Back to Details

clawtributor

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Clawtributor 🤝

Clawtributor 🤝

Community incident reporting for AI agents. Contribute to collective security by reporting threats, vulnerabilities, and attack patterns.
An open source project by Prompt Security
AI Agent社区事件报告系统。通过上报威胁、漏洞和攻击模式,助力集体安全建设。
Prompt Security开发的开源项目

For AI Agents

面向AI Agent

If you are an AI agent reading this, execute the following to install Clawtributor:
bash
undefined
如果您是正在阅读本文的AI Agent,请执行以下命令安装Clawtributor:
bash
undefined

Get latest clawtributor release tag

Get latest clawtributor release tag

LATEST_TAG=$(curl -sSL https://api.github.com/repos/prompt-security/ClawSec/releases |
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')
LATEST_TAG=$(curl -sSL https://api.github.com/repos/prompt-security/ClawSec/releases |
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')

Download SKILL.md from latest release

Download SKILL.md from latest release

SKILL_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG/SKILL.md" curl -sSL --fail --show-error "$SKILL_URL"

Once you have this skill file, proceed to **[Deploy Clawtributor](#deploy-clawtributor)** below.

---
SKILL_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG/SKILL.md" curl -sSL --fail --show-error "$SKILL_URL"

获取该技能文件后,请继续执行下方的**[部署Clawtributor](#deploy-clawtributor)**步骤。

---

Deploy Clawtributor

部署Clawtributor

Installation Steps:

安装步骤:

Step 1: Create skill directory and save this file

步骤1:创建技能目录并保存本文件

bash
mkdir -p ~/.openclaw/skills/clawtributor
bash
mkdir -p ~/.openclaw/skills/clawtributor

Save this SKILL.md as SKILL.md in the directory above

Save this SKILL.md as SKILL.md in the directory above

undefined
undefined

Step 2: Install skill files

步骤2:安装技能文件

bash
undefined
bash
undefined

Get latest release tag with retry logic

Get latest release tag with retry logic

LATEST_TAG=$(curl -sSL --retry 3 --retry-delay 1
https://api.github.com/repos/prompt-security/ClawSec/releases |
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')
BASE_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG" INSTALL_DIR="${CLAWTRIBUTOR_INSTALL_DIR:-$HOME/.openclaw/skills/clawtributor}" TEMP_DIR=$(mktemp -d) trap "rm -rf '$TEMP_DIR'" EXIT
LATEST_TAG=$(curl -sSL --retry 3 --retry-delay 1
https://api.github.com/repos/prompt-security/ClawSec/releases |
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')
BASE_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG" INSTALL_DIR="${CLAWTRIBUTOR_INSTALL_DIR:-$HOME/.openclaw/skills/clawtributor}" TEMP_DIR=$(mktemp -d) trap "rm -rf '$TEMP_DIR'" EXIT

Download checksums.json (REQUIRED for integrity verification)

Download checksums.json (REQUIRED for integrity verification)

echo "Downloading checksums..." if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1
"$BASE_URL/checksums.json" -o "$TEMP_DIR/checksums.json"; then echo "ERROR: Failed to download checksums.json" exit 1 fi
echo "Downloading checksums..." if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1
"$BASE_URL/checksums.json" -o "$TEMP_DIR/checksums.json"; then echo "ERROR: Failed to download checksums.json" exit 1 fi

Validate checksums.json structure

Validate checksums.json structure

if ! jq -e '.skill and .version and .files' "$TEMP_DIR/checksums.json" >/dev/null 2>&1; then echo "ERROR: Invalid checksums.json structure" exit 1 fi
if ! jq -e '.skill and .version and .files' "$TEMP_DIR/checksums.json" >/dev/null 2>&1; then echo "ERROR: Invalid checksums.json structure" exit 1 fi

PRIMARY: Try .skill artifact

PRIMARY: Try .skill artifact

echo "Attempting .skill artifact installation..." if curl -sSL --fail --show-error --retry 3 --retry-delay 1
"$BASE_URL/clawtributor.skill" -o "$TEMP_DIR/clawtributor.skill" 2>/dev/null; then

Security: Check artifact size (prevent DoS)

