Merged
Conversation
The delete and undelete handlers for skills and souls were catching all errors and returning 401 Unauthorized, even for errors like: - 'Skill not found' (should be 404) - 'Forbidden' (should be 403) - Other validation errors (should be 400) This change updates the error handling to return appropriate status codes: - 401 Unauthorized: authentication failures - 403 Forbidden: authorization failures (not owner/admin/moderator) - 404 Not Found: skill/soul/user not found - 400 Bad Request: other errors with descriptive message Fixes openclaw#34
When AbortController.abort() receives a string instead of an Error, the string itself is thrown. pRetry then wraps it in a confusing message: 'Non-error was thrown: Timeout' Changed all 3 occurrences in http.ts: - apiRequest (line 57) - apiRequestForm (line 106) - downloadZip (line 141) Now timeouts will surface as proper Error objects with clear messages.
Verifies that deleting a non-existent skill returns a proper 'not found' error instead of a generic 'Unauthorized' message.
Contributor
|
@regenrek is attempting to deploy a commit to the Amantus Machina Team on Vercel. A member of the Team first needs to authorize it. |
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
Add OpenClaw LLM-based security evaluator that runs alongside VirusTotal when skills are published. Reads SKILL.md prose, metadata, install specs, and file manifest, then assesses coherence across 5 dimensions to catch social engineering vectors that VT/regex miss (e.g. instruction-only skills with no code files). - convex/lib/securityPrompt.ts: system prompt, message assembly, response parsing, injection pattern detection - convex/llmEval.ts: evaluateWithLlm action, evaluateBySlug convenience action, backfillLlmEval for existing skills - convex/schema.ts: llmAnalysis field on skillVersions - convex/skills.ts: updateVersionLlmAnalysisInternal mutation, getActiveSkillBatchForLlmBackfillInternal query, defense-in-depth multi-scanner flag merging in approveSkillByHashInternal - convex/lib/skillPublish.ts: schedule LLM eval alongside VT scan - SkillDetailPage.tsx: OpenClaw row, LlmAnalysisDetail expandable component with 5 dimension rows, guidance panel, findings section - styles.css: analysis detail styles from mockup
Reads all files from storage and includes their full source in the eval prompt so the LLM can detect malicious code hidden behind clean READMEs. Injection detection now scans all content. Per-file cap 10K chars, total cap 50K chars.
- Document full frontmatter metadata reference in docs/skill-format.md - Add metadata section + quick example to README - Show appeal message on suspicious skills (owner-only) linking to GitHub issues - Accept metadata.openclaw alias in README docs - Re-evaluate all skills with full file content reading (backfill in progress)
… flags - Strip trailing commas in frontmatter JSON before parsing (silent failure fix) - Stop flagging disable-model-invocation default as a concern (it's the normal default) - Stop flagging skills configuring themselves as privilege escalation - Add MITRE ATLAS AML.T0051 context for when autonomous invocation actually matters - Show actual defaults in assembled eval message instead of "not set"
VT no longer overwrites LLM moderation verdicts. LLM is the primary moderation authority; VT only escalates (hides + flags) for malicious/ suspicious content via new escalateByVtInternal mutation. Stale VT polls write vtAnalysis marker instead of overwriting moderationReason. Query pools expanded to include LLM-evaluated skills awaiting VT results. Ban message now references malicious skills and security@openclaw.ai.
