cyber-security-engineerSecurity engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...
Install via ClawdBot CLI:
clawdbot install FletcherFrimpong/cyber-security-engineerEnv vars (optional, but documented):
OPENCLAW_REQUIRE_POLICY_FILESOPENCLAW_REQUIRE_SESSION_IDOPENCLAW_TASK_SESSION_IDOPENCLAW_APPROVAL_TOKENOPENCLAW_UNTRUSTED_SOURCEOPENCLAW_VIOLATION_NOTIFY_CMDOPENCLAW_VIOLATION_NOTIFY_ALLOWLISTTools: python3 and one of lsof, ss, or netstat for port/egress checks.
Policy files (admin reviewed):
~/.openclaw/security/approved_ports.json~/.openclaw/security/command-policy.json~/.openclaw/security/egress_allowlist.json~/.openclaw/security/prompt-policy.jsonImplement these controls in every security-sensitive task:
python3 scripts/generate_approved_ports.py, then review and prune.references/least-privilege-policy.mdreferences/port-monitoring-policy.mdreferences/compliance-controls-map.jsonreferences/approved_ports.template.jsonreferences/command-policy.template.jsonreferences/prompt-policy.template.jsonreferences/egress-allowlist.template.jsonscripts/preflight_check.pyscripts/root_session_guard.pyscripts/audit_logger.pyscripts/command_policy.pyscripts/prompt_policy.pyscripts/guarded_privileged_exec.pyscripts/install-openclaw-runtime-hook.shscripts/port_monitor.pyscripts/generate_approved_ports.pyscripts/egress_monitor.pyscripts/notify_on_violation.pyscripts/compliance_dashboard.pyscripts/live_assessment.pyOPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).OPENCLAW_REQUIRE_SESSION_ID=1).~/.openclaw/security/privileged-audit.jsonl (best-effort).When reporting status, include:
check_id(s) affected, status, risk, and concise evidence.Generated Mar 1, 2026
Enforces least-privilege and approval workflows for CI/CD pipelines and infrastructure automation, ensuring root commands are scoped, logged, and dropped immediately after use. Monitors egress connections from build servers to prevent data exfiltration and flags unapproved network exposures.
Automates ISO 27001 and NIST control assessments for internal systems, generating violation reports with mitigations for regulatory audits. Enforces session timeouts and command policies on trading platforms and database servers to meet strict access governance requirements.
Applies privilege governance to medical device management and patient data systems, using port and egress monitoring to detect unauthorized network services. Ensures elevated actions for software updates require explicit approval and are logged for HIPAA compliance.
Integrates with cloud VMs and containers to enforce idle timeout controls and monitor outbound traffic against allowlists. Uses preflight checks and compliance dashboards to benchmark configurations against security frameworks for cloud migration projects.
Hardens OT environments by restricting privileged commands in SCADA systems and flagging insecure port exposures on operational networks. Implements approval-first workflows for maintenance tasks and logs violations to support incident response in critical infrastructure.
Offers the skill as part of a SaaS security suite, charging monthly per host or user for continuous compliance monitoring and privilege governance. Revenue comes from tiered plans with advanced features like custom policy templates and priority support.
Provides professional services to deploy and customize the skill for enterprise clients, including policy creation, integration with existing tools, and training. Revenue is generated through project-based fees and ongoing maintenance contracts.
Distributes the core skill as open source to build community adoption, while monetizing premium features such as enhanced compliance dashboards, automated mitigation scripts, and enterprise support. Revenue streams include one-time purchases for add-ons and support packages.
💬 Integration Tip
Integrate with existing CI/CD pipelines by setting env vars like OPENCLAW_TASK_SESSION_ID for task scoping, and use the audit logger to feed data into SIEM systems for centralized monitoring.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.