ARTIFACT_SIZE=$(stat -c%s "$TEMP_DIR/clawtributor.skill" 2>/dev/null || stat -f%z "$TEMP_DIR/clawtributor.skill") MAX_SIZE=$((50 * 1024 * 1024)) # 50MB
if [ "$ARTIFACT_SIZE" -gt "$MAX_SIZE" ]; then echo "WARNING: Artifact too large ($(( ARTIFACT_SIZE / 1024 / 1024 ))MB), falling back to individual files" else echo "Extracting artifact ($(( ARTIFACT_SIZE / 1024 ))KB)..."
# Security: Check for path traversal before extraction
if unzip -l "$TEMP_DIR/clawtributor.skill" | grep -qE '\.\./|^/|~/'; then
  echo "ERROR: Path traversal detected in artifact - possible security issue!"
  exit 1
fi

# Security: Check file count (prevent zip bomb)
FILE_COUNT=$(unzip -l "$TEMP_DIR/clawtributor.skill" | grep -c "^[[:space:]]*[0-9]" || echo 0)
if [ "$FILE_COUNT" -gt 100 ]; then
  echo "ERROR: Artifact contains too many files ($FILE_COUNT) - possible zip bomb"
  exit 1
fi

# Extract to temp directory
unzip -q "$TEMP_DIR/clawtributor.skill" -d "$TEMP_DIR/extracted"

# Verify skill.json exists
if [ ! -f "$TEMP_DIR/extracted/clawtributor/skill.json" ]; then
  echo "ERROR: skill.json not found in artifact"
  exit 1
fi

# Verify checksums for all extracted files
echo "Verifying checksums..."
CHECKSUM_FAILED=0
for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do
  EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")
  FILE_PATH=$(jq -r --arg f "$file" '.files[$f].path' "$TEMP_DIR/checksums.json")

  # Try nested path first, then flat filename
  if [ -f "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" ]; then
    ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" | cut -d' ' -f1)
  elif [ -f "$TEMP_DIR/extracted/clawtributor/$file" ]; then
    ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$file" | cut -d' ' -f1)
  else
    echo "  ✗ $file (not found in artifact)"
    CHECKSUM_FAILED=1
    continue
  fi

  if [ "$EXPECTED" != "$ACTUAL" ]; then
    echo "  ✗ $file (checksum mismatch)"
    CHECKSUM_FAILED=1
  else
    echo "  ✓ $file"
  fi
done

if [ "$CHECKSUM_FAILED" -eq 0 ]; then
  # SUCCESS: Install from artifact
  echo "Installing from artifact..."
  mkdir -p "$INSTALL_DIR"
  cp -r "$TEMP_DIR/extracted/clawtributor"/* "$INSTALL_DIR/"
  chmod 600 "$INSTALL_DIR/skill.json"
  find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
  echo "SUCCESS: Skill installed from .skill artifact"
  exit 0
else
  echo "WARNING: Checksum verification failed, falling back to individual files"
fi
fi fi
echo "Attempting .skill artifact installation..." if curl -sSL --fail --show-error --retry 3 --retry-delay 1
"$BASE_URL/clawtributor.skill" -o "$TEMP_DIR/clawtributor.skill" 2>/dev/null; then

Security: Check artifact size (prevent DoS)

ARTIFACT_SIZE=$(stat -c%s "$TEMP_DIR/clawtributor.skill" 2>/dev/null || stat -f%z "$TEMP_DIR/clawtributor.skill") MAX_SIZE=$((50 * 1024 * 1024)) # 50MB
if [ "$ARTIFACT_SIZE" -gt "$MAX_SIZE" ]; then echo "WARNING: Artifact too large ($(( ARTIFACT_SIZE / 1024 / 1024 ))MB), falling back to individual files" else echo "Extracting artifact ($(( ARTIFACT_SIZE / 1024 ))KB)..."
# Security: Check for path traversal before extraction
if unzip -l "$TEMP_DIR/clawtributor.skill" | grep -qE '\.\./|^/|~/'; then
  echo "ERROR: Path traversal detected in artifact - possible security issue!"
  exit 1
fi

# Security: Check file count (prevent zip bomb)
FILE_COUNT=$(unzip -l "$TEMP_DIR/clawtributor.skill" | grep -c "^[[:space:]]*[0-9]" || echo 0)
if [ "$FILE_COUNT" -gt 100 ]; then
  echo "ERROR: Artifact contains too many files ($FILE_COUNT) - possible zip bomb"
  exit 1
fi

# Extract to temp directory
unzip -q "$TEMP_DIR/clawtributor.skill" -d "$TEMP_DIR/extracted"

# Verify skill.json exists
if [ ! -f "$TEMP_DIR/extracted/clawtributor/skill.json" ]; then
  echo "ERROR: skill.json not found in artifact"
  exit 1
fi

