gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-01 15:52:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat(traffic-guardian): add runtime monitoring skill baselines (#217)

Browse Source 
* feat(traffic-guardian): add runtime monitoring skill baselines

* fix(traffic-guardian): align changelog and i18n fallback docs

* chore(traffic-guardian): prepare beta1 release metadata
This commit is contained in:
davida-ps
2026-05-10 15:04:17 +03:00
committed by GitHub
parent 85caad5601
commit 369745821f
48 changed files with 1420 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+21 -14
View File
@@ -50,20 +50,26 @@ ClawSec is a **complete security skill suite for AI agent platforms**. It provid
### Skill Feature Matrix
| Skill name | supported platform| security feed verification| config drift | agent self pen testing| supply-chain install verification |
|---|---|---|---|---|---|
| claw-release | OpenClaw | No | No | No | Yes |
| clawsec-clawhub-checker | OpenClaw + clawsec-suite integration | No | No | No | Yes |
| clawsec-feed | OpenClaw | Yes | No | No | Yes |
| clawsec-nanoclaw | NanoClaw | Yes | Yes | Yes | Yes |
| clawsec-scanner | OpenClaw | Yes | No | Yes | Yes |
| clawsec-suite | OpenClaw | Yes | Yes | No | Yes |
| clawtributor | OpenClaw | Yes | No | No | No |
| hermes-attestation-guardian | Hermes | Yes (signed advisory feed verification) | Yes | No | Limited (advisory preflight gating only; no artifact signature/provenance install verification) |
| openclaw-audit-watchdog | OpenClaw | No | No | Yes | No |
| picoclaw-security-guardian | Picoclaw | Yes | Yes | No | Yes |
| picoclaw-self-pen-testing | Picoclaw | No | No | Yes | No |
| soul-guardian | OpenClaw | No | Yes | No | No |
| Skill name | supported platform| security feed verification| config drift | agent self pen testing| supply-chain install verification | runtime traffic monitoring |
|---|---|---|---|---|---|---|
| claw-release | OpenClaw | No | No | No | Yes | No |
| clawsec-clawhub-checker | OpenClaw + clawsec-suite integration | No | No | No | Yes | No |
| clawsec-feed | OpenClaw | Yes | No | No | Yes | No |
| clawsec-nanoclaw | NanoClaw | Yes | Yes | Yes | Yes | No |
| clawsec-scanner | OpenClaw | Yes | No | Yes | Yes | No |
| clawsec-suite | OpenClaw | Yes | Yes | No | Yes | No |
| clawtributor | OpenClaw | Yes | No | No | No | No |
| hermes-attestation-guardian | Hermes | Yes (signed advisory feed verification) | Yes | No | Limited (advisory preflight gating only; no artifact signature/provenance install verification) | No |
| hermes-traffic-guardian | Hermes | No | Planned posture export only | No | No | Spec baseline |
| nanoclaw-traffic-guardian | NanoClaw | No | No | No | No | Spec baseline |
| openclaw-audit-watchdog | OpenClaw | No | No | Yes | No | No |
| openclaw-traffic-guardian | OpenClaw | No | No | No | No | Spec baseline |
| picoclaw-security-guardian | Picoclaw | Yes | Yes | No | Yes | No |
| picoclaw-self-pen-testing | Picoclaw | No | No | Yes | No | No |
| picoclaw-traffic-guardian | Picoclaw | No | Planned profile export only | No | No | Spec baseline |
| soul-guardian | OpenClaw | No | Yes | No | No | No |
`Spec baseline` means the skill folder, metadata, frontmatter, and implementation contract exist, but runtime proxy code is intentionally left for platform-specific builders.
### Core Capabilities
@@ -72,6 +78,7 @@ ClawSec is a **complete security skill suite for AI agent platforms**. It provid
- **📡 Live Security Advisories** - Automated NVD CVE polling and community threat intelligence
- **🔍 Security Audits** - Self-check scripts to detect prompt injection markers and vulnerabilities
- **🔐 Checksum Verification** - SHA256 checksums for all skill artifacts
- **Runtime Traffic Monitoring Baselines** - Platform-specific specs for opt-in proxy inspection, exfiltration detection, and inbound injection detection
- **Health Checks** - Automated updates and integrity verification for all installed skills
---
skills/hermes-traffic-guardian/CHANGELOG.md
+8
View File
@@ -0,0 +1,8 @@
# Changelog
## [0.0.1-beta1] - 2026-05-10
- Added baseline skill metadata, frontmatter, and implementation specification.
