fix(clawsec-scanner): release 0.0.2 with real OpenClaw DAST harness

[davida-ps]

User description

Summary

This PR ships clawsec-scanner version 0.0.2 with a real OpenClaw-focused DAST harness and updates the wiki to document the scanner module.

What Changed

• Replaced simulated DAST checks with real hook execution harness flow in skills/clawsec-scanner/scripts/dast_runner.mjs.
• Added isolated hook executor skills/clawsec-scanner/scripts/dast_hook_executor.mjs for per-hook runtime execution.
• Updated DAST finding semantics:
  • High severity now requires real execution failures/timeouts.
  • Harness capability limits (for example missing TS compiler for .ts hooks) are emitted as info coverage findings.
• Added recursion guard in scanner hook (CLAWSEC_DAST_HARNESS / dastMode) to prevent self-trigger loops.
• Added new DAST tests in skills/clawsec-scanner/test/dast_harness.test.mjs.
• Bumped scanner docs/metadata/changelog to 0.0.2:
  • skills/clawsec-scanner/skill.json
  • skills/clawsec-scanner/SKILL.md
  • skills/clawsec-scanner/CHANGELOG.md
  • skills/clawsec-scanner/hooks/clawsec-scanner-hook/HOOK.md
• Added wiki docs for scanner module:
  • wiki/modules/clawsec-scanner.md
  • updated wiki/INDEX.md and wiki/GENERATION.md

Validation

Executed and passed:

• node skills/clawsec-scanner/test/dast_harness.test.mjs
• node skills/clawsec-scanner/test/reviewer_regressions.test.mjs
• node skills/clawsec-scanner/test/dependency_scanner.test.mjs
• node skills/clawsec-scanner/test/sast_engine.test.mjs
• node skills/clawsec-scanner/test/cve_integration.test.mjs
• npx eslint skills/clawsec-scanner/scripts/dast_runner.mjs skills/clawsec-scanner/scripts/dast_hook_executor.mjs skills/clawsec-scanner/test/dast_harness.test.mjs --max-warnings 0
• npx tsc --noEmit
• npm run gen:wiki-llms

Security/Behavioral Notes

• DAST is now agent-specific and runtime-backed for OpenClaw hook handlers.
• Default scanner behavior no longer reports misleading high findings from static malicious-pattern matching alone.

---

Generated description

Below is a concise technical summary of the changes proposed in this PR:
Enable the OpenClaw-focused DAST flow by having dast_runner.mjs discover hooks, spawn dast_hook_executor.mjs for isolated handler invocations, guard the periodic scanner hook from recursive scans, and surface runtime behavior through the new harness tests and setup wiring. Describe the 0.0.2 release via metadata, release automation, and wiki updates so the new runtime-backed DAST behavior, installer guidance, and module documentation are discoverable.

Topic	Details
Release & Docs	Document and publish release-level context for the 0.0.2 scanner rollout by updating installer guidance in .github/workflows/skill-release.yml, README, and skill metadata, and by expanding wiki/skill docs (skill.json, SKILL.md, module page, index, generation) so the operator-facing story about the runtime-backed DAST harness and catalog installs is complete. Modified files (7) .github/workflows/skill-release.yml README.md skills/clawsec-scanner/SKILL.md skills/clawsec-scanner/skill.json wiki/GENERATION.md wiki/INDEX.md wiki/modules/clawsec-scanner.md Latest Contributors(2) User Commit Date david.a@prompt.security fix-release-enforce-ch... March 09, 2026 aldo@osstek.com fix-portability-harden... February 25, 2026
Other	Other files Modified files (1) skills/clawsec-scanner/hooks/clawsec-scanner-hook/HOOK.md Latest Contributors(1) User Commit Date david.a@prompt.security Automated-Vulnerabilit... March 09, 2026
DAST Harness	Drive the agent-focused DAST flow by expanding dast_runner.mjs into a hook-discovery/orchestration engine, adding dast_hook_executor.mjs for isolated handler execution (including TypeScript support), guarding the scanner hook against recursive CLAWSEC_DAST_HARNESS invocations, wiring the new executor into the setup script, and exercising runtime failure/coverage behavior through dast_harness.test.mjs while reporting the harness semantics in the changelog. Modified files (6) skills/clawsec-scanner/CHANGELOG.md skills/clawsec-scanner/hooks/clawsec-scanner-hook/handler.ts skills/clawsec-scanner/scripts/dast_hook_executor.mjs skills/clawsec-scanner/scripts/dast_runner.mjs skills/clawsec-scanner/scripts/setup_scanner_hook.mjs skills/clawsec-scanner/test/dast_harness.test.mjs Latest Contributors(1) User Commit Date david.a@prompt.security fix-release-enforce-ch... March 09, 2026

This pull request is reviewed by Baz. Review like a pro on (Baz).

[baz-reviewer]

Defines a fileExists helper that is already duplicated in scripts/dast_runner.mjs (and the other CLI scripts); each fix for path checking or error handling will need to be copied everywhere, so can we reuse a shared helper (e.g. move to lib/utils.mjs or re‑export the runner helper) instead of re‑defining this identical logic?

_{Finding type: Code Dedup and Conventions | Severity: 🟢 Low}

---

Want Baz to fix this for you? Activate Fixer

Heads up!

Your free trial ends in 2 days.
To keep getting your PRs reviewed by Baz, update your team's subscription