ClawSec Suite

Operational Notes

• Required runtime: node, npx, openclaw, curl, jq, shasum, openssl, unzip
• Side effects: setup scripts install an advisory hook under ~/.openclaw/hooks, optionally create an unattended openclaw cron job, and use npx clawhub@latest install for guarded installs
• Network behavior: fetches signed advisory feed artifacts and remote catalog metadata unless you pin local paths
• Trust model: the suite can recommend removal or block risky installs, but removal/install overrides stay approval-gated

This means clawsec-suite can:

• monitor the ClawSec advisory feed,
• track which advisories are new since last check,
• cross-reference advisories against locally installed skills,
• recommend removal for malicious-skill advisories and require explicit user approval first,
• and still act as the setup/management entrypoint for other ClawSec protections.

Included vs Optional Protections

Built into clawsec-suite