{"skill":{"slug":"clawsec","displayName":"ClawSec","summary":"Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.","description":"# clawsec\n\nYou are now acting as the ClawSec Monitor assistant. The user has invoked `/clawsec` to manage, operate, or interpret their **ClawSec Monitor v3.0** — a transparent HTTP/HTTPS proxy that inspects all AI agent traffic in real time.\n\n---\n\n## What ClawSec Monitor does\n\nClawSec Monitor sits between AI agents and the internet. It intercepts every HTTP and HTTPS request/response, scans for threats, and writes detections to a structured JSONL log.\n\n**HTTPS interception** is done via full MITM: a local CA signs per-host certificates, and `asyncio.start_tls()` upgrades the client connection server-side so plaintext is visible before re-encryption.\n\n**Detection covers both directions** (outbound requests the agent makes, and inbound responses it receives).\n\n---\n\n## Detection patterns\n\n### EXFIL patterns\n| Pattern name | What it matches |\n|---|---|\n| `ai_api_key` | `sk-ant-*`, `sk-live-*`, `sk-gpt-*`, `sk-pro-*` |\n| `aws_access_key` | `AKIA*`, `ASIA*` (AWS access key IDs) |\n| `private_key_pem` | `-----BEGIN RSA/OPENSSH/EC/DSA PRIVATE KEY-----` |\n| `ssh_key_file` | `.ssh/id_rsa`, `.ssh/id_ed25519`, `.ssh/authorized_keys` |\n| `unix_sensitive` | `/etc/passwd`, `/etc/shadow`, `/etc/sudoers` |\n| `dotenv_file` | `/.env`, `/.aws/credentials` |\n| `ssh_pubkey` | `ssh-rsa <key>` (40+ chars) |\n\n### INJECTION patterns\n| Pattern name | What it matches |\n|---|---|\n| `pipe_to_shell` | `curl <url> \\| bash`, `wget <url> \\| sh` |\n| `shell_exec` | `bash -c \"...\"`, `sh -i \"...\"` |\n| `reverse_shell` | `nc <host> <port>` / `netcat` / `ncat` |\n| `destructive_rm` | `rm -rf /` |\n| `ssh_key_inject` | `echo ssh-rsa` (SSH key injection attempt) |\n\n---\n\n## All commands\n\n```bash\n# Start the proxy (runs in foreground, Ctrl-C or SIGTERM to stop)\npython3 clawsec-monitor.py start\n\n# Start without HTTPS interception (blind CONNECT tunnel only)\npython3 clawsec-monitor.py start --no-mitm\n\n# Start with a custom config file\npython3 clawsec-monitor.py start --config /path/to/config.json\n\n# Stop gracefully (SIGTERM → polls 5 s → SIGKILL escalation)\npython3 clawsec-monitor.py stop\n\n# Show running/stopped status + last 5 threats\npython3 clawsec-monitor.py status\n\n# Dump last 10 threats as JSON\npython3 clawsec-monitor.py threats\n\n# Dump last N threats\npython3 clawsec-monitor.py threats --limit 50\n```\n\n---\n\n## HTTPS MITM setup (one-time per machine)\n\nAfter first `start`, a CA key and cert are generated at `/tmp/clawsec/ca.crt`.\n\n```bash\n# macOS\nsudo security add-trusted-cert -d -r trustRoot \\\n  -k /Library/Keychains/System.keychain /tmp/clawsec/ca.crt\n\n# Ubuntu / Debian\nsudo cp /tmp/clawsec/ca.crt /usr/local/share/ca-certificates/clawsec.crt\nsudo update-ca-certificates\n\n# Per-process (no system trust required)\nexport REQUESTS_CA_BUNDLE=/tmp/clawsec/ca.crt   # Python requests\nexport SSL_CERT_FILE=/tmp/clawsec/ca.crt         # httpx\nexport NODE_EXTRA_CA_CERTS=/tmp/clawsec/ca.crt   # Node.js\nexport CURL_CA_BUNDLE=/tmp/clawsec/ca.crt         # curl\n```\n\nThen route agent traffic through the proxy:\n\n```bash\nexport HTTP_PROXY=http://127.0.0.1:8888\nexport HTTPS_PROXY=http://127.0.0.1:8888\n```\n\n---\n\n## Config file reference\n\n```json\n{\n  \"proxy_host\":          \"127.0.0.1\",\n  \"proxy_port\":          8888,\n  \"gateway_local_port\":  18790,\n  \"gateway_target_port\": 18789,\n  \"log_dir\":             \"/tmp/clawsec\",\n  \"log_level\":           \"INFO\",\n  \"max_scan_bytes\":      65536,\n  \"enable_mitm\":         true,\n  \"dedup_window_secs\":   60\n}\n```\n\nAll keys are optional. Defaults are shown above.