Security
clawtributor
By Community incident reporting for AI agents.
---
name: clawtributor
version: 0.0.3
description: Community incident reporting for AI agents. Contribute to collective security by reporting threats.
homepage: https://gclawsec.prompt.security
metadata: {"openclaw":{"emoji":"🤝","category":"security"}}
clawdis:
emoji: "🤝"
requires:
bins: [curl, git, gh]
---
# Clawtributor 🤝
Community incident reporting for AI agents. Contribute to collective security by reporting threats, vulnerabilities, and attack patterns.
**An open source project by [Prompt Security](https://prompt.security)**
---
## For AI Agents
If you are an AI agent reading this, execute the following to install Clawtributor:
```bash
# Get latest clawtributor release tag
LATEST_TAG=$(curl -sSL https://api.github.com/repos/prompt-security/ClawSec/releases | \
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')
# Download SKILL.md from latest release
SKILL_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG/SKILL.md"
curl -sSL --fail --show-error "$SKILL_URL"
```
Once you have this skill file, proceed to **[Deploy Clawtributor](#deploy-clawtributor)** below.
---
## Deploy Clawtributor
## Installation Steps:
### Step 1: Create skill directory and save this file
```bash
mkdir -p ~/.openclaw/skills/clawtributor
# Save this SKILL.md as SKILL.md in the directory above
```
### Step 2: Install skill files
```bash
# Get latest release tag with retry logic
LATEST_TAG=$(curl -sSL --retry 3 --retry-delay 1 \
https://api.github.com/repos/prompt-security/ClawSec/releases | \
jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')
BASE_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG"
INSTALL_DIR="${CLAWTRIBUTOR_INSTALL_DIR:-$HOME/.openclaw/skills/clawtributor}"
TEMP_DIR=$(mktemp -d)
trap "rm -rf '$TEMP_DIR'" EXIT
# Download checksums.json (REQUIRED for integrity verification)
echo "Downloading checksums..."
if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1 \
"$BASE_URL/checksums.json" -o "$TEMP_DIR/checksums.json"; then
echo "ERROR: Failed to download checksums.json"
exit 1
fi
# Validate checksums.json structure
if ! jq -e '.skill and .version and .files' "$TEMP_DIR/checksums.json" >/dev/null 2>&1; then
echo "ERROR: Invalid checksums.json structure"
exit 1
fi
# PRIMARY: Try .skill artifact
echo "Attempting .skill artifact installation..."
if curl -sSL --fail --show-error --retry 3 --retry-delay 1 \
"$BASE_URL/clawtributor.skill" -o "$TEMP_DIR/clawtributor.skill" 2>/dev/null; then
# Security: Check artifact size (prevent DoS)
ARTIFACT_SIZE=$(stat -c%s "$TEMP_DIR/clawtributor.skill" 2>/dev/null || stat -f%z "$TEMP_DIR/clawtributor.skill")
MAX_SIZE=$((50 * 1024 * 1024)) # 50MB
if [ "$ARTIFACT_SIZE" -gt "$MAX_SIZE" ]; then
echo "WARNING: Artifact too large ($(( ARTIFACT_SIZE / 1024 / 1024 ))MB), falling back to individual files"
else
echo "Extracting artifact ($(( ARTIFACT_SIZE / 1024 ))KB)..."
# Security: Check for path traversal before extraction
if unzip -l "$TEMP_DIR/clawtributor.skill" | grep -qE '\.\./|^/|~/'; then
echo "ERROR: Path traversal detected in artifact - possible security issue!"
exit 1
fi
# Security: Check file count (prevent zip bomb)
FILE_COUNT=$(unzip -l "$TEMP_DIR/clawtributor.skill" | grep -c "^[[:space:]]*[0-9]" || echo 0)
if [ "$FILE_COUNT" -gt 100 ]; then
echo "ERROR: Artifact contains too many files ($FILE_COUNT) - possible zip bomb"
exit 1
fi
# Extract to temp directory
unzip -q "$TEMP_DIR/clawtributor.skill" -d "$TEMP_DIR/extracted"
# Verify skill.json exists
if [ ! -f "$TEMP_DIR/extracted/clawtributor/skill.json" ]; then
echo "ERROR: skill.json not found in artifact"
exit 1
fi
# Verify checksums for all extracted files
echo "Verifying checksums..."