- Reserved folder structure for Hermes traffic-monitoring runtime code, posture export, and tests.
- Beta release notes: this release is a scaffold/spec baseline and does not yet ship active runtime proxy interception.
- Beta release notes: defaults remain non-invasive (no automatic traffic mutation or enforcement enabled by default).
skills/hermes-traffic-guardian/README.md
+18
View File
@@ -0,0 +1,18 @@
# Hermes Traffic Guardian
Baseline skill for Hermes runtime traffic monitoring.
This package is intentionally a spec scaffold. Builders should add the Hermes-specific monitor implementation here while preserving the safety contract in `SKILL.md` and `SPEC.md`.
## Intended Capability
- detect outbound secret exfiltration in Hermes HTTP/HTTPS traffic
- detect inbound command-injection and tool-abuse payloads
- write redacted local JSONL findings
- export monitor posture for `hermes-attestation-guardian`
- provide explicit start, stop, status, and log-query commands
## Builder Notes
Keep runtime ownership in this skill. `hermes-attestation-guardian` should only attest this skill's state, config, and output fingerprints.
skills/hermes-traffic-guardian/SKILL.md
+68
View File
@@ -0,0 +1,68 @@
---
name: hermes-traffic-guardian
version: 0.0.1-beta1
description: Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.
homepage: https://clawsec.prompt.security
author: prompt-security
license: AGPL-3.0-or-later
hermes:
emoji: "TG"
requires:
bins: [node, python3]
---
# Hermes Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Scope
Builders should use this skill as the Hermes landing zone for runtime traffic monitoring:
- operator-scoped HTTP proxy inspection
- optional HTTPS inspection with per-process CA trust
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- status export for `hermes-attestation-guardian`
Do not add proxy runtime ownership to `hermes-attestation-guardian`. That skill should attest this monitor's status and configuration, not run it.
## Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No global proxy environment changes.
- No blocking in the first implementation.
- Redact secrets before logs, summaries, or attestation-linked outputs.
- Keep all state under `HERMES_TRAFFIC_GUARDIAN_HOME` or `$HERMES_HOME/security/traffic-guardian`.
## Builder Entry Points
Read `SPEC.md` before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
| `lib/` | Detector rules, redaction, posture export, report formatting |
| `scripts/` | Start, stop, status, config validation, log query, attestation export helpers |
| `test/` | Unit tests, proxy fixture tests, redaction tests, attestation export tests |
## Required First Implementation Behavior
1. Validate config without starting the proxy.
2. Start monitor in foreground or explicit background mode.
3. Scope proxy environment variables to the target Hermes service or CLI process.
4. Inspect HTTP request/response text up to a bounded byte limit.
5. Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
6. Emit JSONL findings with redacted snippets.
7. Export a small posture JSON file that `hermes-attestation-guardian` can include as a trust anchor or watched file.
## Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- collecting full request/response bodies
skills/hermes-traffic-guardian/SPEC.md
+103
View File
@@ -0,0 +1,103 @@
# Hermes Traffic Guardian Specification
## Goal
Provide Hermes with opt-in runtime traffic monitoring that observes Hermes HTTP/HTTPS traffic for exfiltration and injection signals and exports monitor posture for attestation.