* fix: handle GitHub API rate limits in account age check The GitHub account lookup uses unauthenticated requests (60 req/hr per IP). Since this runs server-side in Convex, all users share the same IP and quickly exhaust the rate limit, causing "GitHub account lookup failed" errors during skill publish. - Detect 403/429 responses and surface a clear rate-limit message - Support optional GITHUB_TOKEN env var for authenticated requests (5,000 req/hr) Fixes openclaw#155 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: stabilize GitHub account gate tests and docs --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
fix: return proper HTTP status codes for delete/undelete errors
docs: changelog credit + v1 delete status codes
* fix(cli): clarify logout only affects local config Users may assume 'clawhub logout' revokes their token everywhere. In reality, the token remains valid on the server until explicitly revoked in the web UI. This could be a security concern on shared machines. Update the message to set correct expectations. * fix(cli): clarify logout revocation scope (openclaw#166) (thanks @aronchick) * chore: sync changelog for merge (openclaw#166) (thanks @aronchick) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
…ments (openclaw#298) * feat: anti-squatting protection, backup restore, and ban flow improvements - Add `reservedSlugs` table with 90-day cooldown to prevent slug squatting after skill deletion. Hard-delete finalize phase reserves slugs for the original owner; `insertVersion` blocks non-owners during cooldown. - Change ban flow from hard-delete to soft-delete: `banUserWithActor` now sets `moderationReason: 'user.banned'` and syncs embedding visibility. `unbanUserWithActor` restores all ban-hidden skills and releases slug reservations automatically. - Align `autobanMalwareAuthorInternal` with the same soft-delete + embedding visibility pattern so unban recovery works uniformly. - Add admin `reclaimSlug` / `reclaimSlugInternal` mutations for reclaiming squatted slugs, with audit logging. - Add GitHub backup restore system (`githubRestore.ts`, `githubRestoreMutations.ts`, `githubRestoreHelpers.ts`) that reads from the `clawdbot/skills` backup repo and re-creates skill records. Squatter eviction runs synchronously in the same transaction as restore to avoid async race conditions. - Add `POST /api/v1/users/restore` and `POST /api/v1/users/reclaim` admin HTTP endpoints for bulk operations. - Add `trustedPublisher` flag on users; trusted publishers bypass the `pending.scan` auto-hide for new skill publishes. - Add `setTrustedPublisher` / `setTrustedPublisherInternal` admin mutations. Addresses: slug squatting prevention, skill backup/restore, ban recovery, and trusted publisher workflow improvements. Co-authored-by: Cursor <cursoragent@cursor.com> * fix: harden restore/reclaim + ban flow (openclaw#298) (thanks @autogame-17) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
* refactor: consolidate slug + embedding helpers * refactor: batch ban/unban skill updates * refactor: report batched ban/unban scheduling * fix: unblock package typecheck
* fix: sync GitHub profile on login to handle username renames (openclaw#303) When a user renames their GitHub account, the stored username becomes stale and causes 'GitHub account lookup failed' errors during skill publishing. This fix: - Adds syncGitHubProfile function that fetches current profile using the immutable GitHub numeric ID - Adds syncGitHubProfileInternal mutation to update user's name, handle, displayName, and image when they change - Schedules the sync as a background action on every login via afterUserCreatedOrUpdated callback The sync is best-effort (silently fails if GitHub API unavailable) since it's not on the critical path. It only updates fields if the username has actually changed. Fixes openclaw#303 Co-Authored-By: Ian Alloway <adapter_burners.1y@icloud.com> * fix: allow updating skill summary/description on subsequent publishes (openclaw#301) Previously, the skill summary was only extracted from metadata.description in the SKILL.md frontmatter. This change also checks for a direct 'description' field in the frontmatter, ensuring that users can update their skill description by modifying either location. The fix prioritizes the new description from the current publish over the existing skill summary, allowing updates to be reflected correctly. Fixes openclaw#301 Co-Authored-By: Ian Alloway <adapter_burners.1y@icloud.com> * fix: throttle GitHub profile sync * feat: show skill owner avatars * fix: avoid nested owner links * refactor: centralize profile sync + owner lookup * docs: changelog for openclaw#312 (thanks @ianalloway) --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix: prefer $HOME over os.homedir() for path resolution os.homedir() reads from /etc/passwd which can return a stale path after a Linux user rename (usermod -l). Prefer the $HOME environment variable which reflects the current session. Closes openclaw#82 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: normalize resolveHome output --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat: add uninstall command for skills Implements `clawhub uninstall <slug>` to properly remove installed skills. Changes: - Added cmdUninstall function in skills.ts - Validates skill is installed before removal - Removes skill directory and lockfile entry - Supports --yes flag to skip confirmation prompt - Added comprehensive test coverage Closes openclaw#221 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: require --yes in non-interactive mode and update lockfile before rm Address review feedback: - Fail with "Pass --yes (no input)" when running non-interactively without --yes flag, matching delete/star/unstar/moderation commands - Update lockfile before removing directory to avoid inconsistent state if rm succeeds but writeLockfile fails Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden skill uninstall flow (openclaw#241) (thanks @superlowburn) * docs: document uninstall CLI command (openclaw#241) (thanks @superlowburn) * test: fix cmdUninstall mock typing (openclaw#241) (thanks @superlowburn) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
Collaborator
Collaborator
|
Thanks Kevin, sorry that it took a bit! It was a ... busy month. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
summary
motivation
what's included
what's not included
tests
bun run testbun run lintaffected files
src/components/SkillDetailPage.tsxsrc/components/SkillFilesPanel.tsxsrc/components/SkillDetailTabs.tsxsrc/components/SkillCommentsPanel.tsxsrc/components/skillDetailUtils.tssrc/styles.cssprompt