clawmoat 0.5.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/CONTRIBUTING.md +4 -2
  2. package/README.md +86 -3
  3. package/SECURITY.md +58 -10
  4. package/bin/clawmoat.js +298 -1
  5. package/clawmoat-0.8.0.tgz +0 -0
  6. package/docs/blog/386-malicious-skills.html +255 -0
  7. package/docs/blog/40000-exposed-openclaw-instances.html +194 -0
  8. package/docs/blog/agent-trust-protocol.html +197 -0
  9. package/docs/blog/clawmoat-vs-llamafirewall-nemo-guardrails.html +223 -0
  10. package/docs/blog/ibm-experts-agent-runtime-protection.html +238 -0
  11. package/docs/blog/index.html +168 -0
  12. package/docs/blog/mcp-30-cves-security-crisis.html +279 -0
  13. package/docs/blog/microsoft-openclaw-workstation-security.html +234 -0
  14. package/docs/blog/nist-ai-agent-standards-clawmoat.html +369 -0
  15. package/docs/blog/oasis-websocket-hijack.html +205 -0
  16. package/docs/blog/ollama-openclaw-security.html +154 -0
  17. package/docs/blog/openclaw-enterprise-readiness-claw10.html +198 -0
  18. package/docs/blog/openclaw-security-reckoning-2026.html +361 -0
  19. package/docs/blog/supply-chain-agents.html +166 -0
  20. package/docs/blog/supply-chain-agents.md +79 -0
  21. package/docs/business/index.html +530 -0
  22. package/docs/business/install.html +247 -0
  23. package/docs/checklist.html +168 -0
  24. package/docs/finance/index.html +217 -0
  25. package/docs/hall-of-fame.html +168 -0
  26. package/docs/index.html +328 -90
  27. package/docs/install.sh +557 -0
  28. package/docs/privacy-policy/index.html +122 -0
  29. package/docs/scan/index.html +214 -0
  30. package/docs/sitemap.xml +132 -2
  31. package/docs/support/index.html +124 -0
  32. package/docs/terms-of-service/index.html +122 -0
  33. package/examples/basic-usage.js +38 -0
  34. package/package.json +1 -1
  35. package/server/index.js +179 -14
  36. package/server/index.js.patch +1 -0
  37. package/src/finance/index.js +585 -0
  38. package/src/finance/mcp-firewall.js +486 -0
  39. package/src/guardian/cve-verify.js +129 -0
  40. package/src/guardian/gateway-monitor.js +590 -0
  41. package/src/guardian/index.js +3 -1
  42. package/src/guardian/insider-threat.js +498 -0
  43. package/src/index.js +3 -0
  44. package/src/middleware/openclaw.js +28 -1
package/docs/hall-of-fame.html ADDED
@@ -0,0 +1,168 @@
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <link rel="icon" type="image/png" href="/favicon.png">
5
+ <link rel="apple-touch-icon" href="/apple-touch-icon.png">
6
+ <meta charset="UTF-8">
7
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
8
+ <title>Hall of Fame — ClawMoat Security Researchers</title>
9
+ <meta name="description" content="Recognizing the security researchers who help make ClawMoat stronger. Report vulnerabilities and earn your place in the Hall of Fame.">
10
+ <link rel="canonical" href="https://clawmoat.com/hall-of-fame.html">
11
+ <meta property="og:title" content="Hall of Fame — ClawMoat Security Researchers">
12
+ <meta property="og:description" content="Recognizing the security researchers who help make ClawMoat stronger.">
13
+ <meta property="og:url" content="https://clawmoat.com/hall-of-fame.html">
14
+ <meta property="og:type" content="website">
15
+ <style>
16
+ *{margin:0;padding:0;box-sizing:border-box}
17
+ :root{--navy:#0F172A;--navy-light:#1E293B;--navy-mid:#334155;--blue:#3B82F6;--emerald:#10B981;--white:#F8FAFC;--gray:#94A3B8;--gold:#F59E0B;--red:#EF4444}
18
+ html{scroll-behavior:smooth}
19
+ body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:var(--navy);color:var(--white);line-height:1.6;overflow-x:hidden}
20
+ a{color:var(--blue);text-decoration:none}
21
+ a:hover{text-decoration:underline}
22
+ .container{max-width:1140px;margin:0 auto;padding:0 24px}
