github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-23 18:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,609 Commits 702 Branches 79 Tags
2c61fb69c1cca5ea46136fe71ade96efba1a2e45
Commit Graph

51 Commits

Author SHA1 Message Date
theonejvo
2c61fb69c1 feat(security): add client-side skill security enforcement 
Add a capability-based security model for community skills, inspired by
how mobile and Apple ecosystem apps declare capabilities upfront. This is
not a silver bullet for prompt injection, but it's a significant step up
from the status quo and encourages responsible developer practices by
making capability requirements explicit and visible.

Runtime enforcement for community skills installed from ClawHub:

- Capability declarations (shell, filesystem, network, browser, sessions)
  parsed from SKILL.md frontmatter and enforced at tool-call time
- Static SKILL.md scanner detecting prompt injection patterns, suspicious
  constructs, and capability mismatches
- Global skill security context tracking loaded community skills and
  their aggregate capabilities
- Before-tool-call enforcement gate blocking undeclared tool usage
- Command-dispatch capability check preventing shell/filesystem access
  without explicit declaration
- Trust tier classification (builtin/community/local) — only community
  skills are subject to enforcement
- System prompt trust context warning for skills with scan warnings or
  missing capability declarations
- CLI: `skills list -v`, `skills info`, `skills check` now surface
  capabilities, scan results, and security status
- TUI security log panel for skill enforcement events
- Docs updated across 7 files covering the full security model

Companion PR: openclaw/clawhub (capability visibility + UI badges)
 2026-02-22 22:35:00 +11:00
Peter Steinberger
008a8c9dc6 chore(docs): normalize security finding table formatting 2026-02-22 08:03:29 +00:00
Peter Steinberger
265da4dd2a fix(security): harden gateway command/audit guardrails 2026-02-22 08:45:48 +01:00
Peter Steinberger
049b8b14bc fix(security): flag open-group runtime/fs exposure in audit 2026-02-22 08:22:51 +01:00
Peter Steinberger
be7f825006 refactor(gateway): harden proxy client ip resolution 2026-02-21 13:36:23 +01:00
Peter Steinberger
14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger
356d61aacf fix(gateway): scope tailscale tokenless auth to websocket 2026-02-21 13:03:13 +01:00
Peter Steinberger
99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Peter Steinberger
810218756d docs(security): clarify trusted-host deployment assumptions 2026-02-21 12:53:12 +01:00
Peter Steinberger
ede496fa1a docs: clarify trusted-host assumption for tokenless tailscale 2026-02-21 12:52:49 +01:00
Peter Steinberger
b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger
a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger
e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger
9c2640a810 docs: clarify WhatsApp group allowlist and reply mention behavior 2026-02-19 09:19:34 +01:00
Peter Steinberger
a333d92013 docs(security): harden gateway security guidance 2026-02-17 23:48:49 +01:00
Peter Steinberger
c6c53437f7 fix(security): scope session tools and webhook secret fallback 2026-02-16 03:47:10 +01:00
Peter Steinberger
ddfdd20d79 docs: update Slack/Discord allowFrom references 2026-02-15 03:49:33 +01:00
Peter Steinberger
4a44da7d91 fix(security): default apply_patch workspace containment 2026-02-15 03:19:27 +01:00
Peter Steinberger
5e7c3250cb fix(security): add optional workspace-only path guards for fs tools 2026-02-14 23:50:24 +01:00
Peter Steinberger
6a386a7886 docs(security): clarify canvas host exposure and auth 2026-02-14 14:57:19 +01:00
Peter Steinberger
fba19fe942 docs: link trusted-proxy auth from gateway docs (#16172) 2026-02-14 12:44:25 +01:00
Peter Steinberger
1def8c5448 fix(security): extend audit hardening checks 2026-02-13 16:26:58 +01:00
Tulsi Prasad
8c920b9a18 fix(docs): remove hardcoded Mermaid init blocks that break dark mode (#15157) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 3239baaf15
Co-authored-by: heytulsiprasad <52394293+heytulsiprasad@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
 2026-02-12 22:48:26 -05:00
Peter Steinberger
99f28031e5 fix: harden OpenResponses URL input fetching 2026-02-13 01:38:49 +01:00
Suvin Nimnaka
24e9b23c4a Replace text diagrams with mermaid (#7165) 
* Replace text diagrams with mermaid

* Fix review comments

* Remove newlines

* docs: fix mermaid prep blockers (#7165)

---------

Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
 2026-02-09 10:27:27 -05:00
Seb Slight
929a3725d3 docs: canonicalize docs paths and align zh navigation (#11428) 
* docs(navigation): canonicalize paths and align zh nav