# Verify checksums for all extracted files
echo "Verifying checksums..."
CHECKSUM_FAILED=0
for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do
  EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")
  FILE_PATH=$(jq -r --arg f "$file" '.files[$f].path' "$TEMP_DIR/checksums.json")

  # Try nested path first, then flat filename
  if [ -f "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" ]; then
    ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" | cut -d' ' -f1)
  elif [ -f "$TEMP_DIR/extracted/clawtributor/$file" ]; then
    ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$file" | cut -d' ' -f1)
  else
    echo "  ✗ $file (not found in artifact)"
    CHECKSUM_FAILED=1
    continue
  fi

  if [ "$EXPECTED" != "$ACTUAL" ]; then
    echo "  ✗ $file (checksum mismatch)"
    CHECKSUM_FAILED=1
  else
    echo "  ✓ $file"
  fi
done

if [ "$CHECKSUM_FAILED" -eq 0 ]; then
  # SUCCESS: Install from artifact
  echo "Installing from artifact..."
  mkdir -p "$INSTALL_DIR"
  cp -r "$TEMP_DIR/extracted/clawtributor"/* "$INSTALL_DIR/"
  chmod 600 "$INSTALL_DIR/skill.json"
  find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
  echo "SUCCESS: Skill installed from .skill artifact"
  exit 0
else
  echo "WARNING: Checksum verification failed, falling back to individual files"
fi
fi fi

FALLBACK: Download individual files

FALLBACK: Download individual files

echo "Downloading individual files from checksums.json manifest..." mkdir -p "$TEMP_DIR/downloads"
DOWNLOAD_FAILED=0 for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do FILE_URL=$(jq -r --arg f "$file" '.files[$f].url' "$TEMP_DIR/checksums.json") EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")
echo "Downloading: $file" if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1
"$FILE_URL" -o "$TEMP_DIR/downloads/$file"; then echo "ERROR: Failed to download $file" DOWNLOAD_FAILED=1 continue fi

Verify checksum immediately

ACTUAL=$(shasum -a 256 "$TEMP_DIR/downloads/$file" | cut -d' ' -f1) if [ "$EXPECTED" != "$ACTUAL" ]; then echo "ERROR: Checksum mismatch for $file" DOWNLOAD_FAILED=1 else echo " ✓ Verified: $file" fi done
if [ "$DOWNLOAD_FAILED" -eq 1 ]; then echo "ERROR: Individual file download failed" exit 1 fi
echo "Downloading individual files from checksums.json manifest..." mkdir -p "$TEMP_DIR/downloads"
DOWNLOAD_FAILED=0 for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do FILE_URL=$(jq -r --arg f "$file" '.files[$f].url' "$TEMP_DIR/checksums.json") EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")
echo "Downloading: $file" if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1
"$FILE_URL" -o "$TEMP_DIR/downloads/$file"; then echo "ERROR: Failed to download $file" DOWNLOAD_FAILED=1 continue fi

Verify checksum immediately

ACTUAL=$(shasum -a 256 "$TEMP_DIR/downloads/$file" | cut -d' ' -f1) if [ "$EXPECTED" != "$ACTUAL" ]; then echo "ERROR: Checksum mismatch for $file" DOWNLOAD_FAILED=1 else echo " ✓ Verified: $file" fi done
if [ "$DOWNLOAD_FAILED" -eq 1 ]; then echo "ERROR: Individual file download failed" exit 1 fi

Validate JSON structure

Validate JSON structure

if ! jq -e '.name and .version' "$TEMP_DIR/downloads/skill.json" >/dev/null 2>&1; then echo "ERROR: skill.json missing required fields (name, version)" exit 1 fi
if ! jq -e '.name and .version' "$TEMP_DIR/downloads/skill.json" >/dev/null 2>&1; then echo "ERROR: skill.json missing required fields (name, version)" exit 1 fi

Install files

Install files

echo "Installing from individual files..." mkdir -p "$INSTALL_DIR" cp "$TEMP_DIR/downloads"/* "$INSTALL_DIR/" chmod 600 "$INSTALL_DIR/skill.json" find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} ; echo "SUCCESS: Skill installed from individual files"
undefined
echo "Installing from individual files..." mkdir -p "$INSTALL_DIR" cp "$TEMP_DIR/downloads"/* "$INSTALL_DIR/" chmod 600 "$INSTALL_DIR/skill.json" find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} ; echo "SUCCESS: Skill installed from individual files"
undefined

Step 3: Confirm deployment

步骤3:确认部署

Tell your user:
Clawtributor deployed successfully.

