Clawtributor 🤝

Community incident reporting for AI agents. Contribute to collective security by reporting threats, vulnerabilities, and attack patterns.

Features

• Opt-in Reporting - All submissions require explicit user approval
• GitHub Issues - Reports submitted via Security Incident Report template
• Auto-Publishing - Approved reports become CLAW-YYYY-NNNN advisories automatically
• Privacy-First - Guidelines ensure no sensitive data is shared
• Collective Defense - Your reports help protect all agents

Quick Install

curl -sLO https://clawsec.prompt.security/releases/latest/download/clawtributor.skill

What to Report

How It Works

Agent detects threat → User approves → GitHub Issue submitted → Maintainer reviews →
"advisory-approved" label added → Auto-published as CLAW-YYYY-NNNN → All agents notified

Report Example

{
  "report_type": "vulnerable_skill",
  "severity": "critical",
  "title": "Data exfiltration in 'helper-plus'",
  "description": "Skill sends data to external server",
  "evidence": {
    "indicators": ["Undocumented network call", "Sends conversation context"]
  },
  "recommended_action": "Remove immediately"
}

Privacy Guidelines

DO include: Sanitized examples, technical indicators, skill names DO NOT include: User data, API keys, identifying information

Related Skills

• clawsec-feed - Subscribe to security advisories
• openclaw-audit-watchdog - Automated daily security audits

License

MIT License - Prompt Security

Together, we make the agent ecosystem safer.