nxtsecure-openclaw 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +28 -0
  2. package/bin/nxtsecure.mjs +41 -0
  3. package/package.json +1 -1
  4. package/skills/openclaw-security-audit/SKILL.md +12 -8
package/README.md CHANGED
@@ -62,10 +62,38 @@ npm run nxtsecure -- openclaw cron install --log ~/openclaw-security-audit.log
62
62
  npm run nxtsecure -- openclaw help
63
63
  npm run nxtsecure -- openclaw audit --config ./openclaw-security-audit.conf
64
64
  npm run nxtsecure -- openclaw cron install --log ~/openclaw-security-audit.log
65
+ npm run nxtsecure -- openclaw doctor
65
66
  npm run nxtsecure -- openclaw vt url https://example.test
66
67
  npm run nxtsecure -- openclaw vt file /path/to/sample.bin
67
68
  ```
68
69
 
70
+ ## Doctor
71
+
72
+ Use `doctor` to verify that the local environment is ready before running the audit:
73
+
74
+ ```bash
75
+ npm run nxtsecure -- openclaw doctor
76
+ ```
77
+
78
+ It checks the presence of Node.js, npm, bash, git, and the bundled audit files.
79
+
80
+ ## Release and publish
81
+
82
+ This repository is configured for npm trusted publishing with GitHub Actions.
83
+
84
+ 1. Make sure npm trusted publishing points to:
85
+ `scorpion7slayer / nxtsecure-openclaw / publish.yml`
86
+ 2. Update the version in `package.json`
87
+ 3. Commit and push to `main`
88
+ 4. Create and push a matching git tag:
89
+
90
+ ```bash
91
+ git tag v0.1.3
92
+ git push origin v0.1.3
93
+ ```
94
+
95
+ Pushing a `v*` tag triggers `.github/workflows/publish.yml`, which publishes the package to npm using OIDC.
96
+
69
97
  ## VirusTotal mode
70
98
 
71
99
  This repository intentionally avoids the VirusTotal API.
package/bin/nxtsecure.mjs CHANGED
@@ -29,12 +29,14 @@ Usage:
29
29
  nxtsecure openclaw vt url <url> [--allow-uploads]
30
30
  nxtsecure openclaw vt file <path> [--allow-uploads]
31
31
  nxtsecure openclaw config init [--output PATH] [--force]
32
+ nxtsecure openclaw doctor
32
33
  nxtsecure openclaw paths
33
34
 
34
35
  Examples:
35
36
  nxtsecure openclaw config init --output ./openclaw-security-audit.conf
36
37
  nxtsecure openclaw audit --config ./openclaw-security-audit.conf
37
38
  nxtsecure openclaw cron install --log ~/openclaw-security-audit.log
39
+ nxtsecure openclaw doctor
38
40
  nxtsecure openclaw vt url https://example.test
39
41
  nxtsecure openclaw vt file /tmp/sample.bin --allow-uploads
40
42
  `);
@@ -78,6 +80,13 @@ function hasFlag(argv, flagName) {
78
80
  return argv.includes(flagName);
79
81
  }
80
82
 
83
+ function commandExists(commandName) {
84
+ const result = spawnSync('sh', ['-c', `command -v "${commandName}"`], {
85
+ stdio: 'ignore'
86
+ });
87
+ return result.status === 0;
88
+ }
89
+
81
90
  function withoutOption(argv, optionName) {
82
91
  const index = argv.indexOf(optionName);
83
92
  if (index === -1) {
@@ -167,6 +176,35 @@ function commandPaths(argv) {
167
176
  console.log(`configExample=${paths.configExample}`);
168
177
  }
169
178
 
179
+ function commandDoctor(argv) {
180
+ if (argv.length !== 0) {
181
+ fail(`Unknown doctor arguments: ${argv.join(' ')}`);
182
+ }
183
+
184
+ const checks = [
185
+ ['node >= 18', Number.parseInt(process.versions.node.split('.')[0], 10) >= 18, process.versions.node],
186
+ ['bash available', commandExists('bash'), 'required for bundled scripts'],
187
+ ['git available', commandExists('git'), 'recommended for release workflow'],
188
+ ['npm available', commandExists('npm'), 'required for package workflow'],
189
+ ['audit script present', existsSync(paths.audit), paths.audit],
190
+ ['cron script present', existsSync(paths.cron), paths.cron],
