v0.3.0 – Reporter Module & Output Formats

ClawGuard v0.3.0

Added

• HTMLReporter: self-contained HTML report with donut chart, risk gauge (0-100), severity badges, collapsible findings, XSS-safe — no external CDN dependencies
• TextReporter: structured plain-text report for log files and CI artifacts
• JSONReporter: machine-readable JSON for SIEM/ticketing pipeline integration
• --html / --report / --json output flags on clawguard scan
• --format json flag to print JSON to stdout
• --evidence flag to display raw finding evidence in terminal output
• HTML report passes XSS escaping test for attacker-controlled titles

Changed

• ScanResult.scanner_version bumped to 0.3.0
• Improved print_result Rich rendering with evidence column support

Test Coverage

• 94 tests — all passing on Python 3.10, 3.11, 3.12
• CI: GitHub Actions matrix (3.10/3.11/3.12) with ruff lint + pytest-cov

v0.2.0 – Full Test Suite & Bug Fixes

ClawGuard v0.2.0

Added

• Full pytest test suite: 62 tests covering all three checkers, scanner orchestration, CLI exit codes, and report formats
• --no-brute flag to skip credential probing in environments with account lockout policies
• --checkers flag to selectively run a subset of built-in checkers
• list-checkers subcommand
• Scanner.extra_checkers parameter for plugin-style custom checker injection

Fixed

• ConfigChecker: YAML config file parsing now handles both .yaml and .yml extensions; malformed YAML no longer crashes
• DependencyChecker: CVSS vector string parsed via cvss library for accurate base scores; fallback to database_specific.severity label added
• PermissionChecker: _fetch_tokens now tries both /api/token/ and /api/tokens endpoints and handles 401 gracefully

v0.1.0 – Initial Release

ClawGuard v0.1.0 – Initial Release

What is ClawGuard?

ClawGuard is a security audit and vulnerability scanner for OpenClaw AI API Gateway deployments. It automatically detects configuration mistakes, CVE-vulnerable dependencies, and API permission anomalies.

Features

• ConfigChecker: default credentials, plain HTTP, debug endpoints, weak JWT secrets, default DB passwords, missing rate-limiting, CORS wildcards, 0.0.0.0 binding, world-readable config files
• DependencyChecker: parses requirements.txt / package.json / go.mod, batch queries OSV API, reports CVE IDs and fix versions
• PermissionChecker: API key rotation age, over-privileged keys, unused active keys, world-readable sensitive files, loose private-key permissions
• Async Scanner orchestrator with configurable concurrency
• Typer CLI with clawguard scan and clawguard list-checkers
• Rich terminal output with severity colour coding
• Pydantic v2 data models
• --fail-on exit code control for CI integration

Installation

pip install clawguard

Quick Start

clawguard scan --url http://localhost:3000
clawguard scan --config /opt/openclaw --api-key sk-admin