Your agent can watch dependency advisories

Watches the security advisory feeds every morning for new GHSA, OSV, and NVD entries that hit the dependencies you actually declare, ranks each by severity with the fixed version and your exposure, and emails a digest only when a new advisory lands. It reads your declared dependencies from a drive-managed manifest, with private lockfile access staying optional, and remembers every advisory it has already reported so the same one is never sent twice. Does nothing on a run where no new advisory touches your dependencies.

Engineering Security Dependencies

Watches GHSA, OSV, and NVD every morning for advisories hitting your dependencies
Reads your declared dependencies from a drive manifest, private lockfile optional
Ranks each advisory by severity with the fixed version and your exposure
Emails a digest only when a new advisory lands, never the same one twice

Compatibility

A drive-managed dependency manifest the agent can read. Private lockfile access is optional; without it the public manifest is the source of declared dependencies.

Install Clor

Run this in your terminal, not your agent.
Restart your agent

Your agent loads the Clor skill on a fresh start. Close and reopen it before the next step.
Create a claw

Paste this in your agent. It'll ask if it needs anything.
Read the CLAW.md

Updated 2 hours ago MIT