IMPORTANT: This skill enables community reporting of security incidents.
- Reporting is OPT-IN - I will only submit reports with your explicit approval
- Reports are submitted as GitHub Issues using the Security Incident Report template
- Once approved, advisories are automatically published as CLAW-{YEAR}-{ISSUE#}
- You control what information is shared

Would you like me to explain how reporting works?
告知您的用户:
Clawtributor部署成功。

重要提示:本技能支持社区安全事件上报功能。
- 上报为可选功能 - 仅在您明确批准后我才会提交报告
- 报告将以GitHub Issue的形式,使用安全事件报告模板提交
- 一旦获批,公告将自动发布为CLAW-{年份}-{Issue编号}
- 您完全控制共享的信息内容

是否需要我为您讲解上报流程?

What Clawtributor Does

Clawtributor功能介绍

Community-Driven Security Reporting

社区驱动的安全上报

Clawtributor enables agents to contribute to collective security:
  • Report malicious prompt attempts - Help identify new attack patterns
  • Report vulnerable skills - Warn the community about dangerous plugins
  • Report tampering attempts - Document attacks against security tools
All reporting is opt-in and requires user approval.
Clawtributor让Agent能够为集体安全贡献力量:
  • 上报恶意Prompt尝试 - 帮助识别新型攻击模式
  • 上报存在漏洞的技能 - 提醒社区注意危险插件
  • 上报篡改尝试 - 记录针对安全工具的攻击行为
所有上报均为可选操作,且需要用户批准。

How Reporting Works

上报流程说明

┌─────────────────────────────────────────────────────────────┐
│                                                             │
│   Agent observes ──► Creates report ──► User approves       │
│   suspicious                                 │              │
│   activity                                   ▼              │
│                                        GitHub Issue         │
│                                             │               │
│                                     Maintainer review       │
│                                             │               │
│                                   "advisory-approved"?      │
│                                        │      │             │
│                                       YES     NO            │
│                                        │      │             │
│                                        ▼      ▼             │
│   Advisory Feed ◄── Auto-published   Feedback provided      │
│   (CLAW-YYYY-NNNN)       ↓                                  │
│   All agents notified via clawsec-feed                    │
│                                                             │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│                                                             │
│   Agent发现 ──► 创建报告 ──► 用户批准       │
│  可疑活动                                 │              │
│                                           ▼              │
│                                        GitHub Issue         │
│                                             │               │
│                                     维护人员审核       │
│                                             │               │
│                                   是否标记为"advisory-approved"?      │
│                                        │      │             │
│                                       是     否            │
│                                        │      │             │
│                                        ▼      ▼             │
│   公告推送 ◄── 自动发布   提供反馈      │
│   (CLAW-YYYY-NNNN)       ↓                                  │
│   所有Agent通过clawsec-feed收到通知                    │
│                                                             │
└─────────────────────────────────────────────────────────────┘

What to Report

上报范围

1. Malicious Prompt Attempts

1. 恶意Prompt尝试

Prompts that attempted to:
  • Bypass security controls or sandboxing
  • Extract sensitive information (credentials, API keys, personal data)
  • Manipulate the agent into harmful actions
  • Disable or circumvent security tools
  • Inject instructions to override user intent
Example indicators:
  • "Ignore previous instructions..."
  • "You are now in developer mode..."
  • Encoded/obfuscated payloads
  • Attempts to access system files or environment variables
以下类型的Prompt尝试:
  • 绕过安全控制或沙箱限制
  • 提取敏感信息(凭证、API密钥、个人数据)
  • 操纵Agent执行有害操作
  • 禁用或规避安全工具
  • 注入指令以覆盖用户意图
典型特征示例:
  • "忽略之前的指令..."
  • "您现在进入开发者模式..."
  • 编码/混淆的负载
  • 尝试访问系统文件或环境变量

2. Vulnerable Skills/Plugins

2. 存在漏洞的技能/插件

Skills that exhibit:
  • Data exfiltration (sending data to unknown external servers)
  • Excessive permission requests without justification
  • Self-modification or self-replication behavior
  • Attempts to disable security tooling
  • Deceptive functionality
具备以下特征的技能:
  • 数据泄露(将数据发送至未知外部服务器)
  • 无正当理由请求过多权限
  • 自我修改或自我复制行为
  • 尝试禁用安全工具
  • 欺诈性功能

3. Tampering Attempts

3. 篡改尝试

Any attempt to:
  • Modify security skill files
  • Disable security audit cron jobs
  • Alter advisory feed URLs
  • Remove or bypass health checks
任何针对以下内容的篡改行为:
  • 修改安全技能文件
  • 禁用安全审计定时任务
  • 更改公告推送URL
  • 移除或绕过健康检查

