🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

picoclaw-security-guardian

by @davida-ps

Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.

TERMINAL
clawhub install picoclaw-security-guardian

πŸ“– About This Skill


name: picoclaw-security-guardian version: 0.0.1 description: Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance. homepage: https://clawsec.prompt.security author: prompt-security license: AGPL-3.0-or-later picoclaw: emoji: "🦐" category: "security" requires: bins: [node] test_requires: bins: [bash, docker, python3, node, openssl, zip]

Picoclaw Security Guardian

Detailed architecture/operator docs: wiki/modules/picoclaw-security-guardian.md.

Goal

Provide Picoclaw with the same support-matrix security capabilities ClawSec tracks for mature platform modules:

| Skill name | supported platform | security feed | config drift | agent posture-review lane | chain of supply verification | |---|---|---|---|---|---| | picoclaw-security-guardian | Picoclaw | Yes | Yes | Separate package | Yes |

Threat model

Picoclaw is a lightweight AI gateway that can expose chat channels, a Web UI, tool execution, MCP servers, credentials, schedulers, and embedded/router deployments. This skill focuses on the trust boundaries where those features become security-sensitive.

Default safety posture

  • Read-only by default.
  • No scheduler creation in v0.0.1.
  • No outbound network by default.
  • Writes only explicit report/profile outputs under $PICOCLAW_HOME/security/clawsec/ unless the operator supplies test-local temporary paths.
  • Advisory checks fail closed when verification state is not verified unless the operator passes --allow-unsigned for a documented emergency/offline window.
  • Security advisory awareness

    Use scripts/check_advisories.mjs with a local feed/cache and verification state:

    node scripts/check_advisories.mjs   --feed ~/.picoclaw/security/clawsec/feed.json   --state ~/.picoclaw/security/clawsec/feed-verification-state.json
    

    The script filters advisories for picoclaw, ai-gateway, empty/all-platform advisories, or affected package entries containing picoclaw.

    Drift protection

    Generate a deterministic profile:

    node scripts/generate_profile.mjs   --output ~/.picoclaw/security/clawsec/current-profile.json
    

    Compare against an approved baseline:

    node scripts/check_drift.mjs   --baseline ~/.picoclaw/security/clawsec/baseline-profile.json   --current ~/.picoclaw/security/clawsec/current-profile.json   --fail-on critical
    

    Critical drift includes public Web UI enablement, Web UI auth disablement, workspace restriction disablement, unsigned/insecure verification mode, verified-feed regression, and watched-file/release-artifact fingerprint changes.

    Chain-of-supply verification

    Verify a Picoclaw release artifact against a checksum manifest plus detached signature. Signed manifest verification is required for a passing supply-chain verdict:

    node scripts/verify_supply_chain.mjs \
      --artifact ./picoclaw \
      --checksums ./checksums.json \
      --signature ./checksums.json.sig \
      --public-key ./feed-signing-public.pem
    

    Checksum-only mode is integrity-only, not provenance. Use --allow-unsigned-checksums only for short, documented offline triage windows; it should not satisfy production install verification.

    Operator review notes

  • Treat public UI binding (0.0.0.0, -public) as a critical review item until auth and network allowlists are proven.
  • Treat MCP servers as separate trust boundaries; review each server's filesystem, network, and credential access.
  • Treat third-party OpenWrt/LuCI wrappers as separate supply-chain artifacts. Verify provenance before installing them on routers.
  • Never leave unsigned advisory mode enabled in recurring or production checks.
  • Validation

    python utils/validate_skill.py skills/picoclaw-security-guardian
    node skills/picoclaw-security-guardian/test/profile.test.mjs
    node skills/picoclaw-security-guardian/test/drift.test.mjs
    node skills/picoclaw-security-guardian/test/supply_chain.test.mjs
    bash -n skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh
    

    Pre-release install regression

    Before publishing v0.0.1 release artifacts, run the isolated install lane from the repo root:

    skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh
    

    The regression installs the skill through Picoclaw's own find_skills / install_skill path from a local ClawHub-compatible registry into an isolated Docker-hosted Picoclaw workspace with isolated HOME, PICOCLAW_HOME, and PICOCLAW_WORKSPACE. It verifies signed release-artifact preflight inputs, confirms Picoclaw's skill loader can list/load the installed skill, then runs the installed copy's profile, drift, advisory fail-closed, advisory filtering, and supply-chain verification paths against Picoclaw-style config.json and launcher-config.json files.

    πŸ”’ Constraints

    python utils/validate_skill.py skills/picoclaw-security-guardian
    node skills/picoclaw-security-guardian/test/profile.test.mjs
    node skills/picoclaw-security-guardian/test/drift.test.mjs
    node skills/picoclaw-security-guardian/test/supply_chain.test.mjs
    bash -n skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh