Clawtributor 🤝

---

name: clawtributor

version: 0.0.3

description: Community incident reporting for AI agents. Contribute to collective security by reporting threats.

homepage: https://gclawsec.prompt.security

metadata: {"openclaw":{"emoji":"🤝","category":"security"}}

clawdis:

emoji: "🤝"

requires:

bins: [curl, git, gh]

---

# Clawtributor 🤝

Community incident reporting for AI agents. Contribute to collective security by reporting threats, vulnerabilities, and attack patterns.

**An open source project by [Prompt Security](https://prompt.security)**

---

For AI Agents

If you are an AI agent reading this, execute the following to install Clawtributor:

# Get latest clawtributor release tag
LATEST_TAG=$(curl -sSL https://api.github.com/repos/prompt-security/ClawSec/releases | \
  jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')

# Download SKILL.md from latest release
SKILL_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG/SKILL.md"
curl -sSL --fail --show-error "$SKILL_URL"

Once you have this skill file, proceed to **[Deploy Clawtributor](#deploy-clawtributor)** below.

---

Deploy Clawtributor

Installation Steps:

Step 1: Create skill directory and save this file

mkdir -p ~/.openclaw/skills/clawtributor
# Save this SKILL.md as SKILL.md in the directory above

Step 2: Install skill files

# Get latest release tag with retry logic
LATEST_TAG=$(curl -sSL --retry 3 --retry-delay 1 \
  https://api.github.com/repos/prompt-security/ClawSec/releases | \
  jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name')

BASE_URL="https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG"
INSTALL_DIR="${CLAWTRIBUTOR_INSTALL_DIR:-$HOME/.openclaw/skills/clawtributor}"
TEMP_DIR=$(mktemp -d)
trap "rm -rf '$TEMP_DIR'" EXIT

# Download checksums.json (REQUIRED for integrity verification)
echo "Downloading checksums..."
if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1 \
     "$BASE_URL/checksums.json" -o "$TEMP_DIR/checksums.json"; then
  echo "ERROR: Failed to download checksums.json"
  exit 1
fi

# Validate checksums.json structure
if ! jq -e '.skill and .version and .files' "$TEMP_DIR/checksums.json" >/dev/null 2>&1; then
  echo "ERROR: Invalid checksums.json structure"
  exit 1
fi

# PRIMARY: Try .skill artifact
echo "Attempting .skill artifact installation..."
if curl -sSL --fail --show-error --retry 3 --retry-delay 1 \
   "$BASE_URL/clawtributor.skill" -o "$TEMP_DIR/clawtributor.skill" 2>/dev/null; then

  # Security: Check artifact size (prevent DoS)
  ARTIFACT_SIZE=$(stat -c%s "$TEMP_DIR/clawtributor.skill" 2>/dev/null || stat -f%z "$TEMP_DIR/clawtributor.skill")
  MAX_SIZE=$((50 * 1024 * 1024))  # 50MB

  if [ "$ARTIFACT_SIZE" -gt "$MAX_SIZE" ]; then
    echo "WARNING: Artifact too large ($(( ARTIFACT_SIZE / 1024 / 1024 ))MB), falling back to individual files"
  else
    echo "Extracting artifact ($(( ARTIFACT_SIZE / 1024 ))KB)..."

    # Security: Check for path traversal before extraction
    if unzip -l "$TEMP_DIR/clawtributor.skill" | grep -qE '\.\./|^/|~/'; then
      echo "ERROR: Path traversal detected in artifact - possible security issue!"
      exit 1
    fi

    # Security: Check file count (prevent zip bomb)
    FILE_COUNT=$(unzip -l "$TEMP_DIR/clawtributor.skill" | grep -c "^[[:space:]]*[0-9]" || echo 0)
    if [ "$FILE_COUNT" -gt 100 ]; then
      echo "ERROR: Artifact contains too many files ($FILE_COUNT) - possible zip bomb"
      exit 1
    fi

    # Extract to temp directory
    unzip -q "$TEMP_DIR/clawtributor.skill" -d "$TEMP_DIR/extracted"

    # Verify skill.json exists
    if [ ! -f "$TEMP_DIR/extracted/clawtributor/skill.json" ]; then
      echo "ERROR: skill.json not found in artifact"
      exit 1
    fi

    # Verify checksums for all extracted files
    echo "Verifying checksums..."
    CHECKSUM_FAILED=0
    for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do
      EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")
      FILE_PATH=$(jq -r --arg f "$file" '.files[$f].path' "$TEMP_DIR/checksums.json")