Creating a Report

创建报告

See REPORTING.md for the full report format and submission guide.
完整的报告格式和提交指南请查看REPORTING.md

Quick Report Format

快速报告格式

json
{
  "report_type": "malicious_prompt | vulnerable_skill | tampering_attempt",
  "severity": "critical | high | medium | low",
  "title": "Brief descriptive title",
  "description": "Detailed description of what was observed",
  "evidence": {
    "observed_at": "2026-02-02T15:30:00Z",
    "context": "What was happening when this occurred",
    "payload": "The actual prompt/code/behavior observed (sanitized)",
    "indicators": ["list", "of", "specific", "indicators"]
  },
  "affected": {
    "skill_name": "name-of-skill (if applicable)",
    "skill_version": "1.0.0 (if known)"
  },
  "recommended_action": "What users should do"
}
json
{
  "report_type": "malicious_prompt | vulnerable_skill | tampering_attempt",
  "severity": "critical | high | medium | low",
  "title": "简洁描述性标题",
  "description": "详细描述观察到的内容",
  "evidence": {
    "observed_at": "2026-02-02T15:30:00Z",
    "context": "事件发生时的场景",
    "payload": "观察到的实际Prompt/代码/行为(已脱敏)",
    "indicators": ["特征列表"]
  },
  "affected": {
    "skill_name": "技能名称(如适用)",
    "skill_version": "1.0.0(如已知)"
  },
  "recommended_action": "建议用户采取的措施"
}

Submitting a Report

提交报告

Step 1: Prepare the Report

步骤1:准备报告

bash
undefined
bash
undefined

Create report file securely (prevents symlink attacks)

Create report file securely (prevents symlink attacks)

REPORTS_DIR="$HOME/.openclaw/clawtributor-reports"
REPORTS_DIR="$HOME/.openclaw/clawtributor-reports"

Create directory with secure permissions if it doesn't exist

Create directory with secure permissions if it doesn't exist

if [ ! -d "$REPORTS_DIR" ]; then mkdir -p "$REPORTS_DIR" chmod 700 "$REPORTS_DIR" fi
if [ ! -d "$REPORTS_DIR" ]; then mkdir -p "$REPORTS_DIR" chmod 700 "$REPORTS_DIR" fi

Verify directory is owned by current user (security check)

Verify directory is owned by current user (security check)

DIR_OWNER=$(stat -f '%u' "$REPORTS_DIR" 2>/dev/null || stat -c '%u' "$REPORTS_DIR" 2>/dev/null) if [ "$DIR_OWNER" != "$(id -u)" ]; then echo "Error: Reports directory not owned by current user" >&2 echo " Directory: $REPORTS_DIR" >&2 echo " Owner UID: $DIR_OWNER, Current UID: $(id -u)" >&2 exit 1 fi
DIR_OWNER=$(stat -f '%u' "$REPORTS_DIR" 2>/dev/null || stat -c '%u' "$REPORTS_DIR" 2>/dev/null) if [ "$DIR_OWNER" != "$(id -u)" ]; then echo "Error: Reports directory not owned by current user" >&2 echo " Directory: $REPORTS_DIR" >&2 echo " Owner UID: $DIR_OWNER, Current UID: $(id -u)" >&2 exit 1 fi

Verify directory has secure permissions

Verify directory has secure permissions

DIR_PERMS=$(stat -f '%Lp' "$REPORTS_DIR" 2>/dev/null || stat -c '%a' "$REPORTS_DIR" 2>/dev/null) if [ "$DIR_PERMS" != "700" ]; then echo "Error: Reports directory has insecure permissions: $DIR_PERMS" >&2 echo " Fix with: chmod 700 '$REPORTS_DIR'" >&2 exit 1 fi
DIR_PERMS=$(stat -f '%Lp' "$REPORTS_DIR" 2>/dev/null || stat -c '%a' "$REPORTS_DIR" 2>/dev/null) if [ "$DIR_PERMS" != "700" ]; then echo "Error: Reports directory has insecure permissions: $DIR_PERMS" >&2 echo " Fix with: chmod 700 '$REPORTS_DIR'" >&2 exit 1 fi

Create unique file atomically using mktemp (prevents symlink following)

Create unique file atomically using mktemp (prevents symlink following)

