-
Notifications
You must be signed in to change notification settings - Fork 112
modules picoclaw self pen testing
github-actions[bot] edited this page Jun 29, 2026
·
1 revision
Current package version: v0.0.1.
picoclaw-self-pen-testing is a standalone Picoclaw package that runs local, read-only self-pen-testing style checks from a generated Picoclaw posture profile.
This package is intentionally separate from picoclaw-security-guardian so moderation-sensitive findings can be shipped independently.
- Public Web UI exposure
- Disabled Web UI auth
- Unrestricted workspace/tooling posture
- Unsafely unsigned verification mode
- MCP trust-boundary review needs
- Scheduler persistence review
- Plaintext secret markers
- Multi-channel auth review
node skills/picoclaw-self-pen-testing/scripts/self_pen_test.mjs \
--profile ~/.picoclaw/security/clawsec/current-profile.jsonpython utils/validate_skill.py skills/picoclaw-self-pen-testing
node skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjsskills/picoclaw-self-pen-testing/skill.jsonskills/picoclaw-self-pen-testing/SKILL.mdskills/picoclaw-self-pen-testing/README.mdskills/picoclaw-self-pen-testing/lib/self_pen_test.mjsskills/picoclaw-self-pen-testing/lib/format.mjsskills/picoclaw-self-pen-testing/scripts/self_pen_test.mjsskills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs
- Security Signing Runbook
- Signed Feed Migration Plan
- Platform Verification Checklist
- Cross-Platform Remediation Plan
- Frontend Web App
- ClawSec Suite Core
- ClawSec Scanner
- Hermes Attestation Guardian
- Hermes Attestation Guardian Draft History (Archived)
- NanoClaw Integration
- Picoclaw Security Guardian
- Picoclaw Self Pen Testing
- Runtime Traffic Guardian Baseline
- Automation and Release Pipelines
- Local Validation and Packaging Tools