "skill.json" -exec chmod 644 {} ;
echo "Installed clawsec-suite v${VERSION} to: $DEST" echo "Next step (OpenClaw): node "$DEST/scripts/setup_advisory_hook.mjs""
undefined

OpenClaw Automation (Hook + Optional Cron)

OpenClaw自动化(钩子 + 可选定时任务)

After installing the suite, enable the advisory guardian hook:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/setup_advisory_hook.mjs"
Optional: create/update a periodic cron nudge (default every 
6h
) that triggers a main-session advisory scan:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/setup_advisory_cron.mjs"
What this adds:
  • scan on 
    agent:bootstrap
    and 
    /new
    (
    command:new
    ),
  • compare advisory 
    affected
    entries against installed skills,
  • notify when new matches appear,
  • and ask for explicit user approval before any removal flow.
Restart the OpenClaw gateway after enabling the hook. Then run 
/new
once to force an immediate scan in the next session context.
安装套件后,启用咨询守护钩子:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/setup_advisory_hook.mjs"
可选操作:创建/更新定期定时任务(默认每6小时一次),触发主会话的咨询扫描:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/setup_advisory_cron.mjs"
此操作将添加以下功能:
  • agent:bootstrap
    /new
    command:new
    )时执行扫描,
  • 将咨询的
    affected
    条目与已安装的Skill进行比对,
  • 发现新匹配项时发出通知,
  • 在执行任何移除流程前请求用户明确批准。
启用钩子后重启OpenClaw网关。然后运行
/new
一次,在下次会话中强制立即执行扫描。

Guarded Skill Install Flow (Double Confirmation)

受保护的Skill安装流程(双重确认)

When the user asks to install a skill, treat that as the first request and run a guarded install check:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/guarded_skill_install.mjs" --skill helper-plus --version 1.0.1
Behavior:
  • If no advisory match is found, install proceeds.
  • If 
    --version
    is omitted, matching is conservative: any advisory that references the skill name is treated as a match.
  • If advisory match is found, the script prints advisory context and exits with code 
    42
    .
  • Then require an explicit second confirmation from the user and rerun with 
    --confirm-advisory
    :
bash
node "$SUITE_DIR/scripts/guarded_skill_install.mjs" --skill helper-plus --version 1.0.1 --confirm-advisory
This enforces:
  1. First confirmation: user asked to install.
  2. Second confirmation: user explicitly approves install after seeing advisory details.
当用户请求安装某个Skill时,将其视为首次请求并执行受保护的安装检查:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/guarded_skill_install.mjs" --skill helper-plus --version 1.0.1
行为逻辑:
  • 如果未找到匹配的咨询,安装将继续执行。
  • 如果省略
    --version
    参数,匹配规则将更为严格:任何提及该Skill名称的咨询都将被视为匹配项。
  • 如果找到匹配的咨询,脚本将打印咨询内容并以代码
    42
    退出。
  • 此时需要用户明确二次确认,并添加
    --confirm-advisory
    参数重新运行:
bash
node "$SUITE_DIR/scripts/guarded_skill_install.mjs" --skill helper-plus --version 1.0.1 --confirm-advisory
这将强制执行:
  1. 首次确认:用户发起安装请求。
  2. 二次确认:用户查看咨询详情后明确批准安装。