23
+
24
+ nav{position:fixed;top:0;left:0;right:0;z-index:100;background:rgba(15,23,42,.92);backdrop-filter:blur(12px);border-bottom:1px solid rgba(59,130,246,.15);padding:16px 0}
25
+ nav .container{display:flex;align-items:center;justify-content:space-between}
26
+ .logo{font-size:1.25rem;font-weight:700;display:flex;align-items:center;gap:8px;color:var(--white)}
27
+ .nav-links{display:flex;gap:28px;align-items:center}
28
+ .nav-links a{color:var(--gray);font-size:.9rem;transition:color .2s}
29
+ .nav-links a:hover{color:var(--white);text-decoration:none}
30
+ .nav-links .btn-sm{color:var(--navy);background:var(--emerald);padding:6px 28px;border-radius:20px;font-weight:600;font-size:.85rem;white-space:nowrap}
31
+ .menu-toggle{display:none;background:none;border:none;color:var(--white);font-size:1.5rem;cursor:pointer}
32
+
33
+ .hero{padding:160px 0 80px;text-align:center}
34
+ .hero h1{font-size:3rem;margin-bottom:16px;background:linear-gradient(135deg,var(--gold),var(--emerald));-webkit-background-clip:text;-webkit-text-fill-color:transparent}
35
+ .hero p{font-size:1.2rem;color:var(--gray);max-width:700px;margin:0 auto 40px}
36
+
37
+ .tiers{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:32px;margin-bottom:80px}
38
+ .tier{background:var(--navy-light);border-radius:16px;padding:40px;border:1px solid var(--navy-mid);text-align:center}
39
+ .tier h2{font-size:1.5rem;margin-bottom:12px}
40
+ .tier .icon{font-size:3rem;margin-bottom:16px}
41
+ .tier p{color:var(--gray);font-size:.95rem;line-height:1.7}
42
+ .tier.gold{border-color:var(--gold)}
43
+ .tier.gold h2{color:var(--gold)}
44
+
45
+ .researchers{margin-bottom:80px}
46
+ .researchers h2{font-size:2rem;text-align:center;margin-bottom:40px}
47
+ .empty-state{text-align:center;padding:60px 40px;background:var(--navy-light);border-radius:16px;border:1px dashed var(--navy-mid)}
48
+ .empty-state .icon{font-size:4rem;margin-bottom:16px}
49
+ .empty-state p{color:var(--gray);font-size:1.1rem;margin-bottom:24px}
50
+ .cta-btn{display:inline-block;background:var(--emerald);color:var(--navy);padding:12px 32px;border-radius:12px;font-weight:700;font-size:1rem;transition:opacity .2s}
51
+ .cta-btn:hover{opacity:.9;text-decoration:none}
52
+ .cta-btn.gold-btn{background:var(--gold)}
53
+
54
+ .how-it-works{margin-bottom:80px}
55
+ .how-it-works h2{font-size:2rem;text-align:center;margin-bottom:40px}
56
+ .steps{display:grid;grid-template-columns:repeat(auto-fit,minmax(240px,1fr));gap:24px}
57
+ .step{background:var(--navy-light);border-radius:12px;padding:32px;text-align:center;border:1px solid var(--navy-mid)}
58
+ .step .num{display:inline-block;width:40px;height:40px;line-height:40px;border-radius:50%;background:var(--blue);color:var(--white);font-weight:700;margin-bottom:12px}
59
+ .step h3{margin-bottom:8px}
60
+ .step p{color:var(--gray);font-size:.9rem}
61
+
62
+ footer{border-top:1px solid var(--navy-mid);padding:40px 0;text-align:center;color:var(--gray);font-size:.85rem}
63
+
64
+ @media(max-width:768px){
65
+ .hero h1{font-size:2rem}
66
+ .menu-toggle{display:block}
67
+ .nav-links{display:none}
68
+ .nav-links.open{display:flex;flex-direction:column;position:absolute;top:100%;left:0;right:0;background:var(--navy);padding:20px;gap:16px;border-bottom:1px solid var(--navy-mid)}
69
+ }
70
+ </style>
71
+ </head>
72
+ <body>
73
+
74
+ <nav>
75
+ <div class="container">
76
+ <div class="logo"><a href="/"><img src="/logo.svg" alt="ClawMoat" style="height:44px"></a></div>
77
+ <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
78
+ <div class="nav-links">
79
+ <a href="/">Home</a>
80
+ <a href="/blog/">Blog</a>
81
+ <a href="https://github.com/darfaz/clawmoat">GitHub</a>
82
+ <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md">Report a Bug</a>
