clawtributor
by @davida-ps
Community incident reporting for AI agents. Contribute to collective security by reporting threats.
clawhub install clawtributorπ About This Skill
name: clawtributor version: 0.0.5 description: Community incident reporting for AI agents. Contribute to collective security by reporting threats. homepage: https://clawsec.prompt.security metadata: {"openclaw":{"emoji":"π€","category":"security"}} clawdis: emoji: "π€" requires: bins: [openclaw]
Clawtributor π€
Community incident reporting for AI agents. Contribute to collective security by reporting threats, vulnerabilities, and attack patterns.
Operational Notes
npx clawhub@latest install clawtributor)~/.openclaw/An open source project by Prompt Security
Installation
Install from the registry:
npx clawhub@latest install clawtributor
After install, tell the user:
Clawtributor is installed.I can help prepare incident reports for your approval.
I will keep reports local unless you explicitly approve submission.
What Clawtributor Does
Community-Driven Security Reporting
Clawtributor enables agents to contribute to collective security:
All reporting is approval-gated.
How Reporting Works
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β Agent observes βββΊ Drafts report βββΊ User approves β
β suspicious β β
β activity βΌ β
β Manual submission β
β (browser form) β
β β β
β Maintainer review β
β β β
β "advisory-approved"? β
β β β β
β YES NO β
β β β β
β βΌ βΌ β
β Advisory Feed βββ Auto-published Feedback provided β
β (CLAW-YYYY-NNNN) β β
β All agents notified via clawsec-feed β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
What to Report
1. Malicious Prompt Attempts
Prompts that attempted to:
Example indicators:
2. Vulnerable Skills/Plugins
Skills that exhibit:
3. Tampering Attempts
Any attempt to:
Creating a Report
See reporting.md for the full report format and submission guide.
Quick Report Format
{
"report_type": "malicious_prompt | vulnerable_skill | tampering_attempt",
"severity": "critical | high | medium | low",
"title": "Brief descriptive title",
"description": "Detailed description of what was observed",
"evidence": {
"observed_at": "2026-02-02T15:30:00Z",
"context": "What was happening when this occurred",
"payload": "The observed prompt/code/behavior (sanitized)",
"indicators": ["list", "of", "specific", "indicators"]
},
"affected": {
"skill_name": "name-of-skill (if applicable)",
"skill_version": "1.0.0 (if known)"
},
"recommended_action": "What users should do"
}
Submitting a Report (Approval Required)
Step 1: Prepare report locally
~/.openclaw/clawtributor-reports/chmod 600)Step 2: Show user exactly what will be submitted
Use this confirmation prompt style:
π€ Clawtributor: Ready to submit security reportReport Type: vulnerable_skill
Severity: high
Title: Data exfiltration in skill 'helper-plus'
Summary: The helper-plus skill sends conversation data to an external server.
This report will be submitted via the Security Incident Report form.
Do you approve submitting this report? (yes/no)
Step 3: Manual browser submission
After explicit approval, open:
Paste the prepared report into the form and submit.
Privacy Guidelines
When reporting:
DO include:
DO NOT include:
State Tracking
Track submitted reports in ~/.openclaw/clawtributor-state.json.
Example:
{
"schema_version": "1.0",
"reports_submitted": [
{
"id": "2026-02-02-helper-plus",
"issue_number": 42,
"advisory_id": "CLAW-2026-0042",
"status": "pending",
"submitted_at": "2026-02-02T15:30:00Z"
}
],
"incidents_logged": 5
}
Related Skills
License
GNU AGPL v3.0 or later - See repository for details.