hermes-traffic-guardian

Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.

Pass

Agentic behavior and permission review.

Pattern checks against bundled files.

Multi-engine malware detections and file reputation.

openclaw skills install hermes-traffic-guardian

Hermes Traffic Guardian

This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.

Builders should use this skill as the Hermes landing zone for runtime traffic monitoring:

Do not add proxy runtime ownership to hermes-attestation-guardian. That skill should attest this monitor's status and configuration, not run it.

Opt-in only.
Detect-and-log by default.
No automatic system CA installation.
No global proxy environment changes.
No blocking in the first implementation.
Redact secrets before logs, summaries, or attestation-linked outputs.
Keep all state under HERMES_TRAFFIC_GUARDIAN_HOME or $HERMES_HOME/security/traffic-guardian.

Read SPEC.md before implementing. Use the placeholder folders as follows:

Path	Intended use
`lib/`	Detector rules, redaction, posture export, report formatting
`scripts/`	Start, stop, status, config validation, log query, attestation export helpers
`test/`	Unit tests, proxy fixture tests, redaction tests, attestation export tests

Validate config without starting the proxy.
Start monitor in foreground or explicit background mode.
Scope proxy environment variables to the target Hermes service or CLI process.
Inspect HTTP request/response text up to a bounded byte limit.
Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
Emit JSONL findings with redacted snippets.
Export a small posture JSON file that hermes-attestation-guardian can include as a trust anchor or watched file.