## Required Architecture
Implement three layers:
1. Detector core
- normalized finding schema
- pattern registry
- snippet redaction
- deduplication
- JSONL report writer
2. Hermes adapter
- lifecycle commands for start, stop, status, and threats
- process-scoped proxy environment guidance
- posture export compatible with `hermes-attestation-guardian`
3. Operator interface
- safe setup text
- explicit per-process proxy export commands
- CA fingerprint display when HTTPS inspection is enabled
## Finding Schema
Findings must be JSON objects with these fields:
```json
{
"schema_version": "clawsec-traffic-finding/v1",
"platform": "hermes",
"direction": "outbound",
"protocol": "http",
"threat_type": "EXFIL",
"pattern": "ai_api_key",
"severity": "high",
"source": "127.0.0.1",
"dest": "api.example.com:443",
"snippet": "[REDACTED]",
"timestamp": "2026-04-26T00:00:00.000Z"
}
```
## Posture Export Schema
The first implementation must write a small posture file for attestation:
```json
{
"schema_version": "clawsec-traffic-posture/v1",
"platform": "hermes",
"monitor_status": "running",
"mode": "detect",
"https_inspection": false,
"ca_fingerprint_sha256": null,
"config_sha256": "hex",
"finding_log_sha256": "hex",
"generated_at": "2026-04-26T00:00:00.000Z"
}
```
## Minimum Detection Set
Outbound EXFIL:
- AI API keys
- AWS access key IDs
- private key PEM markers
- SSH key file paths
- sensitive Unix file paths
- dotenv and cloud credential paths
Inbound INJECTION:
- pipe-to-shell commands
- shell exec flags
- reverse shell command shapes
- destructive remove commands
- SSH authorized-key injection shapes
## Safety Requirements
- Default mode is detect-and-log.
- Blocking mode must not exist in the first implementation.
- Snippets must be redacted before persistence.
- Maximum scan bytes must be configurable and bounded.
- CA trust must be per-process by default.
- System trust-store instructions must require explicit operator confirmation and must never run automatically.
## Tests Required Before Release
- detector unit tests for each pattern
- redaction tests proving secrets are not persisted
- proxy fixture tests for HTTP request and response inspection
- no-false-positive tests for common benign traffic
- lifecycle tests for stale PID/state cleanup
- posture export schema and digest tests
- compatibility tests showing `hermes-attestation-guardian` can watch or hash the posture export
skills/hermes-traffic-guardian/lib/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/hermes-traffic-guardian/scripts/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/hermes-traffic-guardian/skill.json
+112
View File
@@ -0,0 +1,112 @@
{
"name": "hermes-traffic-guardian",
"version": "0.0.1-beta1",
"description": "Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
"platform": "hermes",
"keywords": [
"security",
"hermes",
"traffic-monitoring",
"egress",
"exfiltration",
"injection",
"proxy",
"mitm",
"attestation",
"runtime"
],
"sbom": {
"files": [
{
"path": "SKILL.md",
"required": true,
"description": "Hermes traffic guardian skill instructions and operating model"
},
{
"path": "README.md",
"required": true,
"description": "Human-oriented overview and builder handoff notes"
},
{
"path": "CHANGELOG.md",
"required": true,
"description": "Version history and baseline release notes"
},
{
"path": "SPEC.md",
"required": true,
"description": "Implementation specification for Hermes runtime traffic monitoring"
},
{
"path": "lib/.gitkeep",
"required": false,
"description": "Placeholder for shared detector, posture, and report code"
},
{
"path": "scripts/.gitkeep",
"required": false,
"description": "Placeholder for lifecycle, status, and attestation export scripts"
},
{
"path": "test/.gitkeep",
"required": false,
"description": "Placeholder for unit and integration tests"
}
]
},
"hermes": {
"emoji": "TG",
"category": "security",
"requires": {
"bins": [
"node",
"python3"
]
},
"runtime": {
"required_env": [],
"optional_env": [
"HERMES_TRAFFIC_GUARDIAN_HOME",
"HERMES_TRAFFIC_GUARDIAN_CONFIG",
"HERMES_TRAFFIC_GUARDIAN_MODE",
"HERMES_TRAFFIC_GUARDIAN_PROXY_URL",
"HERMES_TRAFFIC_GUARDIAN_CA_BUNDLE",
"HERMES_TRAFFIC_GUARDIAN_LOG_DIR",
"HERMES_TRAFFIC_GUARDIAN_MAX_SCAN_BYTES",
"HERMES_TRAFFIC_GUARDIAN_REDACT_SNIPPETS",
"HERMES_TRAFFIC_GUARDIAN_ATTESTATION_OUTPUT"
]
},
"capabilities": {
"runtime_traffic_monitoring": "spec_baseline",
"http_proxy_inspection": "planned",
"https_mitm_inspection": "planned_optional",
"egress_exfiltration_detection": "planned",
"inbound_injection_detection": "planned",
"attestation_export": "planned",
"blocking": "future_version"
},
"execution": {
"always": false,
"persistence": "Spec baseline only. Builders must keep monitoring opt-in and scheduler-free unless an operator explicitly applies one.",
"network_egress": "Future runtime will proxy operator-scoped Hermes traffic. No runtime network behavior is implemented in v0.0.1."