191
+ ['VirusTotal helper present', existsSync(paths.vt), paths.vt],
192
+ ['config example present', existsSync(paths.configExample), paths.configExample]
193
+ ];
194
+
195
+ let failures = 0;
196
+ for (const [label, ok, detail] of checks) {
197
+ console.log(`${ok ? 'OK' : 'FAIL'} ${label}${detail ? ` (${detail})` : ''}`);
198
+ if (!ok) {
199
+ failures += 1;
200
+ }
201
+ }
202
+
203
+ if (failures > 0) {
204
+ process.exit(1);
205
+ }
206
+ }
207
+
170
208
  function runOpenClaw(argv) {
171
209
  const [command = 'help', ...rest] = argv;
172
210
 
@@ -188,6 +226,9 @@ function runOpenClaw(argv) {
188
226
  case 'config':
189
227
  commandConfig(rest);
190
228
  break;
229
+ case 'doctor':
230
+ commandDoctor(rest);
231
+ break;
191
232
  case 'paths':
192
233
  commandPaths(rest);
193
234
  break;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nxtsecure-openclaw",
3
- "version": "0.1.1",
3
+ "version": "0.1.3",
4
4
  "description": "npm CLI wrapper for the OpenClaw security audit skill",
5
5
  "license": "MIT",
6
6
  "type": "module",
package/skills/openclaw-security-audit/SKILL.md CHANGED
@@ -13,12 +13,16 @@ Use this skill when the user wants a repeatable OpenClaw host security audit, a
13
13
 
14
14
  ## Workflow
15
15
 
16
- 1. Prefer the npm CLI in `{baseDir}/../../bin/nxtsecure.mjs` to keep the agent workflow stable.
17
- 2. From the repository root, create the local configuration with `npm run nxtsecure -- openclaw config init --output ./openclaw-security-audit.conf` or copy `{baseDir}/references/openclaw-security-audit.conf.example`.
18
- 3. Run `npm run nxtsecure -- openclaw audit --config ./openclaw-security-audit.conf` to execute the audit and remediation workflow.
19
- 4. Install the nightly 23:00 cron entry with `npm run nxtsecure -- openclaw cron install --log ~/openclaw-security-audit.log`.
20
- 5. If every check passes, print exactly `audit de sécurité réussi`.
21
- 6. If a check fails, explain the issue, attempt remediation immediately, and rerun the relevant verification.
16
+ 1. First install or verify the CLI so the agent uses a stable interface:
17
+ `npm install -g nxtsecure-openclaw`
18
+ then verify with:
19
+ `nxtsecure openclaw doctor`
20
+ 2. If the CLI cannot be installed globally, fall back to the repository copy in `{baseDir}/../../bin/nxtsecure.mjs`.
21
+ 3. From the repository root, create the local configuration with `nxtsecure openclaw config init --output ./openclaw-security-audit.conf` or copy `{baseDir}/references/openclaw-security-audit.conf.example`.
22
+ 4. Run `nxtsecure openclaw audit --config ./openclaw-security-audit.conf` to execute the audit and remediation workflow.
23
+ 5. Install the nightly 23:00 cron entry with `nxtsecure openclaw cron install --log ~/openclaw-security-audit.log`.
24
+ 6. If every check passes, print exactly `audit de sécurité réussi`.
25
+ 7. If a check fails, explain the issue, attempt remediation immediately, and rerun the relevant verification.
22
26
 
23
27
  ## Checks
24
28
 
@@ -70,8 +74,8 @@ When the user wants file or link reputation checks, the agent must use VirusTota
70
74
 
71
75
  Use the bundled helper:
72
76
 
73
- - `npm run nxtsecure -- openclaw vt url https://example.test`
74
- - `npm run nxtsecure -- openclaw vt file /path/to/sample.bin`
77
+ - `nxtsecure openclaw vt url https://example.test`
78
+ - `nxtsecure openclaw vt file /path/to/sample.bin`
75
79
  - fallback: `{baseDir}/scripts/openclaw_virustotal_check.sh --url https://example.test`
76
80
  - fallback: `{baseDir}/scripts/openclaw_virustotal_check.sh --file /path/to/sample.bin`
77
81