Cyber Security Engineer

v0.1.9

Security engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...

⭐ 0· 1.6k·11 current·11 all-time

by@fletcherfrimpong·fork of @fletcherfrimpong/fletcher-cyber-security-engineer (0.1.1)

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fletcherfrimpong/cyber-security-engineer.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Cyber Security Engineer" (fletcherfrimpong/cyber-security-engineer) from ClawHub.
Skill page: https://clawhub.ai/fletcherfrimpong/cyber-security-engineer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cyber-security-engineer

ClawHub CLI

Package manager switcher

npx clawhub@latest install cyber-security-engineer

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the included files: port/egress monitors, command policy, guarded privileged exec, assessment/dashboard generators, and a runtime hook installer. Required tools (python3, lsof/ss/netstat, optionally npm/openclaw CLI) are consistent with the declared purpose.

ℹ

Instruction Scope

SKILL.md instructs the agent to run local inspection and enforcement scripts and to optionally install a sudo shim under the user's home. The instructions reference only the declared policy files and ~/.openclaw state; they do collect local process/port/connection info (lsof/ss/netstat outputs, PIDs, commands) and write results to ~/.openclaw and the skill's assessments directory — expected for this purpose but privacy-sensitive. Review the notify_on_violation behavior before enabling notifications.

✓

Install Mechanism

There is no remote download/install spec in the registry entry; the skill is instruction-only with bundled scripts. The provided installer modifies only the user's home (~/.openclaw) and (optionally) the OpenClaw gateway LaunchAgent on macOS. That is proportionate, but the LaunchAgent change is sensitive and is opt-in per the doc.

✓

Credentials

No required secrets or unrelated environment variables are requested. The documented OPENCLAW_* variables are configuration toggles for the shim/monitoring behavior (approval token, session id, notifier path, etc.) and are reasonable for the stated feature set. Nothing asks for cloud/OS credentials outside the user's control.

ℹ

Persistence & Privilege

The skill does install an opt-in sudo shim into ~/.openclaw/bin and can modify the gateway LaunchAgent (macOS) when enabled; this grants the skill persistent interception of sudo within the gateway process's PATH but only if the user opts in (ENFORCE_PRIVILEGED_EXEC=1). always:true is not set. Treat the runtime hook as a privileged control that should be enabled only after inspection and testing.

Assessment

This package appears to implement what it advertises (least‑privilege wrappers, port/egress monitoring, and compliance reporting). Before installing or enabling the sudo runtime hook: 1) Audit the installer script (scripts/install-openclaw-runtime-hook.sh) and the sudo shim (scripts/guarded_privileged_exec.py and scripts/root_session_guard.py) to confirm they only modify ~/.openclaw and the OpenClaw gateway LaunchAgent as documented; 2) Inspect notify_on_violation.py to verify it does not send data to remote endpoints you don't expect (the skill allows configuring an external notifier path); 3) Restrict and review policy files (~/.openclaw/security/*.json) and set tight filesystem permissions so audit/assessment outputs are not world-readable; 4) Test in a non-production environment first (the auto-cycle will run lsof/ss/netstat and record PIDs/commands and connection targets to assessment files); and 5) If you do enable the shim, ensure you understand recovery steps (how to remove ~/.openclaw/bin/sudo and revert LaunchAgent changes) so you can restore the original sudo behavior if needed.

Like a lobster shell, security has layers — review code before you run it.

compliancevk977mxt16g3eq3q085a0e3879s83pdhtiso27001vk977mxt16g3eq3q085a0e3879s83pdhtlatestvk977mxt16g3eq3q085a0e3879s83pdhtnistvk977mxt16g3eq3q085a0e3879s83pdhtsecurityvk977mxt16g3eq3q085a0e3879s83pdht

1.6kdownloads

0stars

9versions

Updated 15h ago

v0.1.9

MIT-0

Cyber Security Engineer

Requirements

Required tools:

python3 (>= 3.8)
openclaw CLI (installed via npm during bootstrap, or pre-installed)
npm (only needed for bootstrap if openclaw is not already installed)
One of lsof, ss, or netstat for port/egress checks
stat, readlink (standard on macOS/Linux, used by the runtime hook installer)

Env vars (all optional, documented for configuration):

OPENCLAW_REQUIRE_POLICY_FILES — set to 1 to block privileged execution when policy files are missing
OPENCLAW_REQUIRE_SESSION_ID — set to 1 to require a task session id for each privileged action
OPENCLAW_TASK_SESSION_ID — per-task session id (used when OPENCLAW_REQUIRE_SESSION_ID=1)
OPENCLAW_APPROVAL_TOKEN — if set, requires this token during the approval step
OPENCLAW_UNTRUSTED_SOURCE — set to 1 to flag the current content source as untrusted
OPENCLAW_VIOLATION_NOTIFY_CMD — absolute path to a notifier binary (must also be allowlisted)
OPENCLAW_VIOLATION_NOTIFY_ALLOWLIST — JSON array of allowed argv arrays, or comma-separated absolute paths
OPENCLAW_REAL_SUDO — override path to the real sudo binary (used by the runtime hook shim)
OPENCLAW_PYTHON3 — override path to python3 (used by the runtime hook shim)
OPENCLAW_CYBER_SKILL_DIR — override path to the skill directory (used by the runtime hook shim)
OPENCLAW_ALLOW_NONINTERACTIVE_SUDO — set to 1 to allow non-interactive sudo through the shim (default: blocked)
OPENCLAW_PRIV_REASON — human-readable reason passed to the guarded execution wrapper
OPENCLAW_VIOLATION_NOTIFY_STATE — override path to the notification state file
OPENCLAW_SKIP_PLIST_CONFIRM — set to 1 to skip the interactive confirmation before modifying the macOS LaunchAgent plist

