diff --git a/skills/clawsec-suite/CHANGELOG.md b/skills/clawsec-suite/CHANGELOG.md index eaf0207..24e626b 100644 --- a/skills/clawsec-suite/CHANGELOG.md +++ b/skills/clawsec-suite/CHANGELOG.md @@ -5,6 +5,17 @@ All notable changes to the ClawSec Suite will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [0.1.4] + +### Added + +- Audit warning when `CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0` is enabled in `guarded_skill_install.mjs` to match visibility pattern of `CLAWSEC_ALLOW_UNSIGNED_FEED` bypass. +- Audit warning when `CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0` is enabled in `handler.ts` with once-only flag pattern to prevent repeated warnings. + +### Security + +- Enhanced visibility for checksum verification bypass: operators are now immediately notified when the checksum manifest verification layer is disabled, following the fail-open visibility principle. + ## [0.1.3] ### Added diff --git a/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts b/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts index ee1220f..142f036 100644 --- a/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts +++ b/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts @@ -12,6 +12,7 @@ const DEFAULT_FEED_URL = "https://clawsec.prompt.security/advisories/feed.json"; const DEFAULT_SCAN_INTERVAL_SECONDS = 300; let unsignedModeWarningShown = false; +let checksumBypassWarningShown = false; function parsePositiveInteger(value: string | undefined, fallback: number): number { const parsed = Number.parseInt(String(value ?? ""), 10); @@ -160,6 +161,14 @@ const handler = async (event: HookEvent): Promise => { ); } + if (!verifyChecksumManifest && !checksumBypassWarningShown) { + checksumBypassWarningShown = true; + console.warn( + "[clawsec-advisory-guardian] CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0 is enabled. " + + "This disables checksum verification and should be used with caution.", + ); + } + const forceScan = toEventName(event) === "command:new"; const state = await loadState(stateFile); if (!forceScan && scannedRecently(state.last_hook_scan, scanIntervalSeconds)) { diff --git a/skills/clawsec-suite/scripts/guarded_skill_install.mjs b/skills/clawsec-suite/scripts/guarded_skill_install.mjs index 7222978..1cecf9a 100644 --- a/skills/clawsec-suite/scripts/guarded_skill_install.mjs +++ b/skills/clawsec-suite/scripts/guarded_skill_install.mjs @@ -146,6 +146,12 @@ async function loadFeed() { ); } + if (!verifyChecksumManifest) { + process.stderr.write( + "WARNING: CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0 is enabled. Checksum verification for the advisory feed manifest is disabled. This reduces security guarantees.\n", + ); + } + const publicKeyPem = allowUnsigned ? "" : await fs.readFile(feedPublicKeyPath, "utf8"); const remoteFeed = await loadRemoteFeed(feedUrl, { diff --git a/skills/clawsec-suite/skill.json b/skills/clawsec-suite/skill.json index e5acca0..0c74206 100644 --- a/skills/clawsec-suite/skill.json +++ b/skills/clawsec-suite/skill.json @@ -1,6 +1,6 @@ { "name": "clawsec-suite", - "version": "0.1.3", + "version": "0.1.4", "description": "ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.", "author": "prompt-security", "license": "AGPL-3.0-or-later",