This release keeps dependencies and maintenance posture current for teams operating this tool.
✓ No known CVEs patched in this version
Topics
+14 more
Affected surfaces
Summary
AI summaryMinor fixes and improvements.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Column renamed: Confidence → Severity in SKILL.md Security Scan Findings table. Column renamed: Confidence → Severity in SKILL.md Security Scan Findings table. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high |
— |
| Security | Medium |
ASI03 advisory tokens severity changed from High to Medium for v5.5.3 scan results. ASI03 advisory tokens severity changed from High to Medium for v5.5.3 scan results. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high |
— |
| Security | Medium |
ASI06 project context severity changed from High to Medium for v5.5.3 scan results. ASI06 project context severity changed from High to Medium for v5.5.3 scan results. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high |
— |
| Security | Medium |
New Low ASI03 advisory: .signing_key and active_grants.json are security-relevant local state; mitigate by keeping data/ private and restricting OS permissions on shared machines. New Low ASI03 advisory: .signing_key and active_grants.json are security-relevant local state; mitigate by keeping data/ private and restricting OS permissions on shared machines. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low |
— |
| Security | Medium |
New Low ASI06 advisory: justification fields and data/audit_log.jsonl store agent-provided free text locally; avoid including PII, secrets, or credentials; restrict data/ directory on shared machines. New Low ASI06 advisory: justification fields and data/audit_log.jsonl store agent-provided free text locally; avoid including PII, secrets, or credentials; restrict data/ directory on shared machines. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low |
— |
| Feature | Medium |
SECURITY.md updated to summarise v5.5.3 ClawHub scanner state (2 Medium, 2 Low findings). SECURITY.md updated to summarise v5.5.3 ClawHub scanner state (2 Medium, 2 Low findings). Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high |
— |
| Deprecation | Medium |
All four remaining ClawHub scan findings are acknowledged as by design with documented controls in SKILL.md. All four remaining ClawHub scan findings are acknowledged as by design with documented controls in SKILL.md. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low |
— |
Full changelog
What's changed
Documentation — ClawHub scan findings
Updated SKILL.md Security Scan Findings table to reflect the v5.5.3 ClawHub scan results:
- Column renamed:
Confidence→Severity(matches ClawHub UI terminology) - ASI03 advisory tokens: severity High → Medium
- ASI06 project context: severity High → Medium
- New — Low ASI03 local grant state: the
.signing_keyandactive_grants.jsonfiles introduced in v5.5.2 are security-relevant local state; mitigation: keepdata/private, restrict OS-level permissions on shared machines - New — Low ASI06 audit log free text:
justificationfields anddata/audit_log.jsonlstore agent-provided free text locally — do not include PII, secrets, or credentials; restrictdata/directory on shared machines
All four remaining findings are by design. The documented controls in SKILL.md are the mitigations — not an elimination of the patterns.
SECURITY.md ClawHub scanner entry updated to summarise the v5.5.3 scan state (2 Medium, 2 Low, all acknowledged).
Full changelog: https://github.com/Jovancoding/Network-AI/blob/main/CHANGELOG.md
Documentation-only release. No code changes.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Jovancoding/Network-AI
Multi-agent orchestration MCP server with race-condition-safe shared blackboard. 20+ MCP tools: blackboard read/write, agent spawn/stop, FSM transitions, budget tracking, token management, and audit log query. `npx network-ai-server --port 3001`.
Related context
Beta — feedback welcome: [email protected]