Policy files (admin reviewed):

~/.openclaw/security/approved_ports.json
~/.openclaw/security/command-policy.json
~/.openclaw/security/egress_allowlist.json
~/.openclaw/security/prompt-policy.json

Implement these controls in every security-sensitive task:

Keep default execution in normal (non-root) mode.
Request explicit user approval before any elevated command.
Scope elevation to the minimum command set required for the active task.
Drop elevated state immediately after the privileged command completes.
Expire elevated state after 30 idle minutes and require re-approval.
Monitor listening network ports and flag insecure or unapproved exposure.
Monitor outbound connections and flag destinations not in the egress allowlist.
If no approved baseline exists, generate one with python3 scripts/generate_approved_ports.py, then review and prune.
Benchmark controls against ISO 27001 and NIST and report violations with mitigations.

Runtime Hook (sudo shim)

The script scripts/install-openclaw-runtime-hook.sh installs an opt-in sudo shim at ~/.openclaw/bin/sudo. This shim shadows the system sudo binary by prepending ~/.openclaw/bin to PATH in the OpenClaw gateway process.

What it does:

Intercepts sudo invocations and routes them through guarded_privileged_exec.py
Requires explicit interactive user approval before running any privileged command
Enforces command policy allow/deny rules, audit logging, and a 30-minute idle timeout
Blocks non-interactive sudo by default (prevents automated abuse)
Passes through harmless flags (-h, --version, -k, -l) directly to real sudo

What it does NOT do:

It does not replace or modify the system sudo binary
It does not grant itself any elevated permissions
It only affects processes whose PATH includes ~/.openclaw/bin before /usr/bin

Opt-in: The hook is not installed by default. To enable it, run bootstrap with ENFORCE_PRIVILEGED_EXEC=1. On macOS, the installer will prompt for confirmation before modifying the gateway LaunchAgent plist. The shim can be removed at any time by deleting ~/.openclaw/bin/sudo.

File Writes

This skill writes only to ~/.openclaw/ and the assessments/ directory inside the skill folder. No files are written outside these two trees.

Under ~/.openclaw/ (user config/state):

~/.openclaw/security/approved_ports.json — generated port baseline (by generate_approved_ports.py)
~/.openclaw/security/root-session-state.json — elevated session state (by root_session_guard.py)
~/.openclaw/security/privileged-audit.jsonl — append-only audit log (by audit_logger.py)
~/.openclaw/security/violation-notify-state.json — notification diff state (by notify_on_violation.py)
~/.openclaw/bin/sudo — opt-in sudo shim (by install-openclaw-runtime-hook.sh, see Runtime Hook section)
~/.openclaw/logs/cyber-security-engineer-auto.log — auto-cycle run log (by auto_invoke_cycle.sh)

Under assessments/ (inside skill directory):

assessments/openclaw-assessment.json — compliance check results
assessments/compliance-summary.json — structured summary for tools/integrations
assessments/compliance-dashboard.html — human-readable report page
assessments/port-monitor-latest.json — latest open-port scan output
assessments/egress-monitor-latest.json — latest outbound connection scan output

Temporary files:

A short-lived temp file via tempfile.NamedTemporaryFile (by generate_approved_ports.py) — auto-cleaned

No files are written to /usr/, /etc/, or any system directory.

Non-Goals (Web Browsing)

Do not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill.

Files To Use

references/least-privilege-policy.md
references/port-monitoring-policy.md
references/compliance-controls-map.json
references/approved_ports.template.json
references/command-policy.template.json
references/prompt-policy.template.json
references/egress-allowlist.template.json
scripts/preflight_check.py
scripts/root_session_guard.py
scripts/audit_logger.py
scripts/command_policy.py
scripts/prompt_policy.py
scripts/guarded_privileged_exec.py
scripts/install-openclaw-runtime-hook.sh
scripts/port_monitor.py
scripts/generate_approved_ports.py
scripts/egress_monitor.py
scripts/notify_on_violation.py
scripts/compliance_dashboard.py
scripts/live_assessment.py

Behavior

Never keep root/elevated access open between unrelated tasks.
Never execute root commands without an explicit approval step in the current flow.
Enforce command allow/deny policy when configured.
Require confirmation when untrusted content sources are detected (OPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).
Enforce task session id scoping when configured (OPENCLAW_REQUIRE_SESSION_ID=1).
If timeout is exceeded, force session expiration and approval renewal.
Log privileged actions to ~/.openclaw/security/privileged-audit.jsonl (best-effort).
Flag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.
Flag outbound destinations not present in the egress allowlist.

Output Contract

When reporting status, include:

The specific check_id(s) affected, status, risk, and concise evidence.
Concrete mitigations (what to change, where) and any owners/due dates if present.
For network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public).

Comments

Loading comments...