clawsec-nanoclaw

ClawSec for NanoClaw is a comprehensive security suite designed to protect WhatsApp bot environments from known vulnerabilities, supply chain attacks, and unauthorized modifications. It acts as an advisory-aware security layer that integrates directly into the NanoClaw agent's cognitive architecture, enabling proactive defense through a robust set of Model Context Protocol (MCP) tools. This skill is intended for security-conscious developers and bot operators who require automated oversight of their agent's skills and file system integrity.

• Automated security advisory monitoring via NVD CVE feeds, with specific tracking for NanoClaw, WhatsApp-bot, and Baileys library vulnerabilities.
• Pre-installation safety gating using clawsec_check_skill_safety to prevent the introduction of malicious or outdated skills into the environment.
• Continuous runtime security audits with clawsec_check_advisories to identify potential exploits in existing dependencies.
• File integrity protection and drift detection to ensure critical agent files like IDENTITY.md remain untampered.
• Cryptographic verification of skill packages using Ed25519 signatures to establish trust and provenance.
• Incident response capabilities through audit log verification and status reporting.

When using this tool, ensure that the advisory cache is refreshed periodically, as the system polls every six hours. Typical inputs involve specifying the installation path for audits or the skill identifier for pre-installation checks. The primary output is a security risk assessment, which may trigger warnings or block installations if critical vulnerabilities or high-exploitability scores are detected. The tool is best utilized during the initial setup of an agent, as part of a scheduled daily security task, or whenever new extensions are added to the bot. Avoid using this for general debugging or performance profiling, as its primary constraint and focus is strictly on security posture and threat intelligence.