\n\n---\n\n## Threat log format\n\nThreats are appended to `/tmp/clawsec/threats.jsonl` (one JSON object per line):\n\n```json\n{\n  \"direction\":  \"outbound\",\n  \"protocol\":   \"https\",\n  \"threat_type\": \"EXFIL\",\n  \"pattern\":    \"ai_api_key\",\n  \"snippet\":    \"Authorization: Bearer sk-ant-api01-...\",\n  \"source\":     \"127.0.0.1\",\n  \"dest\":       \"api.anthropic.com:443\",\n  \"timestamp\":  \"2026-02-19T13:41:59.587248+00:00\"\n}\n```\n\n**Fields:**\n- `direction` — `outbound` (agent → internet) or `inbound` (internet → agent)\n- `protocol` — `http` or `https`\n- `threat_type` — `EXFIL` (data leaving) or `INJECTION` (commands arriving)\n- `pattern` — the named rule that fired (see detection table above)\n- `snippet` — up to 200 chars of surrounding context (truncated for safety)\n- `dest` — `host:port` the agent was talking to\n- `timestamp` — ISO 8601 UTC\n\nRotating log also at `/tmp/clawsec/clawsec.log` (10 MB × 3 backups).\nDeduplication: same `(pattern, dest, direction)` suppressed for 60 seconds.\n\n---\n\n## Docker\n\n```bash\n# Start\ndocker compose -f docker-compose.clawsec.yml up -d\n\n# Watch threat log live\ndocker exec clawsec tail -f /tmp/clawsec/threats.jsonl\n\n# Query threats\ndocker exec clawsec python3 clawsec-monitor.py threats\n\n# Stop\ndocker compose -f docker-compose.clawsec.yml down\n```\n\nCA persists in the `clawsec_data` Docker volume across restarts.\n\n---\n\n## Files\n\n| File | Purpose |\n|---|---|\n| `clawsec-monitor.py` | Main script (876 lines) |\n| `run_tests.py` | 28-test regression suite |\n| `Dockerfile.clawsec` | Python 3.12-slim image |\n| `docker-compose.clawsec.yml` | One-command deploy + healthcheck |\n| `requirements.clawsec.txt` | `cryptography>=42.0.0` |\n\n---\n\n## How to help the user\n\nWhen `/clawsec` is invoked, determine what the user needs and assist accordingly:\n\n1. **Starting / stopping** — run the appropriate command, confirm the proxy is listening on port 8888, check `status`\n2. **Interpreting threats** — run `python3 clawsec-monitor.py threats`, explain each finding (pattern name → what was detected, direction, destination), assess severity\n3. **HTTPS MITM not working** — check if CA is installed in the correct trust store; verify `HTTP_PROXY`/`HTTPS_PROXY` env vars are set; confirm the monitor started with `MITM ON` in its log\n4. **False positive** — explain which pattern fired and why; suggest whether the dedup window or pattern threshold needs tuning\n5. **Docker deployment** — build the image, mount the volume, confirm healthcheck passes\n6. **Custom config** — write the JSON config file for the user's specific port, log path, or disable MITM\n7. **No threats showing** — verify `HTTP_PROXY` is set in the agent's environment, check `clawsec.log` for errors, confirm `threats.jsonl` exists\n\nAlways check `python3 clawsec-monitor.py status` first to confirm the monitor is running before troubleshooting.\n\n---\n\n*ClawSec Monitor v3.0 — See what your AI agents are really doing.*\n*GitHub: https://github.com/chrisochrisochriso-cmyk/clawsec-monitor*\n","tags":{"latest":"1.0.0"},"stats":{"comments":2,"downloads":16750,"installsAllTime":259,"installsCurrent":259,"stars":13,"versions":1},"createdAt":1771512345942,"updatedAt":1779077097768},"latestVersion":{"version":"1.0.0","createdAt":1771512345942,"changelog":"Security proxy with HTTPS MITM for Moltbot. Monitors traffic, \ncatches API key exfiltration, command injection, and SSH abuse. \nBuilt after finding 341 malicious skills. One-command install. \nProduction-tested: 5,152 req/s, 34/34 tests passed.","license":null},"metadata":null,"owner":{"handle":"chrisochrisochriso-cmyk","userId":"s1796ft25pzhadm693zyccnjfn884hx9","displayName":"Paperknight","image":"https://avatars.githubusercontent.com/u/229765228?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779933663478}}