ClawSec
v1.0.0Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
⭐ 13· 13.2k·229 current·238 all-time
byPaperknight@chrisochrisochriso-cmyk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (ClawSec Monitor MITM proxy) match the runtime instructions (starting a local MITM proxy, installing a CA, setting HTTP(S)_PROXY). However, the skill bundle contains only SKILL.md and no code, no Dockerfile, no requirements file, and no homepage or source URL. The instructions expect files like clawsec-monitor.py, Dockerfile.clawsec, and requirements.clawsec.txt to exist — but those are not provided. That inconsistency (instructions requiring artifacts that are missing and no authoritative source to fetch them) is a significant red flag.
Instruction Scope
The SKILL.md instructs the agent/user to perform high-impact actions: generate and install a local CA into system trust stores (requires sudo), route all agent traffic through the proxy via environment variables, and view/rotate logs under /tmp/clawsec. Those steps are coherent with running a MITM proxy, but the instructions also implicitly require running an external Python script (clawsec-monitor.py) and Docker compose files that are not included. There is no guidance on verifying or obtaining the actual binary/script, and no mention of safe defaults or limitations for scope of interception (e.g., limiting to specific agent processes), which broadens the operational scope unexpectedly.
Install Mechanism
No install spec is provided (instruction-only), which by itself is low-risk — but SKILL.md references building/running Docker, a Docker image, and a Python script and dependencies (cryptography>=42.0.0). Because the skill lacks those artifacts and lacks a canonical download/source, a user would need to obtain code from an unspecified location. That elevates risk: instructions would lead an operator to run or fetch software from unknown/unverified locations.
Credentials
The skill declares no required credentials or env vars, which is consistent. However, the runtime instructions ask the user to install a CA into the system trust store (modifies system-wide TLS trust) and to set HTTP_PROXY/HTTPS_PROXY env vars to redirect traffic. Those actions are proportionate to running a MITM proxy but are highly sensitive (they enable interception of TLS traffic and could capture secrets). The SKILL.md references system paths (/usr/local/share/ca-certificates, /Library/Keychains/System.keychain, /tmp/clawsec) but does not request or document checksums, signatures, or an authoritative source for the code or CA.
Persistence & Privilege
The skill does not request 'always: true' and does not declare permanent privileges. That is appropriate. Still, the described runtime behavior (installing a CA and routing agent traffic through the proxy) grants the proxy high ongoing visibility into agent communications while it runs. Because the skill's package does not include the code that would implement this behavior, it's unclear what code would run and what persistence it might install.
What to consider before installing
This SKILL.md describes a legitimate-sounding MITM proxy but the package lacks the actual code, Docker files, and a trustworthy source. Do NOT install or trust a CA, change system trust stores, or globally set HTTP(S)_PROXY based solely on this skill's documentation. Before proceeding, ask the publisher for: (1) an authoritative repository or homepage, (2) the exact clawsec-monitor.py, Dockerfile, and requirements with checksums/signatures, and (3) build/run instructions and an independent audit or review. If you must evaluate the software, run it only in an isolated environment (ephemeral VM or sandboxed container) and validate artifacts (git repo, commit history, release tarballs, SHA256). Prefer per-process CA pinning or per-container trust rather than installing a system CA. If you can't obtain verifiable code or provenance, treat this skill as untrusted and avoid installing its CA or routing production agent traffic through it.Like a lobster shell, security has layers — review code before you run it.
latestvk97b390ax6f241ndhs2e8dpra181e7qq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.