* chore(docs): remove stray .DS_Store

* docs(scripts): add non-mint docs link audit

* docs(nav): fix zh source paths and preserve legacy redirects (#11428) (thanks @sebslight)

* chore(docs): satisfy lint for docs link audit script (#11428) (thanks @sebslight)
 2026-02-07 15:40:35 -05:00
Val Alexander
3d2fe9284e Fix repository links in formal-verification.md (#10200) 
Updated repository links for formal verification models.
 2026-02-06 21:47:55 -05:00
Seb Slight
578a6e27aa Docs: enable markdownlint autofixables except list numbering (#10476) 
* docs(markdownlint): enable autofixable rules except list numbering

* docs(zalo): fix malformed bot platform link
 2026-02-06 10:08:59 -05:00
Sebastian
0a1f4f666a revert(docs): undo markdownlint autofix churn 2026-02-06 10:00:08 -05:00
Sebastian
c7aec0660e docs(markdownlint): enable autofixable rules and normalize links 2026-02-06 09:55:12 -05:00
Gustavo Madeira Santana
4629054403 chore: apply local workspace updates (#9911) 
* chore: apply local workspace updates

* fix: resolve prep findings after rebase (#9898) (thanks @gumadeiras)

* refactor: centralize model allowlist normalization (#9898) (thanks @gumadeiras)

* fix: guard model allowlist initialization (#9911)

* docs: update changelog scope for #9911

* docs: remove model names from changelog entry (#9911)

* fix: satisfy type-aware lint in model allowlist (#9911)
 2026-02-05 16:54:44 -05:00
Lucas Kim
6fdb136688 docs: document secure DM mode preset (#7872) 
* docs: document secure DM mode preset

* fix: resolve merge conflict in resizable-divider
 2026-02-04 06:55:13 +00:00
Peter Steinberger
a1e89afcc1 fix: secure chrome extension relay cdp 2026-02-01 02:25:14 -08:00
Aldo
66e33abd7b Docs: mention weak gateway auth tokens 2026-01-31 20:48:00 -05:00
Seb Slight
abcaa8c7a9 Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
Josh Palmer
7a6c40872d Agents: add system prompt safety guardrails (#5445) 
* 🤖 agents: add system prompt safety guardrails

What:
- add safety guardrails to system prompt
- update system prompt docs
- update prompt tests

Why:
- discourage power-seeking or self-modification behavior
- clarify safety/oversight priority when conflicts arise

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 agents: tighten safety wording for prompt guardrails

What:
- scope safety wording to system prompts/safety/tool policy changes
- document Safety inclusion in minimal prompt mode
- update safety prompt tests

Why:
- avoid blocking normal code changes or PR workflows
- keep prompt mode docs consistent with implementation

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 docs: note safety guardrails are soft

What:
- document system prompt safety guardrails as advisory
- add security note on prompt guardrails vs hard controls

Why:
- clarify threat model and operator expectations
- avoid implying prompt text is an enforcement layer

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)
 2026-01-31 15:50:15 +01:00
cpojer
8cab78abbc chore: Run pnpm format:fix. 2026-01-31 21:13:13 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Ayaan Zaidi
b6a3a91edf fix: wire per-account dm scope guidance (#3095) (thanks @jarvis-sam) 2026-01-28 11:42:33 +05:30
vignesh07
0b2b501856 docs: clarify v1++ claims (not just target lists) 2026-01-27 15:35:24 -08:00
vignesh07
ead73f86f0 docs: add v1++ formal model targets (pairing/ingress/routing) 2026-01-27 15:32:37 -08:00
Vignesh
f7a014228d Update permalink for formal verification document 2026-01-27 15:30:42 -08:00
vignesh07
90a6bbdbda docs: restore gateway/security formal verification redirect copy 2026-01-27 15:29:35 -08:00
Vignesh
2bcd7655e4 Replace 'clawdbot' with 'moltbot' in security documentation 
Updated references from 'clawdbot' to 'moltbot' throughout the document, including security settings, file paths, and command usage.
 2026-01-27 15:25:04 -08:00
vignesh07
98b136541b docs: fix Moltbot naming in security + formal verification pages 2026-01-27 15:15:18 -08:00
vignesh07
8198e826da docs: update security + formal verification pages for Moltbot rename 2026-01-27 15:12:26 -08:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
83460df96f chore: update molt.bot domains 2026-01-27 12:21:01 +00:00
Vignesh
d3a6333ef7 docs: allow nested gateway security pages (#2641) 2026-01-26 23:41:35 -08:00
Vignesh
f72b881276 docs: fix formal verification route (#2583) 2026-01-26 20:50:11 -08:00