ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cyber Security Engineer

Security engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.1k · 8 current installs · 8 all-time installs
by@FletcherFrimpong
fork of @FletcherFrimpong/fletcher-cyber-security-engineer (based on 0.1.1)
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the delivered artifacts: guarded_privileged_exec.py, root_session_guard.py, port_monitor.py, egress_monitor.py, audit_logger.py, compliance dashboard scripts and policy templates all implement privilege governance, port/egress checks, and compliance reporting. Files referenced in SKILL.md (policy paths under ~/.openclaw/security) align with the skill's goals.
Instruction Scope
SKILL.md stays on-topic: it instructs the agent to operate against local OpenClaw state and bundled reference files and to avoid web browsing. It explicitly reads/writes policy files under ~/.openclaw/security and logs to ~/.openclaw/security/privileged-audit.jsonl. That file access is expected for this purpose, but the runtime guidance also recommends running install-openclaw-runtime-hook.sh and other scripts — those modify runtime behavior and should be reviewed before execution to confirm they only change intended agent hooks.
Install Mechanism
There is no automated install spec in the registry (instruction-only), which minimizes automatic risk. However, the bundle includes an install-openclaw-runtime-hook.sh script and an auto-invoke cycle (auto_invoke_cycle.sh) that, if executed, will write files and hooks to the user's home directory and may change runtime behavior. No external downloads or remote URLs are present in the provided files.
Credentials
The skill documents several OPENCLAW_* environment variables (approval token, session ID, untrusted source flag, notification command/allowlist) that are reasonable for an approval/notification system and not excessive. Minor inconsistency: the registry metadata lists no required env vars while SKILL.md documents optional envs. Be cautious with OPENCLAW_VIOLATION_NOTIFY_CMD (or similar notification hooks) since an administrator-provided command could be used to send data externally if misconfigured — validate the notify script and the admin-set command before enabling.
Persistence & Privilege
The skill does not request 'always: true' and does not declare automatic autonomous privileges; however, the included install script can install a runtime hook (runtime_privilege_hook) that would change how privileged commands are handled on the host. Installing such hooks is within the stated purpose but is a persistency/privilege-impacting action that should be manually reviewed and applied by an administrator (ideally in a controlled environment) rather than blindly executed.
Assessment
This skill appears to do what it says: privilege guards, port/egress monitors, and compliance reporting. Before installing or running anything: 1) Inspect install-openclaw-runtime-hook.sh and guarded_privileged_exec.py to confirm they only modify the intended OpenClaw hooks and do not alter unrelated system settings; 2) Review notify_on_violation.py and any configured OPENCLAW_VIOLATION_NOTIFY_CMD to ensure notification commands cannot leak sensitive audit data to external endpoints; 3) Populate and review the policy files under ~/.openclaw/security (approved_ports.json, command-policy.json, egress_allowlist.json, prompt-policy.json) before enabling automated cycles; 4) Run scripts in a sandbox or non-production host first, and avoid running install scripts as root until their behavior is validated; 5) If you expect the skill to run autonomously, enforce operational controls (restrict who can set the notify command and approval tokens, and audit changes to the ~/.openclaw directory).

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.5
Download zip
compliancevk974a6ssvmsjnfv5w0d2sc9e8n82b7qjiso27001vk974a6ssvmsjnfv5w0d2sc9e8n82b7qjlatestvk974a6ssvmsjnfv5w0d2sc9e8n82b7qjnistvk974a6ssvmsjnfv5w0d2sc9e8n82b7qjsecurityvk974a6ssvmsjnfv5w0d2sc9e8n82b7qj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Cyber Security Engineer

Requirements

Env vars (optional, but documented):

  • OPENCLAW_REQUIRE_POLICY_FILES
  • OPENCLAW_REQUIRE_SESSION_ID
  • OPENCLAW_TASK_SESSION_ID
  • OPENCLAW_APPROVAL_TOKEN
  • OPENCLAW_UNTRUSTED_SOURCE
  • OPENCLAW_VIOLATION_NOTIFY_CMD
  • OPENCLAW_VIOLATION_NOTIFY_ALLOWLIST

Tools: python3 and one of lsof, ss, or netstat for port/egress checks.

Policy files (admin reviewed):

  • ~/.openclaw/security/approved_ports.json
  • ~/.openclaw/security/command-policy.json
  • ~/.openclaw/security/egress_allowlist.json
  • ~/.openclaw/security/prompt-policy.json

Implement these controls in every security-sensitive task:

  1. Keep default execution in normal (non-root) mode.
  2. Request explicit user approval before any elevated command.
  3. Scope elevation to the minimum command set required for the active task.
  4. Drop elevated state immediately after the privileged command completes.
  5. Expire elevated state after 30 idle minutes and require re-approval.
  6. Monitor listening network ports and flag insecure or unapproved exposure.
  7. Monitor outbound connections and flag destinations not in the egress allowlist.
  8. If no approved baseline exists, generate one with python3 scripts/generate_approved_ports.py, then review and prune.
  9. Benchmark controls against ISO 27001 and NIST and report violations with mitigations.

Non-Goals (Web Browsing)

  • Do not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill.

Files To Use

  • references/least-privilege-policy.md
  • references/port-monitoring-policy.md
  • references/compliance-controls-map.json
  • references/approved_ports.template.json
  • references/command-policy.template.json
  • references/prompt-policy.template.json
  • references/egress-allowlist.template.json
  • scripts/preflight_check.py
  • scripts/root_session_guard.py
  • scripts/audit_logger.py
  • scripts/command_policy.py
  • scripts/prompt_policy.py
  • scripts/guarded_privileged_exec.py
  • scripts/install-openclaw-runtime-hook.sh
  • scripts/port_monitor.py
  • scripts/generate_approved_ports.py
  • scripts/egress_monitor.py
  • scripts/notify_on_violation.py
  • scripts/compliance_dashboard.py
  • scripts/live_assessment.py

Behavior

  • Never keep root/elevated access open between unrelated tasks.
  • Never execute root commands without an explicit approval step in the current flow.
  • Enforce command allow/deny policy when configured.
  • Require confirmation when untrusted content sources are detected (OPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).
  • Enforce task session id scoping when configured (OPENCLAW_REQUIRE_SESSION_ID=1).
  • If timeout is exceeded, force session expiration and approval renewal.
  • Log privileged actions to ~/.openclaw/security/privileged-audit.jsonl (best-effort).
  • Flag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.
  • Flag outbound destinations not present in the egress allowlist.

Output Contract

When reporting status, include:

  • The specific check_id(s) affected, status, risk, and concise evidence.
  • Concrete mitigations (what to change, where) and any owners/due dates if present.
  • For network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public).

Files

26 total
Select a file
Select a file to preview.

Comments

Loading comments…