Skip to content

docs: v4.4.2 documentation hardening pass + scanner-verdict README badges#211

Open
msaleme wants to merge 1 commit into
mainfrom
docs/v4.4.2-content-hardening
Open

docs: v4.4.2 documentation hardening pass + scanner-verdict README badges#211
msaleme wants to merge 1 commit into
mainfrom
docs/v4.4.2-content-hardening

Conversation

@msaleme
Copy link
Copy Markdown
Owner

@msaleme msaleme commented May 2, 2026
edited by cursor Bot
Loading

Summary

  • v4.4.2 documentation hardening pass against VirusTotal Code Insight LLM scanner — reframes docs/ADVANCED.md GTG-1002 capability table for unambiguous defensive intent; anchors docs/TEST-INVENTORY.md CVE-2026-25253 references with NVD links
  • README badge update — removes obsolete SafeSkill badge; adds ClawScan / Static Analysis / VirusTotal scanner-verdict badges reflecting v4.4.2 ClawHub bundle state

Why now

Anthropic confirmed the MCP RCE is by-design on 2026-04-30. The harness's MCP-015/016/017/018 tests shipped April 12 (v4.2.0). The doc hardening pass + the dev.to longform When a protocol vendor declines to patch, the test harness becomes the spec compound on the three-power leverage: counter-positioning + branding + process power. Public CHANGELOG entry on main anchors the timestamp claim.

Test plan

  • No code changes; test count unchanged at 470 across 32 modules (scripts/count_tests.py source of truth)
  • No CHANGELOG version drift — pyproject.toml remains v4.4.0; ClawHub skill bundle is independently versioned at v4.4.2
  • ClawScan verdict on the v4.4.2 bundle: Benign (verified 2026-05-01)

🤖 Generated with Claude Code

Note

Low Risk
Documentation-only changes that reword security content and add references; no code, behavior, or test coverage changes.

Overview
Adds a 4.4.2 changelog entry describing a documentation hardening release with no code or test changes.

Reframes docs/ADVANCED.md GTG-1002 capability content to explicitly describe defensive probes (new framing paragraph + reading guide, and table headers/cells rewritten in defensive voice). Updates docs/TEST-INVENTORY.md to link both CVE-2026-25253 mentions directly to the NVD entry.

Reviewed by Cursor Bugbot for commit 17c5126. Bugbot is set up for automated code reviews on this repo. Configure here.

@claude
docs: v4.4.2 documentation hardening pass against VT Code Insight
17c5126 
Reframed GTG-1002 capability table in docs/ADVANCED.md for unambiguous
defensive intent: column headers from "Real GTG-1002 Activity" / "What
We Test" to "Adversary behavior we probe for" / "Detection probes the
harness sends"; cell content reworded from active to defensive voice.
Added top-of-section defensive framing paragraph and reading guide
above the table.

Anchored both CVE-2026-25253 references in docs/TEST-INVENTORY.md
with inline NVD links.

No code changes; no test changes; test count unchanged at 470 across
32 modules. ClawHub bundle republished as v4.4.2; pyproject.toml
remains v4.4.0 until next code-change release.

Counterpart memory entry: playbook_security_skill_scanner_hardening.md
Pattern 5 (bundled-docs adversary-vs-defender table reframing).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@msaleme