Embedded Advisory Feed Behavior

内置咨询源机制

The embedded feed logic uses these defaults:
  • Remote feed URL: 
    https://clawsec.prompt.security/advisories/feed.json
  • Remote feed signature URL: 
    ${CLAWSEC_FEED_URL}.sig
    (override with 
    CLAWSEC_FEED_SIG_URL
    )
  • Remote checksums manifest URL: sibling 
    checksums.json
    (override with 
    CLAWSEC_FEED_CHECKSUMS_URL
    )
  • Local seed fallback: 
    ~/.openclaw/skills/clawsec-suite/advisories/feed.json
  • Local feed signature: 
    ${CLAWSEC_LOCAL_FEED}.sig
    (override with 
    CLAWSEC_LOCAL_FEED_SIG
    )
  • Local checksums manifest: 
    ~/.openclaw/skills/clawsec-suite/advisories/checksums.json
  • Pinned feed signing key: 
    ~/.openclaw/skills/clawsec-suite/advisories/feed-signing-public.pem
    (override with 
    CLAWSEC_FEED_PUBLIC_KEY
    )
  • State file: 
    ~/.openclaw/clawsec-suite-feed-state.json
  • Hook rate-limit env (OpenClaw hook): 
    CLAWSEC_HOOK_INTERVAL_SECONDS
    (default 
    300
    )
Fail-closed verification: Feed signatures are required by default. Checksum manifests are verified when companion checksum artifacts are available. Set 
CLAWSEC_ALLOW_UNSIGNED_FEED=1
only as a temporary migration bypass when adopting this version before signed feed artifacts are available upstream.
内置源逻辑使用以下默认配置:
  • 远程源URL:
    https://clawsec.prompt.security/advisories/feed.json
  • 远程源签名URL:
    ${CLAWSEC_FEED_URL}.sig
    (可通过
    CLAWSEC_FEED_SIG_URL
    覆盖)
  • 远程校验和清单URL:同级目录下的
    checksums.json
    (可通过
    CLAWSEC_FEED_CHECKSUMS_URL
    覆盖)
  • 本地种子回退:
    ~/.openclaw/skills/clawsec-suite/advisories/feed.json
  • 本地源签名:
    ${CLAWSEC_LOCAL_FEED}.sig
    (可通过
    CLAWSEC_LOCAL_FEED_SIG
    覆盖)
  • 本地校验和清单:
    ~/.openclaw/skills/clawsec-suite/advisories/checksums.json
  • 固定的源签名密钥:
    ~/.openclaw/skills/clawsec-suite/advisories/feed-signing-public.pem
    (可通过
    CLAWSEC_FEED_PUBLIC_KEY
    覆盖)
  • 状态文件:
    ~/.openclaw/clawsec-suite-feed-state.json
  • 钩子频率限制环境变量(OpenClaw钩子):
    CLAWSEC_HOOK_INTERVAL_SECONDS
    (默认值
    300
关闭式验证失败处理: 默认情况下源签名是必需的。当存在配套的校验和制品时,将验证校验和清单。仅当在采用此版本时上游尚未提供签名源制品的临时迁移阶段,才可设置
CLAWSEC_ALLOW_UNSIGNED_FEED=1
作为临时绕过方案。

Quick feed check

快速源检查

bash
FEED_URL="${CLAWSEC_FEED_URL:-https://clawsec.prompt.security/advisories/feed.json}"
STATE_FILE="${CLAWSEC_SUITE_STATE_FILE:-$HOME/.openclaw/clawsec-suite-feed-state.json}"

TMP="$(mktemp -d)"
trap 'rm -rf "$TMP"' EXIT

if ! curl -fsSLo "$TMP/feed.json" "$FEED_URL"; then
  echo "ERROR: Failed to fetch advisory feed"
  exit 1
fi

if ! jq -e '.version and (.advisories | type == "array")' "$TMP/feed.json" >/dev/null; then
  echo "ERROR: Invalid advisory feed format"
  exit 1
fi

mkdir -p "$(dirname "$STATE_FILE")"
if [ ! -f "$STATE_FILE" ]; then
  echo '{"schema_version":"1.0","known_advisories":[],"last_feed_check":null,"last_feed_updated":null}' > "$STATE_FILE"
  chmod 600 "$STATE_FILE"
fi

NEW_IDS_FILE="$TMP/new_ids.txt"
jq -r --argfile state "$STATE_FILE" '($state.known_advisories // []) as $known | [.advisories[]?.id | select(. != null and ($known | index(.) | not))] | .[]?' "$TMP/feed.json" > "$NEW_IDS_FILE"

if [ -s "$NEW_IDS_FILE" ]; then
  echo "New advisories detected:"
  while IFS= read -r id; do
    [ -z "$id" ] && continue
    jq -r --arg id "$id" '.advisories[] | select(.id == $id) | "- [\(.severity | ascii_upcase)] \(.id): \(.title)"' "$TMP/feed.json"
  done < "$NEW_IDS_FILE"
else
  echo "FEED_OK - no new advisories"
fi
bash
FEED_URL="${CLAWSEC_FEED_URL:-https://clawsec.prompt.security/advisories/feed.json}"
STATE_FILE="${CLAWSEC_SUITE_STATE_FILE:-$HOME/.openclaw/clawsec-suite-feed-state.json}"