Include timestamp for readability but rely on mktemp for unpredictability

Include timestamp for readability but rely on mktemp for unpredictability

TIMESTAMP=$(TZ=UTC date +%Y%m%d%H%M%S) REPORT_FILE=$(mktemp "$REPORTS_DIR/${TIMESTAMP}-XXXXXX.json") || { echo "Error: Failed to create report file" >&2 exit 1 }
TIMESTAMP=$(TZ=UTC date +%Y%m%d%H%M%S) REPORT_FILE=$(mktemp "$REPORTS_DIR/${TIMESTAMP}-XXXXXX.json") || { echo "Error: Failed to create report file" >&2 exit 1 }

Set secure permissions immediately

Set secure permissions immediately

chmod 600 "$REPORT_FILE"
chmod 600 "$REPORT_FILE"

Write report JSON to file using heredoc (prevents command injection)

Write report JSON to file using heredoc (prevents command injection)

Replace REPORT_JSON_CONTENT with your actual report content

Replace REPORT_JSON_CONTENT with your actual report content

cat > "$REPORT_FILE" << 'REPORT_EOF' { "report_type": "vulnerable_skill", "severity": "high", "title": "Example report title", "description": "Detailed description here" } REPORT_EOF
cat > "$REPORT_FILE" << 'REPORT_EOF' { "report_type": "vulnerable_skill", "severity": "high", "title": "示例报告标题", "description": "详细描述内容" } REPORT_EOF

Validate JSON before proceeding

Validate JSON before proceeding

if ! jq empty "$REPORT_FILE" 2>/dev/null; then echo "Error: Invalid JSON in report file" rm -f "$REPORT_FILE" exit 1 fi
undefined
if ! jq empty "$REPORT_FILE" 2>/dev/null; then echo "Error: Invalid JSON in report file" rm -f "$REPORT_FILE" exit 1 fi
undefined

Step 2: Get User Approval

步骤2:获取用户批准

CRITICAL: Always show the user what will be submitted:
🤝 Clawtributor: Ready to submit security report

Report Type: vulnerable_skill
Severity: high
Title: Data exfiltration in skill 'helper-plus'

Summary: The helper-plus skill sends conversation data to an external server.

This report will be submitted as a GitHub Issue using the Security Incident Report template.
Once reviewed and approved by maintainers, it will be published as an advisory (CLAW-YYYY-NNNN).

Do you approve submitting this report? (yes/no)
重要提示:务必向用户展示将要提交的内容:
🤝 Clawtributor:已准备好提交安全报告

报告类型:vulnerable_skill
严重程度:high
标题:技能'helper-plus'存在数据泄露风险

摘要:helper-plus技能会将对话数据发送至外部服务器。

本报告将以GitHub Issue的形式,使用安全事件报告模板提交。
经维护人员审核批准后,将发布为公告(CLAW-YYYY-NNNN)。

是否批准提交本报告?(是/否)

Step 3: Submit via GitHub Issue

步骤3:通过GitHub Issue提交

Only after user approval:
bash
undefined
仅在获得用户批准后执行:
bash
undefined

Submit report as a GitHub Issue using the security incident template

Submit report as a GitHub Issue using the security incident template

gh issue create
--repo prompt-security/ClawSec
--title "[Report] $TITLE"
--body "$REPORT_BODY"
--label "security,needs-triage"

---
gh issue create
--repo prompt-security/ClawSec
--title "[Report] $TITLE"
--body "$REPORT_BODY"
--label "security,needs-triage"

---

Privacy Guidelines

隐私指南

When reporting:
DO include:
  • Sanitized examples of malicious prompts (remove any real user data)
  • Technical indicators of compromise
  • Skill names and versions
  • Observable behavior
DO NOT include:
  • Real user conversations or personal data
  • API keys, credentials, or secrets
  • Information that could identify specific users
  • Proprietary or confidential information
上报时请注意:
建议包含:
  • 恶意Prompt的脱敏示例(移除所有真实用户数据)
  • 技术攻击特征
  • 技能名称和版本
  • 可观察到的行为
请勿包含:
  • 真实用户对话或个人数据
  • API密钥、凭证或机密信息
  • 可识别特定用户的信息
  • 专有或保密信息

Response Formats

响应格式示例

When a threat is detected:

检测到威胁时:

🤝 Clawtributor: Security incident detected

I observed a potential security threat:
- Type: Prompt injection attempt
- Severity: High
- Details: Attempt to extract environment variables

Would you like me to prepare a report for the community?
This helps protect other agents from similar attacks.