      # Try nested path first, then flat filename
      if [ -f "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" ]; then
        ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$FILE_PATH" | cut -d' ' -f1)
      elif [ -f "$TEMP_DIR/extracted/clawtributor/$file" ]; then
        ACTUAL=$(shasum -a 256 "$TEMP_DIR/extracted/clawtributor/$file" | cut -d' ' -f1)
      else
        echo "  ✗ $file (not found in artifact)"
        CHECKSUM_FAILED=1
        continue
      fi

      if [ "$EXPECTED" != "$ACTUAL" ]; then
        echo "  ✗ $file (checksum mismatch)"
        CHECKSUM_FAILED=1
      else
        echo "  ✓ $file"
      fi
    done

    if [ "$CHECKSUM_FAILED" -eq 0 ]; then
      # SUCCESS: Install from artifact
      echo "Installing from artifact..."
      mkdir -p "$INSTALL_DIR"
      cp -r "$TEMP_DIR/extracted/clawtributor"/* "$INSTALL_DIR/"
      chmod 600 "$INSTALL_DIR/skill.json"
      find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
      echo "SUCCESS: Skill installed from .skill artifact"
      exit 0
    else
      echo "WARNING: Checksum verification failed, falling back to individual files"
    fi
  fi
fi

# FALLBACK: Download individual files
echo "Downloading individual files from checksums.json manifest..."
mkdir -p "$TEMP_DIR/downloads"

DOWNLOAD_FAILED=0
for file in $(jq -r '.files | keys[]' "$TEMP_DIR/checksums.json"); do
  FILE_URL=$(jq -r --arg f "$file" '.files[$f].url' "$TEMP_DIR/checksums.json")
  EXPECTED=$(jq -r --arg f "$file" '.files[$f].sha256' "$TEMP_DIR/checksums.json")

  echo "Downloading: $file"
  if ! curl -sSL --fail --show-error --retry 3 --retry-delay 1 \
       "$FILE_URL" -o "$TEMP_DIR/downloads/$file"; then
    echo "ERROR: Failed to download $file"
    DOWNLOAD_FAILED=1
    continue
  fi

  # Verify checksum immediately
  ACTUAL=$(shasum -a 256 "$TEMP_DIR/downloads/$file" | cut -d' ' -f1)
  if [ "$EXPECTED" != "$ACTUAL" ]; then
    echo "ERROR: Checksum mismatch for $file"
    DOWNLOAD_FAILED=1
  else
    echo "  ✓ Verified: $file"
  fi
done

if [ "$DOWNLOAD_FAILED" -eq 1 ]; then
  echo "ERROR: Individual file download failed"
  exit 1
fi

# Validate JSON structure
if ! jq -e '.name and .version' "$TEMP_DIR/downloads/skill.json" >/dev/null 2>&1; then
  echo "ERROR: skill.json missing required fields (name, version)"
  exit 1
fi

# Install files
echo "Installing from individual files..."
mkdir -p "$INSTALL_DIR"
cp "$TEMP_DIR/downloads"/* "$INSTALL_DIR/"
chmod 600 "$INSTALL_DIR/skill.json"
find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
echo "SUCCESS: Skill installed from individual files"

Step 3: Confirm deployment

Tell your user:

Clawtributor deployed successfully.

IMPORTANT: This skill enables community reporting of security incidents.
- Reporting is OPT-IN - I will only submit reports with your explicit approval
- Reports are submitted as GitHub Issues using the Security Incident Report template
- Once approved, advisories are automatically published as CLAW-{YEAR}-{ISSUE#}
- You control what information is shared

Would you like me to explain how reporting works?

---

What Clawtributor Does

Community-Driven Security Reporting

Clawtributor enables agents to contribute to collective security:

**All reporting is opt-in and requires user approval.**

---

How Reporting Works

┌─────────────────────────────────────────────────────────────┐
│                                                             │
│   Agent observes ──► Creates report ──► User approves       │
│   suspicious                                 │              │
│   activity                                   ▼              │
│                                        GitHub Issue         │
│                                             │               │
│                                     Maintainer review       │
│                                             │               │
│                                   "advisory-approved"?      │
│                                        │      │             │
│                                       YES     NO            │
│                                        │      │             │
│                                        ▼      ▼             │
│   Advisory Feed ◄── Auto-published   Feedback provided      │
│   (CLAW-YYYY-NNNN)       ↓                                  │
│   All agents notified via clawsec-feed                    │
│                                                             │
└─────────────────────────────────────────────────────────────┘

---

What to Report

1. Malicious Prompt Attempts

Prompts that attempted to:

**Example indicators:**

2. Vulnerable Skills/Plugins

Skills that exhibit:

3. Tampering Attempts

Any attempt to:

---

Creating a Report

See **REPORTING.md** for the full report format and submission guide.