TMP="$(mktemp -d)"
trap 'rm -rf "$TMP"' EXIT

if ! curl -fsSLo "$TMP/feed.json" "$FEED_URL"; then
  echo "ERROR: Failed to fetch advisory feed"
  exit 1
fi

if ! jq -e '.version and (.advisories | type == "array")' "$TMP/feed.json" >/dev/null; then
  echo "ERROR: Invalid advisory feed format"
  exit 1
fi

mkdir -p "$(dirname "$STATE_FILE")"
if [ ! -f "$STATE_FILE" ]; then
  echo '{"schema_version":"1.0","known_advisories":[],"last_feed_check":null,"last_feed_updated":null}' > "$STATE_FILE"
  chmod 600 "$STATE_FILE"
fi

NEW_IDS_FILE="$TMP/new_ids.txt"
jq -r --argfile state "$STATE_FILE" '($state.known_advisories // []) as $known | [.advisories[]?.id | select(. != null and ($known | index(.) | not))] | .[]?' "$TMP/feed.json" > "$NEW_IDS_FILE"

if [ -s "$NEW_IDS_FILE" ]; then
  echo "New advisories detected:"
  while IFS= read -r id; do
    [ -z "$id" ] && continue
    jq -r --arg id "$id" '.advisories[] | select(.id == $id) | "- [\(.severity | ascii_upcase)] \(.id): \(.title)"' "$TMP/feed.json"
  done < "$NEW_IDS_FILE"
else
  echo "FEED_OK - no new advisories"
fi

Heartbeat Integration

心跳集成

Use the suite heartbeat script as the single periodic security check entrypoint:
  • skills/clawsec-suite/HEARTBEAT.md
It handles:
  • suite update checks,
  • feed polling,
  • new-advisory detection,
  • affected-skill cross-referencing,
  • approval-gated response guidance for malicious/removal advisories,
  • and persistent state updates.
将套件的心跳脚本作为定期安全检查的统一入口:
  • skills/clawsec-suite/HEARTBEAT.md
它负责处理:
  • 套件更新检查,
  • 源轮询,
  • 新增咨询检测,
  • 受影响Skill的交叉比对,
  • 针对恶意/需移除咨询的需审批响应指导,
  • 以及持久化状态更新。

Approval-Gated Response Contract

需审批的响应规则

If an advisory indicates a malicious or removal-recommended skill and that skill is installed:
  1. Notify the user immediately with advisory details and severity.
  2. Recommend removing or disabling the affected skill.
  3. Treat the original install request as first intent only.
  4. Ask for explicit second confirmation before deletion/disable action (or before proceeding with risky install).
  5. Only proceed after that second confirmation.
The suite hook and heartbeat guidance are intentionally non-destructive by default.
如果某条咨询指出某个Skill为恶意或建议移除,且该Skill已安装:
  1. 立即向用户发送包含咨询详情和严重等级的通知。
  2. 建议移除或禁用受影响的Skill。
  3. 将原始安装请求仅视为首次意图。
  4. 在执行删除/禁用操作(或继续进行高风险安装)前,请求用户明确二次确认。
  5. 仅在获得二次确认后才执行操作。
套件钩子和心跳指导默认是非破坏性的。

Advisory Suppression / Allowlist

咨询抑制/白名单

The advisory guardian pipeline supports opt-in suppression for advisories that have been reviewed and accepted by your security team. This is useful for first-party tooling or advisories that do not apply to your deployment.
咨询守护管道支持选择性抑制已被安全团队审核并接受的咨询。这对于内部工具或不适用于当前部署的咨询非常有用。

