chore(sync): mirror docs from openclaw/openclaw@6717f8b334

This commit is contained in:
openclaw-docs-sync[bot] 2026-04-29 22:04:59 +00:00
parent 58fa753aad
commit b2eb5bbd78
2 changed files with 8 additions and 3 deletions

View File

@ -1,5 +1,5 @@
{
"repository": "openclaw/openclaw",
"sha": "a31b55a8d8bbaa130b67a8160a94d99b93274eda",
"syncedAt": "2026-04-29T22:02:48.971Z"
"sha": "6717f8b334fe5a08c7506950c5c1fb5d4c678f67",
"syncedAt": "2026-04-29T22:03:22.414Z"
}

View File

@ -272,7 +272,12 @@ The mcp-process-tool-boundary job scans MCP servers, process execution helpers,
outbound delivery, and agent tool-execution gates under the
`/codeql-critical-security/mcp-process-tool-boundary` category so command and
tool boundary signal stays separate from both the auth/secrets baseline and
the non-security MCP/process quality shard.
the non-security MCP/process quality shard. The plugin-trust-boundary job scans
plugin install, loader, manifest, registry, runtime-dependency staging,
source-loading, public-surface, and Plugin SDK package contract trust surfaces
under the `/codeql-critical-security/plugin-trust-boundary` category so plugin
supply-chain and runtime-loading signal stays separate from both bundled plugin
implementation code and the non-security plugin quality shard.
The `CodeQL Android Critical Security` workflow is the scheduled Android
security shard. It builds the Android app manually for CodeQL on the smallest