ClawSec for NanoClaw

Security advisory monitoring that protects your WhatsApp bot from known vulnerabilities in skills and dependencies.

Overview

ClawSec provides MCP tools that check installed skills against a curated feed of security advisories. It prevents installation of vulnerable skills, includes exploitability context for triage, and alerts you to issues in existing ones.

Core principle:

Check before you install. Monitor what's running.

When to Use

Use ClawSec tools when:

Installing a new skill (check safety first)

User asks "are my skills secure?"

Investigating suspicious behavior

Regular security audits

After receiving security notifications

Do NOT use for:

Code review (use other tools)

Performance issues (different concern)

General debugging

MCP Tools Available

Pre-Installation Check

// Before installing any skill

const

safety

=

await

tools

.

clawsec_check_skill_safety

(

{

skillName

:

'new-skill'

,

skillVersion

:

'1.0.0'

// optional

}

)

;

if

(

!

safety

.

safe

)

{

// Show user the risks before proceeding

console

.

warn

(

`

Security issues:

${

safety

.

advisories

.

map

(

a

=>

a

.

id

)

}

`

)

;

}

Security Audit

// Check all installed skills (defaults to ~/.claude/skills in the container)

const

result

=

await

tools

.

clawsec_check_advisories

(

{

installRoot

:

'/home/node/.claude/skills'

// optional

}

)

;

if

(

result

.

matches

.

some

(

(

m

)

=>

m

.

advisory

.

severity

===

'critical'

||

m

.

advisory

.

exploitability_score

===

'high'

)

)

{

// Alert user immediately

console

.

error

(

'Urgent advisories found!'

)

;

}

Browse Advisories

// List advisories with filters

const

advisories

=

await

tools

.

clawsec_list_advisories

(

{

severity

:

'high'

,

// optional

exploitabilityScore

:

'high'

// optional

}

)

;

Quick Reference

Task

Tool

Key Parameter

Pre-install check

clawsec_check_skill_safety

skillName

Audit all skills

clawsec_check_advisories

installRoot

(optional)

Browse feed

clawsec_list_advisories

severity

,

type

,

exploitabilityScore

(optional)

Verify package signature

clawsec_verify_skill_package

packagePath

Refresh advisory cache

clawsec_refresh_cache

(none)

Check file integrity

clawsec_check_integrity

mode

,

autoRestore

(optional)

Approve file change

clawsec_approve_change

path

View baseline status

clawsec_integrity_status

path

(optional)

Verify audit log

clawsec_verify_audit

(none)

Common Patterns

Pattern 1: Safe Skill Installation

// ALWAYS check before installing

const

safety

=

await

tools

.

clawsec_check_skill_safety

(

{

skillName

:

userRequestedSkill

}

)

;

if

(

safety

.

safe

)

{

// Proceed with installation

await

installSkill

(

userRequestedSkill

)

;

}

else

{

// Show user the risks and get confirmation

await

showSecurityWarning

(

safety

.

advisories

)

;

if

(

await

getUserConfirmation

(

)

)

{

await

installSkill

(

userRequestedSkill

)

;

}

}

Pattern 2: Periodic Security Check

// Add to scheduled tasks

schedule_task

(

{

prompt

:

"Check advisories using clawsec_check_advisories and alert when critical or high-exploitability matches appear"

,

schedule_type

:

"cron"

,

schedule_value

:

"0 9 * * *"

// Daily at 9am

}

)

;

Pattern 3: User Security Query

User: "Are my skills secure?"

You: I'll check installed skills for known vulnerabilities.

[Use clawsec_check_advisories]

Response:

✅ No urgent issues found.

- 2 low-severity/low-exploitability advisories

- All skills up to date

Common Mistakes

❌ Installing without checking

// DON'T

await

installSkill

(

'untrusted-skill'

)

;

// DO

const

safety

=

await

tools

.

clawsec_check_skill_safety

(

{

skillName

:

'untrusted-skill'

}

)

;

if

(

safety

.

safe

)

await

installSkill

(

'untrusted-skill'

)

;

❌ Ignoring exploitability context

// DON'T: Use severity only

if

(

advisory

.

severity

===

'high'

)

{

notifyNow

(

advisory

)

;

}

// DO: Use exploitability + severity

if

(

advisory

.

exploitability_score

===

'high'

||

advisory

.

severity

===

'critical'

)

{

notifyNow

(

advisory

)

;

}

❌ Skipping critical severity

// DON'T: Ignore high exploitability in medium severity advisories

if

(

advisory

.

severity

===

'critical'

)

alert

(

)

;

// DO: Prioritize exploitability and severity together

if

(

advisory

.

exploitability_score

===

'high'

||

advisory

.

severity

===

'critical'

)

{

// Alert immediately

}

Implementation Details

Feed Source

:

https://clawsec.prompt.security/advisories/feed.json

Update Frequency

Every 6 hours (automatic)

Signature Verification

Ed25519 signed feeds Cache Location : /workspace/project/data/clawsec-advisory-cache.json See INSTALL.md for setup and docs/ for advanced usage. Real-World Impact Prevents installation of skills with known RCE vulnerabilities Alerts to supply chain attacks in dependencies Provides actionable remediation steps Zero false positives (curated feed only)