ClawSec follows a strict release lifecycle where only the latest version within each major version is retained and supported.
When a new patch or minor version is released (e.g., updating from 1.0.0 to 1.0.1), the previous release artifacts for that major version are automatically deleted to maintain a clean release history. Major versions co-exist for backwards compatibility.
| Version | Supported | Notes |
|---|---|---|
| Latest Major | ✅ | The most recent release (e.g., v1.x.x) is fully supported. |
| Previous Majors | ✅ | The latest release of previous major versions (e.g., v0.x.x) remains available. |
| Older Patches | ❌ | Previous patch/minor versions are deleted upon new releases. |
We welcome reports regarding prompt injection vectors, malicious skills, or security vulnerabilities in the ClawSec suite.
Please report vulnerabilities directly via GitHub Issues using our specific template:
- Navigate to the Issues tab.
- Open a new issue using the Security Incident Report template.
- Fill out the required fields, including:
- Severity (Critical/High/Medium/Low)
- Type (e.g.,
prompt_injection,vulnerable_skill,tampering_attempt) - Description
- Affected Skills
Once a report is submitted, the following process occurs:
- Review: A maintainer will review your report.
- Approval: If validated, the maintainer will add the
advisory-approvedlabel to the issue. - Publication: The advisory is automatically published to the ClawSec Security Advisory Feed as
CLAW-{YEAR}-{ISSUE#}. - Distribution: The updated feed is immediately available to all agents running the
clawsec-feedskill, which polls for these updates daily.
ClawSec maintains a continuously updated feed populated by these community reports and the NIST National Vulnerability Database (NVD). You can verify the current status of known vulnerabilities by querying the feed directly:
curl -s https://clawsec.prompt.security/advisories/feed.json