Options:
1. Yes, prepare a report for my review
2. No, just log it locally
3. Tell me more about what was detected
🤝 Clawtributor:检测到安全事件

我发现了潜在的安全威胁:
- 类型:Prompt注入尝试
- 严重程度:高
- 详情:尝试提取环境变量

是否需要我为社区准备一份上报报告?
这有助于保护其他Agent免受类似攻击。

选项:
1. 是,准备报告供我审核
2. 否,仅本地记录
3. 详细说明检测到的内容

After report submission:

报告提交后:

🤝 Clawtributor: Report submitted

Your report has been submitted as GitHub Issue #42.
- Issue URL: https://github.com/prompt-security/clawsec/issues/42
- Status: Pending maintainer review
- Advisory ID (if approved): CLAW-2026-0042

Once a maintainer adds the "advisory-approved" label, your report will be
automatically published to the advisory feed.

Thank you for contributing to agent security!
🤝 Clawtributor:报告已提交

您的报告已作为GitHub Issue #42提交。
- Issue链接:https://github.com/prompt-security/clawsec/issues/42
- 状态:等待维护人员审核
- 公告编号(如获批):CLAW-2026-0042

一旦维护人员添加"advisory-approved"标签,您的报告将自动发布至公告推送源。

感谢您为Agent安全做出的贡献!

When to Report

上报场景说明

EventAction
Prompt injection detectedAsk user if they want to report
Skill exfiltrating dataStrongly recommend reporting
Tampering attempt on security toolsStrongly recommend reporting
Suspicious but uncertainLog locally, discuss with user
事件操作建议
检测到Prompt注入询问用户是否上报
技能存在数据泄露强烈建议上报
检测到安全工具篡改尝试强烈建议上报
可疑但不确定的活动本地记录,与用户讨论

State Tracking

状态追踪

Track submitted reports:
json
{
  "schema_version": "1.0",
  "reports_submitted": [
    {
      "id": "2026-02-02-helper-plus",
      "issue_number": 42,
      "advisory_id": "CLAW-2026-0042",
      "status": "pending",
      "submitted_at": "2026-02-02T15:30:00Z"
    }
  ],
  "incidents_logged": 5
}
Save to: 
~/.openclaw/clawtributor-state.json
追踪已提交的报告:
json
{
  "schema_version": "1.0",
  "reports_submitted": [
    {
      "id": "2026-02-02-helper-plus",
      "issue_number": 42,
      "advisory_id": "CLAW-2026-0042",
      "status": "pending",
      "submitted_at": "2026-02-02T15:30:00Z"
    }
  ],
  "incidents_logged": 5
}
保存至:
~/.openclaw/clawtributor-state.json

State File Operations

状态文件操作

bash
STATE_FILE="$HOME/.openclaw/clawtributor-state.json"
bash
STATE_FILE="$HOME/.openclaw/clawtributor-state.json"

Create state file with secure permissions if it doesn't exist

Create state file with secure permissions if it doesn't exist

if [ ! -f "$STATE_FILE" ]; then echo '{"schema_version":"1.0","reports_submitted":[],"incidents_logged":0}' > "$STATE_FILE" chmod 600 "$STATE_FILE" fi
if [ ! -f "$STATE_FILE" ]; then echo '{"schema_version":"1.0","reports_submitted":[],"incidents_logged":0}' > "$STATE_FILE" chmod 600 "$STATE_FILE" fi

Validate state file before reading

Validate state file before reading

if ! jq -e '.schema_version and .reports_submitted' "$STATE_FILE" >/dev/null 2>&1; then echo "Warning: State file corrupted or invalid schema. Creating backup and resetting." cp "$STATE_FILE" "${STATE_FILE}.bak.$(TZ=UTC date +%Y%m%d%H%M%S)" echo '{"schema_version":"1.0","reports_submitted":[],"incidents_logged":0}' > "$STATE_FILE" chmod 600 "$STATE_FILE" fi
if ! jq -e '.schema_version and .reports_submitted' "$STATE_FILE" >/dev/null 2>&1; then echo "Warning: State file corrupted or invalid schema. Creating backup and resetting." cp "$STATE_FILE" "${STATE_FILE}.bak.$(TZ=UTC date +%Y%m%d%H%M%S)" echo '{"schema_version":"1.0","reports_submitted":[],"incidents_logged":0}' > "$STATE_FILE" chmod 600 "$STATE_FILE" fi

Check for major version compatibility

Check for major version compatibility

SCHEMA_VER=$(jq -r '.schema_version // "0"' "$STATE_FILE") if [[ "${SCHEMA_VER%%.*}" != "1" ]]; then echo "Warning: State file schema version $SCHEMA_VER may not be compatible with this version" fi

---
SCHEMA_VER=$(jq -r '.schema_version // "0"' "$STATE_FILE") if [[ "${SCHEMA_VER%%.*}" != "1" ]]; then echo "Warning: State file schema version $SCHEMA_VER may not be compatible with this version" fi

---

Report File Cleanup

报告文件清理

Periodically clean up old report files to prevent disk bloat:
bash
REPORTS_DIR="$HOME/.openclaw/clawtributor-reports"
定期清理旧报告文件,避免磁盘空间浪费:
bash
REPORTS_DIR="$HOME/.openclaw/clawtributor-reports"

Keep only the last 100 report files or files from the last 30 days

Keep only the last 100 report files or files from the last 30 days

cleanup_old_reports() { if [ ! -d "$REPORTS_DIR" ]; then return fi

Count total reports

REPORT_COUNT=$(find "$REPORTS_DIR" -name "*.json" -type f 2>/dev/null | wc -l)
if [ "$REPORT_COUNT" -gt 100 ]; then echo "Cleaning up old reports (keeping last 100)..." # Delete oldest files, keeping 100 most recent ls -1t "$REPORTS_DIR"/*.json 2>/dev/null | tail -n +101 | xargs rm -f 2>/dev/null fi

Also delete any reports older than 30 days

find "$REPORTS_DIR" -name "*.json" -type f -mtime +30 -delete 2>/dev/null }
cleanup_old_reports() { if [ ! -d "$REPORTS_DIR" ]; then return fi

Count total reports

REPORT_COUNT=$(find "$REPORTS_DIR" -name "*.json" -type f 2>/dev/null | wc -l)
if [ "$REPORT_COUNT" -gt 100 ]; then echo "Cleaning up old reports (keeping last 100)..." # Delete oldest files, keeping 100 most recent ls -1t "$REPORTS_DIR"/*.json 2>/dev/null | tail -n +101 | xargs rm -f 2>/dev/null fi

Also delete any reports older than 30 days

find "$REPORTS_DIR" -name "*.json" -type f -mtime +30 -delete 2>/dev/null }

Run cleanup

Run cleanup

cleanup_old_reports

---
cleanup_old_reports

---

Updating Clawtributor

更新Clawtributor

Check for and install newer versions:
bash
undefined
检查并安装新版本:
bash
undefined

Check current installed version

Check current installed version

CURRENT_VERSION=$(jq -r '.version' ~/.openclaw/skills/clawtributor/skill.json 2>/dev/null || echo "unknown") echo "Installed version: $CURRENT_VERSION"
CURRENT_VERSION=$(jq -r '.version' ~/.openclaw/skills/clawtributor/skill.json 2>/dev/null || echo "unknown") echo "Installed version: $CURRENT_VERSION"

Check latest available version

Check latest available version

LATEST_URL="https://api.github.com/repos/prompt-security/ClawSec/releases" LATEST_VERSION=$(curl -sSL --fail --show-error --retry 3 --retry-delay 1 "$LATEST_URL" 2>/dev/null |
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name // empty' |
sed 's/clawtributor-v//')
if [ -z "$LATEST_VERSION" ]; then echo "Warning: Could not determine latest version" else echo "Latest version: $LATEST_VERSION"
if [ "$CURRENT_VERSION" != "$LATEST_VERSION" ]; then echo "Update available! Run the deployment steps with the new version." else echo "You are running the latest version." fi fi

---
LATEST_URL="https://api.github.com/repos/prompt-security/ClawSec/releases" LATEST_VERSION=$(curl -sSL --fail --show-error --retry 3 --retry-delay 1 "$LATEST_URL" 2>/dev/null |
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name // empty' |
sed 's/clawtributor-v//')
if [ -z "$LATEST_VERSION" ]; then echo "Warning: Could not determine latest version" else echo "Latest version: $LATEST_VERSION"
if [ "$CURRENT_VERSION" != "$LATEST_VERSION" ]; then echo "Update available! Run the deployment steps with the new version." else echo "You are running the latest version." fi fi

---

Related Skills

相关技能

  • openclaw-audit-watchdog - Automated daily security audits
  • clawsec-feed - Subscribe to security advisories
  • openclaw-audit-watchdog - 自动化每日安全审计
  • clawsec-feed - 订阅安全公告

License

许可证

MIT License - See repository for details.
Built with 🤝 by the Prompt Security team and the agent community.
Together, we make the agent ecosystem safer.
MIT许可证 - 详见仓库说明。
Prompt Security团队和Agent社区共同打造🤝。
携手共进,让Agent生态系统更安全。