Skip to content

v5.13.3 - ClawHub publish script + SkillSpector YARA fix

Latest
Latest

Choose a tag to compare

View all tags
@Jovancoding Jovancoding released this 26 Jun 20:02
· 1 commit to main since this release
v5.13.3
1e820e7

What's changed

Fixed

  • SkillSpector YARA agent_skill_mcp_tool_poisoning_metadata — Reworded the audit-log privacy note in SKILL.md that was triggering the exfiltration sub-rule. No functional change; VirusTotal 64/64 clean.
  • CodeQL js/redundant-operation (alert #178) — Split an &&-chained double-call to RetryBudget.tryConsume() in test-phase15.ts into two explicit assertions.
  • ClawHub display name — Corrected to "Network-AI" (a temp staging directory name leaked as the display name in the first patch publish).

Added

  • npm run clawhub:publish — New publish script (scripts/clawhub-publish.js) that automates the ClawHub staging workaround required since CLI v0.23+. Reads version from skill.json, pulls git provenance automatically, always publishes with --name "Network-AI", and cleans up after itself. 
    npm run clawhub:publish
npm run clawhub:publish -- --changelog "what changed"
npm run clawhub:publish -- --dry-run

Patch release — no API or behaviour changes. All 3,373 tests pass.

Assets 2
Loading