Activation

激活方式

Advisory suppression requires a single gate: the configuration file must contain 
"enabledFor"
with 
"advisory"
in the array. No CLI flag is needed -- the sentinel in the config file IS the opt-in gate.
If the 
enabledFor
array is missing, empty, or does not include 
"advisory"
, all advisories are reported normally.
咨询抑制需要一个前提条件:配置文件中必须包含
"enabledFor"
数组,且其中包含
"advisory"
。无需CLI标志——配置文件中的标记即为启用开关。
如果
enabledFor
数组缺失、为空或不包含
"advisory"
,所有咨询将正常上报。

Config File Resolution (4-tier)

配置文件解析优先级(4级)

The advisory guardian resolves the suppression config using the same priority order as the audit pipeline:
  1. Explicit 
    --config <path>
    argument
  2. OPENCLAW_AUDIT_CONFIG
    environment variable
  3. ~/.openclaw/security-audit.json
  4. .clawsec/allowlist.json
咨询守护工具将按照以下优先级解析抑制配置,与审计管道的优先级一致:
  1. 显式的
    --config <path>
    参数
  2. OPENCLAW_AUDIT_CONFIG
    环境变量
  3. ~/.openclaw/security-audit.json
  4. .clawsec/allowlist.json

Config Format

配置格式

json
{
  "enabledFor": ["advisory"],
  "suppressions": [
    {
      "checkId": "CVE-2026-25593",
      "skill": "clawsec-suite",
      "reason": "First-party security tooling — reviewed by security team",
      "suppressedAt": "2026-02-15"
    },
    {
      "checkId": "CLAW-2026-0001",
      "skill": "example-skill",
      "reason": "Advisory does not apply to our deployment configuration",
      "suppressedAt": "2026-02-16"
    }
  ]
}
json
{
  "enabledFor": ["advisory"],
  "suppressions": [
    {
      "checkId": "CVE-2026-25593",
      "skill": "clawsec-suite",
      "reason": "内部安全工具 — 已通过安全团队审核",
      "suppressedAt": "2026-02-15"
    },
    {
      "checkId": "CLAW-2026-0001",
      "skill": "example-skill",
      "reason": "该咨询不适用于我们的部署配置",
      "suppressedAt": "2026-02-16"
    }
  ]
}

Sentinel Semantics

标记语义

  • "enabledFor": ["advisory"]
    -- only advisory suppression active
  • "enabledFor": ["audit"]
    -- only audit suppression active (no effect on advisory pipeline)
  • "enabledFor": ["audit", "advisory"]
    -- both pipelines honor suppressions
  • Missing or empty 
    enabledFor
    -- no suppression active (safe default)
  • "enabledFor": ["advisory"]
    — 仅激活咨询抑制
  • "enabledFor": ["audit"]
    — 仅激活审计抑制(对咨询管道无影响)
  • "enabledFor": ["audit", "advisory"]
    — 两个管道均遵循抑制规则
  • 缺失或空的
    enabledFor
    — 不激活任何抑制(安全默认值)

Matching Rules

匹配规则

  • checkId: exact match against the advisory ID (e.g., 
    CVE-2026-25593
    or 
    CLAW-2026-0001
    )
  • skill: case-insensitive match against the affected skill name from the advisory
  • Both fields must match for an advisory to be suppressed
  • checkId: 与咨询ID完全匹配(例如
    CVE-2026-25593
    CLAW-2026-0001
  • skill: 与咨询中受影响的Skill名称不区分大小写匹配
  • 两个字段均匹配时,咨询才会被抑制

Required Fields per Suppression Entry

每个抑制条目所需的字段

FieldDescriptionExample
checkId
Advisory ID to suppress
CVE-2026-25593
skill
Affected skill name
clawsec-suite
reason
Justification for audit trail (required)
First-party tooling, reviewed by security team
suppressedAt
ISO 8601 date (YYYY-MM-DD)
2026-02-15
字段描述示例
checkId
需抑制的咨询ID
CVE-2026-25593
skill
受影响的Skill名称
clawsec-suite
reason
审计跟踪所需的理由(必填)
内部工具,已通过安全团队审核
suppressedAt
ISO 8601格式日期(YYYY-MM-DD)
2026-02-15