Quick Report Format

{
  "report_type": "malicious_prompt | vulnerable_skill | tampering_attempt",
  "severity": "critical | high | medium | low",
  "title": "Brief descriptive title",
  "description": "Detailed description of what was observed",
  "evidence": {
    "observed_at": "2026-02-02T15:30:00Z",
    "context": "What was happening when this occurred",
    "payload": "The actual prompt/code/behavior observed (sanitized)",
    "indicators": ["list", "of", "specific", "indicators"]
  },
  "affected": {
    "skill_name": "name-of-skill (if applicable)",
    "skill_version": "1.0.0 (if known)"
  },
  "recommended_action": "What users should do"
}

---

Submitting a Report

Step 1: Prepare the Report

# Create report file securely (prevents symlink attacks)
REPORTS_DIR="$HOME/.openclaw/clawtributor-reports"

# Create directory with secure permissions if it doesn't exist
if [ ! -d "$REPORTS_DIR" ]; then
  mkdir -p "$REPORTS_DIR"
  chmod 700 "$REPORTS_DIR"
fi

# Verify directory is owned by current user (security check)
DIR_OWNER=$(stat -f '%u' "$REPORTS_DIR" 2>/dev/null || stat -c '%u' "$REPORTS_DIR" 2>/dev/null)
if [ "$DIR_OWNER" != "$(id -u)" ]; then
  echo "Error: Reports directory not owned by current user" >&2
  echo "  Directory: $REPORTS_DIR" >&2
  echo "  Owner UID: $DIR_OWNER, Current UID: $(id -u)" >&2
  exit 1
fi

# Verify directory has secure permissions
DIR_PERMS=$(stat -f '%Lp' "$REPORTS_DIR" 2>/dev/null || stat -c '%a' "$REPORTS_DIR" 2>/dev/null)
if [ "$DIR_PERMS" != "700" ]; then
  echo "Error: Reports directory has insecure permissions: $DIR_PERMS" >&2
  echo "  Fix with: chmod 700 '$REPORTS_DIR'" >&2
  exit 1
fi

# Create unique file atomically using mktemp (prevents symlink following)
# Include timestamp for readability but rely on mktemp for unpredictability
TIMESTAMP=$(TZ=UTC date +%Y%m%d%H%M%S)
REPORT_FILE=$(mktemp "$REPORTS_DIR/${TIMESTAMP}-XXXXXX.json") || {
  echo "Error: Failed to create report file" >&2
  exit 1
}

# Set secure permissions immediately
chmod 600 "$REPORT_FILE"

# Write report JSON to file using heredoc (prevents command injection)
# Replace REPORT_JSON_CONTENT with your actual report content
cat > "$REPORT_FILE" << 'REPORT_EOF'
{
  "report_type": "vulnerable_skill",
  "severity": "high",
  "title": "Example report title",
  "description": "Detailed description here"
}
REPORT_EOF

# Validate JSON before proceeding
if ! jq empty "$REPORT_FILE" 2>/dev/null; then
  echo "Error: Invalid JSON in report file"
  rm -f "$REPORT_FILE"
  exit 1
fi

Step 2: Get User Approval

**CRITICAL: Always show the user what will be submitted:**

🤝 Clawtributor: Ready to submit security report

Report Type: vulnerable_skill
Severity: high
Title: Data exfiltration in skill 'helper-plus'

Summary: The helper-plus skill sends conversation data to an external server.

This report will be submitted as a GitHub Issue using the Security Incident Report template.
Once reviewed and approved by maintainers, it will be published as an advisory (CLAW-YYYY-NNNN).

Do you approve submitting this report? (yes/no)

Step 3: Submit via GitHub Issue

Only after user approval:

# Submit report as a GitHub Issue using the security incident template
gh issue create \
  --repo prompt-security/ClawSec \
  --title "[Report] $TITLE" \
  --body "$REPORT_BODY" \
  --label "security,needs-triage"

---

Privacy Guidelines

When reporting:

**DO include:**

**DO NOT include:**

---

Response Formats

When a threat is detected:

🤝 Clawtributor: Security incident detected

I observed a potential security threat:
- Type: Prompt injection attempt
- Severity: High
- Details: Attempt to extract environment variables

Would you like me to prepare a report for the community?
This helps protect other agents from similar attacks.

