openclaw-ghsa-maintainer

The OpenClaw GHSA Maintainer is a specialized automation skill designed for repository security management. It enables maintainers to handle the lifecycle of GitHub Security Advisories by automating inspection, patching, and publishing tasks. This tool is strictly intended for security workflows and enforces strict operational guardrails to prevent accidental interference with standard release cycles. Users can fetch current advisory data, verify private fork states, and apply validated patches using safe CLI patterns that avoid common shell injection and formatting errors. By utilizing granular API calls via the gh CLI and jq, the agent ensures that security metadata and vulnerability payloads are processed with high integrity and compliance.

• Automated fetching of security advisory status and public NPM package versions for comparative analysis.

• Automated validation checks to ensure private forks are clean of open pull requests before any publishing action is taken.

• Safe Markdown and JSON payload preparation using heredoc and jq to prevent character escaping issues.

• Sequenced API patching to handle complex updates like separate severity and vector string management.

• Post-publish verification routines that confirm the state of the advisory and validate content integrity.

• Always consult the repository SECURITY.md before executing any advisory-related commands.

• Permission must be explicitly granted before performing any publish-state API operations.

• This skill is intended exclusively for GHSA maintenance; do not use it for stable or beta release management, which should be handled by the openclaw-release-maintainer skill.

• Payloads should be constructed using the provided jq patterns to ensure valid JSON output, avoiding manual string manipulation.

• Regularly verify the published state and the consistency of the advisory description after every patch operation to detect potential formatting regressions.