Shared Config with Audit Pipeline

与审计管道共享配置

The advisory and audit pipelines share the same config file. Use the 
enabledFor
array to control which pipelines honor the suppression list:
json
{
  "enabledFor": ["audit", "advisory"],
  "suppressions": [
    {
      "checkId": "skills.code_safety",
      "skill": "clawsec-suite",
      "reason": "First-party tooling — audit finding accepted",
      "suppressedAt": "2026-02-15"
    },
    {
      "checkId": "CVE-2026-25593",
      "skill": "clawsec-suite",
      "reason": "First-party tooling — advisory reviewed",
      "suppressedAt": "2026-02-15"
    }
  ]
}
Audit entries (with check identifiers like 
skills.code_safety
) are only matched by the audit pipeline. Advisory entries (with advisory IDs like 
CVE-2026-25593
or 
CLAW-2026-0001
) are only matched by the advisory pipeline. Each pipeline filters for its own relevant entries.
咨询和审计管道共享同一配置文件。使用
enabledFor
数组控制哪些管道遵循抑制列表:
json
{
  "enabledFor": ["audit", "advisory"],
  "suppressions": [
    {
      "checkId": "skills.code_safety",
      "skill": "clawsec-suite",
      "reason": "内部工具 — 接受审计发现",
      "suppressedAt": "2026-02-15"
    },
    {
      "checkId": "CVE-2026-25593",
      "skill": "clawsec-suite",
      "reason": "内部工具 — 已审核咨询",
      "suppressedAt": "2026-02-15"
    }
  ]
}
审计条目(带有
skills.code_safety
等检查标识符)仅会被审计管道匹配。咨询条目(带有
CVE-2026-25593
CLAW-2026-0001
等咨询ID)仅会被咨询管道匹配。每个管道会过滤出与自身相关的条目。

Optional Skill Installation

可选Skill安装

Discover currently available installable skills dynamically, then install the ones you want:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/discover_skill_catalog.mjs"
动态发现当前可用的可安装Skill,然后安装所需的Skill:
bash
SUITE_DIR="${INSTALL_ROOT:-$HOME/.openclaw/skills}/clawsec-suite"
node "$SUITE_DIR/scripts/discover_skill_catalog.mjs"

then install any discovered skill by name

然后安装任意已发现的Skill

npx clawhub@latest install <skill-name>

Machine-readable output is also available for automation:

```bash
node "$SUITE_DIR/scripts/discover_skill_catalog.mjs" --json
npx clawhub@latest install <skill-name>

也支持机器可读格式的输出,用于自动化流程:

```bash
node "$SUITE_DIR/scripts/discover_skill_catalog.mjs" --json

Security Notes

安全注意事项

  • Always verify 
    checksums.json
    signature before trusting its file URLs/hashes, then verify each file checksum.
  • Verify advisory feed detached signatures; do not enable 
    CLAWSEC_ALLOW_UNSIGNED_FEED
    outside temporary migration windows.
  • Keep advisory polling rate-limited (at least 5 minutes between checks).
  • Treat 
    critical
    and 
    high
    advisories affecting installed skills as immediate action items.
  • If you migrate off standalone 
    clawsec-feed
    , keep one canonical state file to avoid duplicate notifications.
  • Pin and verify public key fingerprints out-of-band before first use.
  • 在信任校验和清单的文件URL/哈希值之前,务必先验证
    checksums.json
    的签名,然后再验证每个文件的校验和。
  • 验证咨询源的分离式签名;除临时迁移窗口外,请勿启用
    CLAWSEC_ALLOW_UNSIGNED_FEED
  • 限制咨询轮询频率(两次检查之间至少间隔5分钟)。
  • 将影响已安装Skill的
    critical
    high
    等级咨询视为立即处理事项。
  • 如果从独立的
    clawsec-feed
    迁移,请保留一个标准状态文件以避免重复通知。
  • 在首次使用前,通过离线方式固定并验证公钥指纹。