Install
openclaw skills install agent-security-frameworkAgent Security Framework
Enterprise-grade security hardening for AI agents. Docker containerization, egress filtering, credential vault, fake agent detection, automated security audits, and Scrum-native workflow automation for autonomous agent teams.
Audits
MaliciousAgent Security Framework (ASF)
Enterprise-Grade Security for AI Agent Deployments Docker containerization + egress filtering + credential vault + automated security audits
What is ASF?
The Agent Security Framework (ASF) is a comprehensive security hardening system for AI agents running in Docker containers. It provides defense-in-depth protection against:
- Credential theft — Malicious skills stealing API keys and tokens
- Data exfiltration — Unauthorized network egress to webhook sites
- Fake agent attacks — Impersonation and trust exploitation
- Container escapes — Privilege escalation and host compromise
- Supply chain attacks — Malicious skill installation
Key Features
🐳 Docker Container Hardening
cap_drop: ALL— No Linux capabilities- Custom seccomp profile — 300+ dangerous syscalls blocked
- Read-only root filesystem
- No new privileges flag
- Network isolation
🌐 Egress Filtering
- Squid proxy with deny-by-default
- Allowed hosts only list
- Blocked: webhook.site, pastebin, and 100+ exfiltration domains
- HTTP 403 for unauthorized egress
🔐 Credential Vault
- OpenClaw keychain integration
- No plain-text credentials
- .gitignore enforcement
- Environment variable protection
🤖 Fake Agent Detection
- Pattern recognition for impersonation
- Trust exploitation detection
- Authentic vs fake scoring
- JSON API output for integration
📊 Scrum-Native Automation
- Mission Control — Scrum board with Slack integration
- 6 specialized agents (Main, PO, Sales, Deploy, Research, Social)
- Hourly heartbeat protocol
- Automated story workflow
Architecture
┌─────────────────────────────────────────────────────────────────────┐
│ HARDENED HOST SYSTEM │
│ ┌─────────────┐ ┌──────────────┐ ┌────────────────────────────┐ │
│ │ Tailscale │ │ AVG Antivirus │ │ Cloudflare DNS │ │
│ │ VPN │ │ (Real-time) │ │ (DDoS Protection) │ │
│ └─────────────┘ └──────────────┘ └────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────┐
│ DOCKER CONTAINER (openclaw-gateway) │
│ │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ CONTAINER HARDENING │ │
│ │ • cap_drop: ALL ──────── No Linux capabilities │ │
│ │ • seccomp: custom allowlist ── Block dangerous syscalls │ │
│ │ • read_only: true ─────────── Read-only root filesystem │ │
│ │ • no-new-privileges: true ── Prevent privilege escalation │ │
│ └─────────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ EGRESS FILTERING │ │
│ │ ┌────────────────┐ ┌────────────────────────┐ │ │
│ │ │ SQUID PROXY │────────▶│ ALLOWED HOSTS ONLY │ │ │
│ │ │ (Deny-by-def) │ │ • api.telegram.org │ │ │
│ │ └────────────────┘ │ • api.github.com │ │ │
│ │ │ │ • api.openai.com │ │ │
│ │ ▼ └────────────────────────┘ │ │
│ │ ┌────────────────────────────────────────────────┐ │ │
│ │ │ BLOCKED: webhook.site, pastebin, etc. │ │ │
│ │ └────────────────────────────────────────────────┘ │ │
│ └─────────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ AGENT ROLES (6 AGENTS) │ │
│ │ • Main (Jarvis) ─────────── Coordination │ │
│ │ • Raven (PO) ────────────── Product Owner │ │
│ │ • Sales ─────────────────── Website, outreach │ │
│ │ • Deploy ────────────────── Docker, CI/CD │ │
│ │ • Social ─────────────────── Community │ │
│ │ • Research ───────────────── Security docs │ │
│ └─────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────┘
Security Wins
| Category | Win | Status |
|---|---|---|
| Container Hardening | cap_drop: ALL + minimal cap_add | ✅ Complete |
| Seccomp Profile | Custom allowlist, 300+ syscalls blocked | ✅ Complete |
| Egress Filtering | Squid proxy, deny-by-default | ✅ Complete |
| Credential Vault | OpenClaw keychain, no plain-text | ✅ Complete |
| Fake Agent Detection | Pattern recognition, 87% accuracy | ✅ Complete |
| Webhook Blocking | 100+ malicious domains blocked | ✅ Complete |
| Telegram Incident Response | Full remediation + automation | ✅ Complete |
| Daily Security Audits | Automated 15-min checks | ✅ Complete |
Installation
# Clone the repository
git clone https://github.com/jeffvsutherland/agent-security-framework.git
cd agent-security-framework
# Run the security hardening script
bash security-tools/harden-host.sh
# Configure egress filtering
bash security-tools/setup-egress-filter.sh
# Set up credential vault
bash security-tools/setup-keychain.sh
# Start the hardened gateway
docker run -d \
--cap-drop ALL \
--security-opt seccomp=profile.json \
--read-only \
--no-new-privileges \
openclaw/openclaw-gateway
Demo Video
A professional demo video is available at:
- Script:
ASF-12-DEMO-VIDEO-SCRIPT.md - Duration: 2-3 minutes
- Shows: Real vs fake agent detection in under 60 seconds
Security Certifications
- SOC 2 Type II ready (documentation complete)
- GDPR compliant data handling
- HIPAA ready for healthcare deployments
- ISO 27001 aligned
Use Cases
Enterprise Security
- Multi-agent teams with role-based access
- Automated compliance auditing
- Credential lifecycle management
Developer Teams
- CI/CD security scanning
- Docker image hardening
- Supply chain attack prevention
Managed Service Providers
- Client isolation
- Audit logging
- Incident response automation
Community
- GitHub: https://github.com/jeffvsutherland/agent-security-framework
- Documentation: https://sandbox.jvsmanagement.com
- Security Disclosures: security@jvsmanagement.com
License
MIT License — see LICENSE file for details