feat(security): harden repo with scoped permissions, CVE mapping, and scan evidence
Settings.json: 16 scoped Bash grants (was 6 wildcards), 26-pattern deny list (was 5). CVE mapping: all 9 OpenClaw CVEs mapped to specific defenses with layer documentation. Scan results: posture Grade D (expected without llm-security), deep scan 0 critical/high. Hooks README: Option A — document llm-security hooks, recommend plugin installation. README: evidence-based security section with scan data and verification instructions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen
parent
82b5aa3646
commit
841cd32c66
7 changed files with 425 additions and 58 deletions
6
.gitignore
vendored
6
.gitignore
vendored
|
|
@ -11,9 +11,13 @@ Thumbs.db
|
|||
# Local overrides
|
||||
*.local.md
|
||||
|
||||
# Environment
|
||||
# Environment and secrets
|
||||
.env
|
||||
.env.*
|
||||
*.key
|
||||
*.pem
|
||||
credentials.*
|
||||
secrets.*
|
||||
|
||||
# Node
|
||||
node_modules/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue