This handles the workflow of triaging security advisories for OpenClaw without overclosing real issues or shipping unnecessary regressions. It walks you through reading SECURITY.md, pulling GHSA details via the GitHub API, checking shipped tags and npm releases, and deciding whether to close, keep open, or narrow scope. The skill enforces a strict one-advisory-at-a-time flow, copies maintainer-ready comments to your clipboard, and separates vulnerability status from optional hardening. It's built around a trust model framework that distinguishes between real boundary bypasses and issues that fall within documented threat models. Useful if you maintain a project with active security reports and need consistent triage discipline.
npx skills add https://github.com/steipete/clawdis --skill security-triage