Triage security advisories
security-triageskillsetup L2★377,536
openclaw/openclaw ↗What it does
Triage OpenClaw security advisories with shipped-tag and trust-model proof
Best for
Rapidly triaging security reports against shipped releases and trust boundaries without over-closing real issues.
Inputs
- · GHSA advisory URL
- · implicated code paths
- · shipped release data
Outputs
- · close verdict (with evidence)
- · maintainer-ready response
- · hardening suggestions (optional)
Requires
- · gh CLI
- · git
- · npm registry queries
Preconditions
- · SECURITY.md and GHSA body read
- · shipped tag state verified
Failure modes
- · closing before verifying shipped impact leaves vuln in released version
- · hardening over-reach breaks user workflows
Trust signals
- · exact shipped tag/release matched to advisory
- · SECURITY.md boundary adherence
- · codebase grep for implicated paths