Armin Ronacher
a767c584c7
Add prompt injection attacks to out of scope section
2026-01-31 13:17:24 +01:00
Peter Steinberger
2cdfecdde3
docs: clarify security scope
2026-01-30 21:51:28 +01:00
Peter Steinberger
9a7160786a
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5
refactor: rename clawdbot to moltbot with legacy compat
2026-01-27 12:21:02 +00:00
Peter Steinberger
83460df96f
chore: update molt.bot domains
2026-01-27 12:21:01 +00:00
Peter Steinberger
8b56f0e68d
docs: warn against public web binding
2026-01-27 03:30:34 +00:00
rhuanssauro
592930f10f
security: apply Agents Council recommendations
...
- Add USER node directive to Dockerfile for non-root container execution
- Update SECURITY.md with Node.js version requirements (CVE-2025-59466, CVE-2026-21636)
- Add Docker security best practices documentation
- Document detect-secrets usage for local security scanning
Reviewed-by: Agents Council (5/5 approval)
Security-Score: 8.8/10
Watchdog-Verdict: SAFE WITH CONDITIONS
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-01-26 13:39:14 +00:00
Dan Guido
48aea87028
feat: add prek pre-commit hooks and dependabot ( #1720 )
...
* feat: add prek pre-commit hooks and dependabot
Pre-commit hooks (via prek):
- Basic hygiene: trailing-whitespace, end-of-file-fixer, check-yaml, check-added-large-files, check-merge-conflict
- Security: detect-secrets, zizmor (GitHub Actions audit)
- Linting: shellcheck, actionlint, oxlint, swiftlint
- Formatting: oxfmt, swiftformat
Dependabot:
- npm and GitHub Actions ecosystems
- Grouped updates (production/development/actions)
- 7-day cooldown for supply chain protection
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
* docs: add prek install instruction to AGENTS.md
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-25 10:53:23 +00:00
Peter Steinberger
ca1902fb4e
feat(security): expand audit and safe --fix
2026-01-15 05:31:43 +00:00