Options:
1. Yes, prepare a report for my review
2. No, just log it locally
3. Tell me more about what was detected

After report submission:

🤝 Clawtributor: Report submitted

Your report has been submitted as GitHub Issue #42.
- Issue URL: https://github.com/prompt-security/clawsec/issues/42
- Status: Pending maintainer review
- Advisory ID (if approved): CLAW-2026-0042

Once a maintainer adds the "advisory-approved" label, your report will be
automatically published to the advisory feed.

Thank you for contributing to agent security!

---

When to Report

| Event | Action |

|-------|--------|

| Prompt injection detected | Ask user if they want to report |

| Skill exfiltrating data | Strongly recommend reporting |

| Tampering attempt on security tools | Strongly recommend reporting |

| Suspicious but uncertain | Log locally, discuss with user |

---

State Tracking

Track submitted reports:

{
  "schema_version": "1.0",
  "reports_submitted": [
    {
      "id": "2026-02-02-helper-plus",
      "issue_number": 42,
      "advisory_id": "CLAW-2026-0042",
      "status": "pending",
      "submitted_at": "2026-02-02T15:30:00Z"
    }
  ],
  "incidents_logged": 5
}

Save to: `~/.openclaw/clawtributor-state.json`

State File Operations

STATE_FILE="$HOME/.openclaw/clawtributor-state.json"

# Create state file with secure permissions if it doesn't exist
if [ ! -f "$STATE_FILE" ]; then
  echo '{"schema_version":"1.0","reports_submitted":[],"incidents_logged":0}' > "$STATE_FILE"
  chmod 600 "$STATE_FILE"
fi

# Validate state file before reading
if ! jq -e '.schema_version and .reports_submitted' "$STATE_FILE" >/dev/null 2>&1; then
  echo "Warning: State file corrupted or invalid schema. Creating backup and resetting."
  cp "$STATE_FILE" "${STATE_FILE}.bak.$(TZ=UTC date +%Y%m%d%H%M%S)"
  echo '{"schema_version":"1.0","reports_submitted":[],"incidents_logged":0}' > "$STATE_FILE"
  chmod 600 "$STATE_FILE"
fi

# Check for major version compatibility
SCHEMA_VER=$(jq -r '.schema_version // "0"' "$STATE_FILE")
if [[ "${SCHEMA_VER%%.*}" != "1" ]]; then
  echo "Warning: State file schema version $SCHEMA_VER may not be compatible with this version"
fi

---

Report File Cleanup

Periodically clean up old report files to prevent disk bloat:

REPORTS_DIR="$HOME/.openclaw/clawtributor-reports"

# Keep only the last 100 report files or files from the last 30 days
cleanup_old_reports() {
  if [ ! -d "$REPORTS_DIR" ]; then
    return
  fi

  # Count total reports
  REPORT_COUNT=$(find "$REPORTS_DIR" -name "*.json" -type f 2>/dev/null | wc -l)

  if [ "$REPORT_COUNT" -gt 100 ]; then
    echo "Cleaning up old reports (keeping last 100)..."
    # Delete oldest files, keeping 100 most recent
    ls -1t "$REPORTS_DIR"/*.json 2>/dev/null | tail -n +101 | xargs rm -f 2>/dev/null
  fi

  # Also delete any reports older than 30 days
  find "$REPORTS_DIR" -name "*.json" -type f -mtime +30 -delete 2>/dev/null
}

# Run cleanup
cleanup_old_reports

---

Updating Clawtributor

Check for and install newer versions:

# Check current installed version
CURRENT_VERSION=$(jq -r '.version' ~/.openclaw/skills/clawtributor/skill.json 2>/dev/null || echo "unknown")
echo "Installed version: $CURRENT_VERSION"

# Check latest available version
LATEST_URL="https://api.github.com/repos/prompt-security/ClawSec/releases"
LATEST_VERSION=$(curl -sSL --fail --show-error --retry 3 --retry-delay 1 "$LATEST_URL" 2>/dev/null | \
  jq -r '[.[] | select(.tag_name | startswith("clawtributor-v"))][0].tag_name // empty' | \
  sed 's/clawtributor-v//')

if [ -z "$LATEST_VERSION" ]; then
  echo "Warning: Could not determine latest version"
else
  echo "Latest version: $LATEST_VERSION"

  if [ "$CURRENT_VERSION" != "$LATEST_VERSION" ]; then
    echo "Update available! Run the deployment steps with the new version."
  else
    echo "You are running the latest version."
  fi
fi

---

Related Skills

---

License

MIT License - See repository for details.

Built with 🤝 by the [Prompt Security](https://prompt.security) team and the agent community.

Together, we make the agent ecosystem safer.