picoclaw security guardian

Picoclaw Security Guardian

Summary

Current package version: v0.0.1.

picoclaw-security-guardian is the core Picoclaw package for:

advisory awareness (fail-closed on unverified feed state),
deterministic profile generation + drift detection,
release artifact supply-chain verification.

Self-pen-testing checks were intentionally split out into picoclaw-self-pen-testing so moderation-sensitive logic can be published/managed independently.

Responsibilities

Filter Picoclaw-relevant advisories from verified ClawSec feed state/cache.
Build deterministic posture profiles from Picoclaw config/security files and optional release artifacts.
Compare baseline vs current profile with severity-ranked findings.
Verify release artifacts with checksum manifest + required detached signature for passing provenance verdicts.

Default safety posture

Read-only by default
No scheduler creation
No outbound network by default
Advisory checks fail closed unless verification state is verified (or explicit --allow-unsigned override)
Supply-chain verification requires detached-signature verification for a passing provenance result

Verification commands

python utils/validate_skill.py skills/picoclaw-security-guardian
node skills/picoclaw-security-guardian/test/profile.test.mjs
node skills/picoclaw-security-guardian/test/drift.test.mjs
node skills/picoclaw-security-guardian/test/supply_chain.test.mjs
bash -n skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

Picoclaw-native sandbox regression

skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh publishes the package via a local ClawHub-compatible registry, installs through Picoclaw find_skills / install_skill, validates skill-loader visibility, and runs installed profile/drift/advisory/supply-chain flows against isolated Picoclaw fixtures.

Related package

skills/picoclaw-self-pen-testing/ (optional separate self-pen-testing package)

Source references

skills/picoclaw-security-guardian/skill.json
skills/picoclaw-security-guardian/SKILL.md
skills/picoclaw-security-guardian/README.md
skills/picoclaw-security-guardian/lib/profile.mjs
skills/picoclaw-security-guardian/lib/drift.mjs
skills/picoclaw-security-guardian/lib/advisories.mjs
skills/picoclaw-security-guardian/lib/supply_chain.mjs
skills/picoclaw-security-guardian/scripts/generate_profile.mjs
skills/picoclaw-security-guardian/scripts/check_drift.mjs
skills/picoclaw-security-guardian/scripts/check_advisories.mjs
skills/picoclaw-security-guardian/scripts/verify_supply_chain.mjs
skills/picoclaw-security-guardian/test/profile.test.mjs
skills/picoclaw-security-guardian/test/drift.test.mjs
skills/picoclaw-security-guardian/test/supply_chain.test.mjs
skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

picoclaw security guardian

Picoclaw Security Guardian

Summary

Responsibilities

Default safety posture

Verification commands

Picoclaw-native sandbox regression

Related package

Source references

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!