},
"operator_review": [
"Do not merge proxy runtime into hermes-attestation-guardian.",
"Export traffic-monitor status for hermes-attestation-guardian to attest, but keep runtime ownership in this skill.",
"Do not install a system-wide CA automatically.",
"Default to detect-and-log mode; blocking is out of scope for v0.0.1 implementation.",
"Redact secret snippets before writing logs or attestation-linked summaries."
],
"triggers": [
"hermes traffic guardian",
"hermes traffic monitoring",
"monitor hermes egress",
"inspect hermes http traffic",
"attest hermes traffic monitor"
]
}
}
skills/hermes-traffic-guardian/test/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/nanoclaw-traffic-guardian/CHANGELOG.md
+8
View File
@@ -0,0 +1,8 @@
# Changelog
## [0.0.1-beta1] - 2026-05-10
- Added baseline skill metadata, frontmatter, and implementation specification.
- Reserved folder structure for NanoClaw host services, MCP tools, detector code, and tests.
- Beta release notes: this release is a scaffold/spec baseline and does not yet ship active runtime proxy interception.
- Beta release notes: host-service and MCP contracts are defined, but detection/enforcement behavior is not active by default.
skills/nanoclaw-traffic-guardian/README.md
+18
View File
@@ -0,0 +1,18 @@
# NanoClaw Traffic Guardian
Baseline skill for NanoClaw runtime traffic monitoring.
This package is intentionally a spec scaffold. Builders should add the NanoClaw-specific host-service, IPC, and MCP implementation here while preserving the safety contract in `SKILL.md` and `SPEC.md`.
## Intended Capability
- detect outbound secret exfiltration in NanoClaw host-managed traffic
- detect inbound command-injection and tool-abuse payloads
- keep CA private key material outside the container
- expose redacted status/findings through MCP tools
- provide explicit host-side lifecycle controls
## Builder Notes
Follow the existing `clawsec-nanoclaw` pattern: host services own privileged operations, while MCP tools expose bounded requests and redacted responses.
skills/nanoclaw-traffic-guardian/SKILL.md
+69
View File
@@ -0,0 +1,69 @@
---
name: nanoclaw-traffic-guardian
version: 0.0.1-beta1
description: NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.
homepage: https://clawsec.prompt.security
author: prompt-security
license: AGPL-3.0-or-later
nanoclaw:
requires:
node: ">=18.0.0"
---
# NanoClaw Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Scope
Builders should use this skill as the NanoClaw landing zone for runtime traffic monitoring:
- host-side HTTP proxy inspection
- optional HTTPS inspection with host-held CA material
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- MCP tools for status, findings, and config checks
- IPC handlers for container-safe host communication
Prefer this as an optional companion to `clawsec-nanoclaw`, not as a mandatory extension of the existing advisory/signature/integrity suite.
## Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No CA private key access from the container.
- No blocking in the first implementation.
- Redact secrets before logs or MCP responses.
- Keep all state under `NANOCLAW_TRAFFIC_GUARDIAN_HOME` or the host-managed NanoClaw security data directory.