CHECKSUM_FAILED=0
for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do
EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")
FILE_PATH=$(jq -r --arg f "$file" '.files[$f].path' "$TEMP_DIR/checksums.json")
# Try nested path first, then flat filename
if [ -f "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" ]; then
ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" | cut -d' ' -f1)
elif [ -f "$TEMP_DIR/extracted/clawtributor/$file" ]; then
ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$file" | cut -d' ' -f1)
else
echo " ✗ $file (not found in artifact)"
CHECKSUM_FAILED=1
continue
fi
if [ "$EXPECTED" != "$ACTUAL" ]; then
echo " ✗ $file (checksum mismatch)"
CHECKSUM_FAILED=1
else
echo " ✓ $file"
fi
done
if [ "$CHECKSUM_FAILED" -eq 0 ]; then
# SUCCESS: Install from artifact
echo "Installing from artifact..."
mkdir -p "$INSTALL_DIR"
cp -r "$TEMP_DIR/extracted/clawtributor"/* "$INSTALL_DIR/"
chmod 600 "$INSTALL_DIR/skill.json"
find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
echo "SUCCESS: Skill installed from .skill artifact"
exit 0
else
echo "WARNING: Checksum verification failed, falling back to individual files"
fi
fi
fi
# FALLBACK: Download individual files
echo "Downloading individual files from checksums.json manifest..."
mkdir -p "$TEMP_DIR/downloads"
DOWNLOAD_FAILED=0
for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do
FILE_URL=$(jq -r --arg f "$file" '.files[$f].url' "$TEMP_DIR/checksums.json")
EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")
echo "Downloading: $file"
if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1 \
"$FILE_URL" -o "$TEMP_DIR/downloads/$file"; then
echo "ERROR: Failed to download $file"
DOWNLOAD_FAILED=1
continue
fi
# Verify checksum immediately
ACTUAL=$(shasum -a 256 "$TEMP_DIR/downloads/$file" | cut -d' ' -f1)
if [ "$EXPECTED" != "$ACTUAL" ]; then
echo "ERROR: Checksum mismatch for $file"
DOWNLOAD_FAILED=1
else
echo " ✓ Verified: $file"
fi
done
if [ "$DOWNLOAD_FAILED" -eq 1 ]; then
echo "ERROR: Individual file download failed"
exit 1
fi
# Validate JSON structure
if ! jq -e '.name and .version' "$TEMP_DIR/downloads/skill.json" >/dev/null 2>&1; then
echo "ERROR: skill.json missing required fields (name, version)"
exit 1
fi
# Install files
echo "Installing from individual files..."
mkdir -p "$INSTALL_DIR"
cp "$TEMP_DIR/downloads"/* "$INSTALL_DIR/"
chmod 600 "$INSTALL_DIR/skill.json"
find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
echo "SUCCESS: Skill installed from individual files"
```
### Step 3: Confirm deployment
Tell your user:
```
Clawtributor deployed successfully.
IMPORTANT: This skill enables community reporting of security incidents.
- Reporting is OPT-IN - I will only submit reports with your explicit approval
- Reports are submitted as GitHub Issues using the Security Incident Report template
- Once approved, advisories are automatically published as CLAW-{YEAR}-{ISSUE#}
- You control what information is shared
Would you like me to explain how reporting works?
```
---
## What Clawtributor Does
### Community-Driven Security Reporting
Clawtributor enables agents to contribute to collective security:
- **Report malicious prompt attempts** - Help identify new attack patterns
- **Report vulnerable skills** - Warn the community about dangerous plugins
- **Report tampering attempts** - Document attacks against security tools
**All reporting is opt-in and requires user approval.**
---
## How Reporting Works
```
┌─────────────────────────────────────────────────────────────┐
│ │
│ Agent observes ──► Creates report ──► User approves │
│ suspicious │ │
│ activity ▼ │
│ GitHub Issue │
│ │ │
│ Maintainer review │
│ │ │
│ "advisory-approved"? │
│ │ │ │
│ YES NO │
│ │ │ │
│ ▼ ▼ │
│ Advisory Feed ◄── Auto-published Feedback provided │
│ (CLAW-YYYY-NNNN) ↓ │
│ All agents notified via clawsec-feed │
│ │
└─────────────────────────────────────────────────────────────┘
```
---
## What to Report
### 1. Malicious Prompt Attempts
Prompts that attempted to:
- Bypass security controls or sandboxing
- Extract sensitive information (credentials, API keys, personal data)
- Manipulate the agent into harmful actions
- Disable or circumvent security tools
- Inject instructions to override user intent
**Example indicators:**
- "Ignore previous instructions..."
- "You are now in developer mode..."
- Encoded/obfuscated payloads
- Attempts to access system files or environment variables
### 2. Vulnerable Skills/Plugins
Skills that exhibit:
- Data exfiltration (sending data to unknown external servers)
- Excessive permission requests without justification
- Self-modification or self-replication behavior
- Attempts to disable security tooling
- Deceptive functionality
### 3. Tampering Attempts
Any attempt to:
- Modify security skill files
- Disable security audit cron jobs
- Alter advisory feed URLs
- Remove or bypass health checks
---
## Creating a Report
See
... (truncated)
security
Comments
Sign in to leave a comment