83
+ <a href="/" class="btn-sm">Get Started</a>
84
+ </div>
85
+ </div>
86
+ </nav>
87
+
88
+ <section class="hero">
89
+ <div class="container">
90
+ <h1>🏆 Hall of Fame</h1>
91
+ <p>Recognizing the security researchers who help make ClawMoat stronger. Find a vulnerability, earn your place here forever.</p>
92
+ </div>
93
+ </section>
94
+
95
+ <section class="container">
96
+
97
+ <div class="tiers">
98
+ <div class="tier gold">
99
+ <div class="icon">🛡️</div>
100
+ <h2>Founding Security Advisor</h2>
101
+ <p>The highest honor. Reserved for researchers who discover critical vulnerabilities during ClawMoat's early days (pre-v1.0). Founding Advisors get permanent recognition, a profile link on this page, and acknowledgment in every major release. This title can never be earned again after v1.0.</p>
102
+ </div>
103
+ <div class="tier">
104
+ <div class="icon">🏆</div>
105
+ <h2>Hall of Fame</h2>
106
+ <p>For any verified security vulnerability report — scanner bypasses, policy engine escapes, audit log tampering, or any other valid security finding. Your name (or handle) and contribution are listed permanently.</p>
107
+ </div>
108
+ <div class="tier">
109
+ <div class="icon">🙏</div>
110
+ <h2>Honorable Mention</h2>
111
+ <p>For reports that don't qualify as security vulnerabilities but still improve ClawMoat's security posture — edge cases, hardening suggestions, documentation improvements, or defense-in-depth recommendations.</p>
112
+ </div>
113
+ </div>
114
+
115
+ <div class="researchers">
116
+ <h2>Founding Security Advisors</h2>
117
+ <div class="empty-state">
118
+ <div class="icon">🔍</div>
119
+ <p>No Founding Security Advisors yet. Be the first to find a critical vulnerability and claim this title forever.</p>
120
+ <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md" class="cta-btn gold-btn">Read the Security Policy →</a>
121
+ </div>
122
+ </div>
123
+
124
+ <div class="researchers">
125
+ <h2>Hall of Fame Researchers</h2>
126
+ <div class="empty-state">
127
+ <div class="icon">🏰</div>
128
+ <p>The Hall of Fame awaits its first member. Can you bypass ClawMoat's defenses?</p>
129
+ <a href="https://github.com/darfaz/hack-clawmoat" class="cta-btn">Take the Hack Challenge →</a>
130
+ </div>
131
+ </div>
132
+
133
+ <div class="how-it-works">
134
+ <h2>How It Works</h2>
135
+ <div class="steps">
136
+ <div class="step">
137
+ <div class="num">1</div>
138
+ <h3>Find a Bug</h3>
139
+ <p>Test ClawMoat's scanners, policy engine, or any component. Try the <a href="https://github.com/darfaz/hack-clawmoat">Hack Challenge</a> for guided scenarios.</p>
140
+ </div>
141
+ <div class="step">
142
+ <div class="num">2</div>
143
+ <h3>Report It</h3>
144
+ <p>Email <strong>security@clawmoat.com</strong> with details, reproduction steps, and impact assessment. See <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md">SECURITY.md</a>.</p>
145
+ </div>
146
+ <div class="step">
147
+ <div class="num">3</div>
148
+ <h3>Get Verified</h3>
149
+ <p>We'll acknowledge within 48 hours and assess within 7 days. Valid findings get a CVE if applicable.</p>
150
+ </div>
151
+ <div class="step">
152
+ <div class="num">4</div>
153
+ <h3>Get Recognized</h3>
154
+ <p>Your name goes on the Hall of Fame permanently. Critical findings pre-v1.0 earn the Founding Security Advisor title.</p>
155
+ </div>
156
+ </div>
157
+ </div>
158
+
159
+ </section>
160
+
161
+ <footer>
162
+ <div class="container">
163
+ <p>🏰 ClawMoat — The Trust Layer for AI Agents &nbsp;|&nbsp; <a href="https://github.com/darfaz/clawmoat">GitHub</a> &nbsp;|&nbsp; <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md">Security Policy</a></p>
164
+ </div>
165
+ </footer>
166
+
167
+ </body>
168
+ </html>