## Builder Entry Points
Read `SPEC.md` before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
| `lib/` | Detector rules, redaction, types, report formatting |
| `host-services/` | Host-side proxy lifecycle, log access, IPC handlers |
| `mcp-tools/` | Container-side MCP tools for status and findings |
| `test/` | Unit tests, host/container IPC tests, redaction tests |
## Required First Implementation Behavior
1. Validate config without starting the proxy.
2. Start monitor through a host-managed lifecycle path.
3. Keep CA key material on the host side.
4. Inspect HTTP request/response text up to a bounded byte limit.
5. Support optional HTTPS MITM only when the operator supplies per-runtime trust configuration.
6. Emit JSONL findings with redacted snippets.
7. Expose MCP tools that return status and redacted findings only.
## Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- exposing raw request/response bodies to the container
skills/nanoclaw-traffic-guardian/SPEC.md
+93
View File
@@ -0,0 +1,93 @@
# NanoClaw Traffic Guardian Specification
## Goal
Provide NanoClaw with opt-in runtime traffic monitoring that observes host-managed NanoClaw traffic for exfiltration and injection signals while preserving container isolation.
## Required Architecture
Implement four layers:
1. Detector core
- normalized finding schema
- pattern registry
- snippet redaction
- deduplication
- JSONL report writer
2. Host service
- proxy lifecycle
- CA key ownership
- log storage
- config validation
- IPC task handling
3. MCP tool surface
- `clawsec_traffic_status`
- `clawsec_traffic_findings`
- `clawsec_traffic_check_config`
4. Operator interface
- safe setup text
- explicit host/container proxy wiring guidance
- CA fingerprint display when HTTPS inspection is enabled
## Finding Schema
Findings must be JSON objects with these fields:
```json
{
"schema_version": "clawsec-traffic-finding/v1",
"platform": "nanoclaw",
"direction": "outbound",
"protocol": "http",
"threat_type": "EXFIL",
"pattern": "ai_api_key",
"severity": "high",
"source": "127.0.0.1",
"dest": "api.example.com:443",
"snippet": "[REDACTED]",
"timestamp": "2026-04-26T00:00:00.000Z"
}
```
## Minimum Detection Set
Outbound EXFIL:
- AI API keys
- AWS access key IDs
- private key PEM markers
- SSH key file paths
- sensitive Unix file paths
- dotenv and cloud credential paths
- WhatsApp session or credential path markers when NanoClaw exposes stable names
Inbound INJECTION:
- pipe-to-shell commands
- shell exec flags
- reverse shell command shapes
- destructive remove commands
- SSH authorized-key injection shapes
## Safety Requirements
- Default mode is detect-and-log.
- Blocking mode must not exist in the first implementation.
- Snippets must be redacted before persistence and before MCP responses.
- Maximum scan bytes must be configurable and bounded.
- CA private key material must stay host-side.
- System trust-store instructions must require explicit operator confirmation and must never run automatically.
## Tests Required Before Release
- detector unit tests for each pattern
- redaction tests proving secrets are not persisted or returned through MCP
- host-service lifecycle tests
- IPC timeout and malformed-task tests
- MCP schema tests
- proxy fixture tests for HTTP request and response inspection
- no-false-positive tests for common benign traffic
skills/nanoclaw-traffic-guardian/host-services/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/nanoclaw-traffic-guardian/lib/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/nanoclaw-traffic-guardian/mcp-tools/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/nanoclaw-traffic-guardian/skill.json
+122
View File
@@ -0,0 +1,122 @@
{
"name": "nanoclaw-traffic-guardian",
"version": "0.0.1-beta1",
"description": "NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
"platform": "nanoclaw",
"keywords": [
"security",
"nanoclaw",
"traffic-monitoring",
"egress",
"exfiltration",
"injection",
"proxy",
"mitm",
"mcp",
"container"
],
"sbom": {
"files": [
{
"path": "SKILL.md",
"required": true,
"description": "NanoClaw traffic guardian skill instructions and operating model"
},
{
"path": "README.md",
"required": true,
"description": "Human-oriented overview and builder handoff notes"
},
{
"path": "CHANGELOG.md",
"required": true,
"description": "Version history and baseline release notes"
},
{
"path": "SPEC.md",
"required": true,
"description": "Implementation specification for NanoClaw runtime traffic monitoring"
},
{
"path": "lib/.gitkeep",
"required": false,
"description": "Placeholder for shared detector, type, and report code"
},
{
"path": "host-services/.gitkeep",
"required": false,
"description": "Placeholder for host-side monitor lifecycle and IPC handlers"
},
{
"path": "mcp-tools/.gitkeep",
"required": false,
"description": "Placeholder for container-side MCP tool definitions"
},
{
"path": "test/.gitkeep",
"required": false,
"description": "Placeholder for unit and integration tests"
}
]
},
"capabilities": [
"Spec baseline for host-side runtime traffic monitoring",
"MCP status and findings query surface",
"Container-safe host/container IPC boundary",
"Optional HTTPS inspection with explicit per-runtime trust",
"Redacted local threat logging"
],
"nanoclaw": {
"mcp_tools": [
"clawsec_traffic_status",
"clawsec_traffic_findings",
"clawsec_traffic_check_config"
],
"requires": {
"node": ">=18.0.0",
"nanoclaw": ">=0.1.0"
},
"runtime": {
"required_env": [],
"optional_env": [
"NANOCLAW_TRAFFIC_GUARDIAN_HOME",
"NANOCLAW_TRAFFIC_GUARDIAN_CONFIG",
"NANOCLAW_TRAFFIC_GUARDIAN_MODE",
"NANOCLAW_TRAFFIC_GUARDIAN_PROXY_URL",
"NANOCLAW_TRAFFIC_GUARDIAN_CA_BUNDLE",
"NANOCLAW_TRAFFIC_GUARDIAN_LOG_DIR",
"NANOCLAW_TRAFFIC_GUARDIAN_MAX_SCAN_BYTES",
"NANOCLAW_TRAFFIC_GUARDIAN_REDACT_SNIPPETS"
]
},
"capabilities": {
"runtime_traffic_monitoring": "spec_baseline",
"http_proxy_inspection": "planned",
"https_mitm_inspection": "planned_optional",
"egress_exfiltration_detection": "planned",
"inbound_injection_detection": "planned",
"mcp_status_tools": "planned",
"blocking": "future_version"
},
"execution": {
"always": false,
"persistence": "Spec baseline only. Builders must keep host-side monitoring opt-in and avoid container persistence without explicit operator action.",
"network_egress": "Future runtime will proxy operator-scoped NanoClaw/WhatsApp-bot traffic. No runtime network behavior is implemented in v0.0.1."
},
"operator_review": [
"Keep proxy runtime on the host side when possible; expose only status and findings into the container.",
"Do not grant container code access to CA private key material.",
"Do not install a system-wide CA automatically.",
"Default to detect-and-log mode; blocking is out of scope for v0.0.1 implementation.",
"Redact secret snippets before writing logs or exposing MCP responses."
],
"integration": {
"mcp_tools_dir": "mcp-tools/",
"host_services_dir": "host-services/",
"result_channel": "/workspace/ipc/clawsec_results"
}
}
}
skills/nanoclaw-traffic-guardian/test/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/openclaw-traffic-guardian/CHANGELOG.md
+8
View File
@@ -0,0 +1,8 @@
# Changelog
## [0.0.1-beta1] - 2026-05-10
- Added baseline skill metadata, frontmatter, and implementation specification.
- Reserved folder structure for OpenClaw traffic-monitoring runtime code, hook integration, and tests.
- Beta release notes: this release is a scaffold/spec baseline and does not yet ship active runtime proxy interception.
- Beta release notes: defaults remain non-invasive (no automatic traffic mutation or enforcement enabled by default).
skills/openclaw-traffic-guardian/README.md
+18
View File
@@ -0,0 +1,18 @@
# OpenClaw Traffic Guardian
Baseline skill for OpenClaw runtime traffic monitoring.
This package is intentionally a spec scaffold. Builders should add the OpenClaw-specific monitor implementation here while preserving the safety contract in `SKILL.md` and `SPEC.md`.
## Intended Capability
- detect outbound secret exfiltration in agent HTTP/HTTPS traffic
- detect inbound command-injection and tool-abuse payloads
- write redacted local JSONL findings
- provide explicit start, stop, status, and log-query commands
- integrate with `clawsec-suite` as an optional add-on
## Builder Notes
Use `SPEC.md` as the implementation contract. Keep runtime changes opt-in and scoped to the OpenClaw process being monitored.
skills/openclaw-traffic-guardian/SKILL.md
+69
View File
@@ -0,0 +1,69 @@
---
name: openclaw-traffic-guardian
version: 0.0.1-beta1
description: OpenClaw runtime traffic monitoring baseline for opt-in HTTP/HTTPS proxy inspection, egress detection, and inbound injection detection.
homepage: https://clawsec.prompt.security
author: prompt-security
license: AGPL-3.0-or-later
clawdis:
emoji: "TG"
requires:
bins: [node, python3]
---
# OpenClaw Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Scope
Builders should use this skill as the OpenClaw landing zone for runtime traffic monitoring:
- operator-scoped HTTP proxy inspection
- optional HTTPS inspection with per-process CA trust
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- optional OpenClaw hook/status integration
Do not merge this capability into `clawsec-scanner`, `openclaw-audit-watchdog`, or `soul-guardian`. Those skills have different trust boundaries and safety contracts.
## Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No global `HTTP_PROXY` or `HTTPS_PROXY` changes.
- No blocking in the first implementation.
- Redact secrets before logs or conversation alerts.
- Keep all state under `OPENCLAW_TRAFFIC_GUARDIAN_HOME` or `~/.openclaw/security/clawsec/traffic-guardian`.
## Builder Entry Points
Read `SPEC.md` before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
| `lib/` | Detector rules, redaction, event schema, report formatting |
| `scripts/` | Start, stop, status, config validation, log query helpers |
| `hooks/openclaw-traffic-guardian-hook/` | Optional OpenClaw hook/status integration |
| `test/` | Unit tests, proxy fixture tests, redaction tests, process-scope tests |
## Required First Implementation Behavior
1. Validate config without starting the proxy.
2. Start monitor in foreground or explicit background mode.
3. Scope proxy environment variables to the target OpenClaw process.
4. Inspect HTTP request/response text up to a bounded byte limit.
5. Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
6. Emit JSONL findings with redacted snippets.
7. Provide a `status` command that reports mode, listener, CA fingerprint if present, and last findings.
## Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- collecting full request/response bodies
skills/openclaw-traffic-guardian/SPEC.md
+85
View File
@@ -0,0 +1,85 @@
# OpenClaw Traffic Guardian Specification
## Goal
Provide OpenClaw with opt-in runtime traffic monitoring that observes agent HTTP/HTTPS traffic for exfiltration and injection signals without changing global host networking.
## Required Architecture
Implement three layers:
1. Detector core
- normalized finding schema
- pattern registry
- snippet redaction
- deduplication
- JSONL report writer
2. OpenClaw adapter
- lifecycle commands for start, stop, status, and threats
- process-scoped proxy environment guidance
- optional hook/status integration under `hooks/openclaw-traffic-guardian-hook/`
3. Operator interface
- safe setup text
- explicit per-process proxy export commands
- CA fingerprint display when HTTPS inspection is enabled
## Finding Schema
Findings must be JSON objects with these fields:
```json
{
"schema_version": "clawsec-traffic-finding/v1",
"platform": "openclaw",
"direction": "outbound",
"protocol": "http",
"threat_type": "EXFIL",
"pattern": "ai_api_key",
"severity": "high",
"source": "127.0.0.1",
"dest": "api.example.com:443",
"snippet": "[REDACTED]",
"timestamp": "2026-04-26T00:00:00.000Z"
}
```
## Minimum Detection Set
Outbound EXFIL:
- AI API keys
- AWS access key IDs
- private key PEM markers
- SSH key file paths
- sensitive Unix file paths
- dotenv and cloud credential paths
Inbound INJECTION:
- pipe-to-shell commands
- shell exec flags
- reverse shell command shapes
- destructive remove commands
- SSH authorized-key injection shapes
## Safety Requirements
- Default mode is detect-and-log.
- Blocking mode must not exist in the first implementation.
- Snippets must be redacted before persistence.
- Maximum scan bytes must be configurable and bounded.
- CA trust must be per-process by default.
- System trust-store instructions must require explicit operator confirmation and must never run automatically.
## Tests Required Before Release
- detector unit tests for each pattern
- redaction tests proving secrets are not persisted
- proxy fixture tests for HTTP request and response inspection
- no-false-positive tests for common benign traffic
- lifecycle tests for stale PID/state cleanup
- status output tests
- OpenClaw hook integration tests if hook files are added
skills/openclaw-traffic-guardian/hooks/openclaw-traffic-guardian-hook/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/openclaw-traffic-guardian/lib/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/openclaw-traffic-guardian/scripts/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/openclaw-traffic-guardian/skill.json
+114
View File
@@ -0,0 +1,114 @@
{
"name": "openclaw-traffic-guardian",
"version": "0.0.1-beta1",
"description": "OpenClaw runtime traffic monitoring baseline for opt-in HTTP/HTTPS proxy inspection, egress detection, and inbound injection detection.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
"platform": "openclaw",
"keywords": [
"security",
"openclaw",
"traffic-monitoring",
"egress",
"exfiltration",
"injection",
"proxy",
"mitm",
"runtime"
],
"sbom": {
"files": [
{
"path": "SKILL.md",
"required": true,
"description": "OpenClaw traffic guardian skill instructions and operating model"
},
{
"path": "README.md",
"required": true,
"description": "Human-oriented overview and builder handoff notes"
},
{
"path": "CHANGELOG.md",
"required": true,
"description": "Version history and baseline release notes"
},
{
"path": "SPEC.md",
"required": true,
"description": "Implementation specification for OpenClaw runtime traffic monitoring"
},
{
"path": "lib/.gitkeep",
"required": false,
"description": "Placeholder for shared detector and report code"
},
{
"path": "scripts/.gitkeep",
"required": false,
"description": "Placeholder for proxy lifecycle and status scripts"
},
{
"path": "hooks/openclaw-traffic-guardian-hook/.gitkeep",
"required": false,
"description": "Placeholder for optional OpenClaw hook integration"
},
{
"path": "test/.gitkeep",
"required": false,
"description": "Placeholder for unit and integration tests"
}
]
},
"openclaw": {
"emoji": "TG",
"category": "security",
"requires": {
"bins": [
"node",
"python3"
]
},
"runtime": {
"required_env": [],
"optional_env": [
"OPENCLAW_TRAFFIC_GUARDIAN_HOME",
"OPENCLAW_TRAFFIC_GUARDIAN_CONFIG",
"OPENCLAW_TRAFFIC_GUARDIAN_MODE",
"OPENCLAW_TRAFFIC_GUARDIAN_PROXY_URL",
"OPENCLAW_TRAFFIC_GUARDIAN_CA_BUNDLE",
"OPENCLAW_TRAFFIC_GUARDIAN_LOG_DIR",
"OPENCLAW_TRAFFIC_GUARDIAN_MAX_SCAN_BYTES",
"OPENCLAW_TRAFFIC_GUARDIAN_REDACT_SNIPPETS"
]
},
"capabilities": {
"runtime_traffic_monitoring": "spec_baseline",
"http_proxy_inspection": "planned",
"https_mitm_inspection": "planned_optional",
"egress_exfiltration_detection": "planned",
"inbound_injection_detection": "planned",
"blocking": "future_version"
},
"execution": {
"always": false,
"persistence": "Spec baseline only. Builders must keep monitoring opt-in and avoid installing persistent hooks or schedulers without explicit operator action.",
"network_egress": "Future runtime will proxy operator-scoped agent traffic. No runtime network behavior is implemented in v0.0.1."
},
"operator_review": [
"Do not install a system-wide CA automatically.",
"Default to detect-and-log mode; blocking is out of scope for v0.0.1 implementation.",
"Scope HTTP_PROXY/HTTPS_PROXY to the OpenClaw process being monitored.",
"Redact secret snippets before writing logs or sending conversation alerts.",
"Integrate with clawsec-suite as an optional add-on, not a default install."
],
"triggers": [
"openclaw traffic guardian",
"openclaw traffic monitoring",
"monitor openclaw egress",
"inspect openclaw http traffic",
"detect openclaw exfiltration"
]
}
}
skills/openclaw-traffic-guardian/test/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/picoclaw-traffic-guardian/CHANGELOG.md
+8
View File
@@ -0,0 +1,8 @@
# Changelog
## [0.0.1-beta1] - 2026-05-10
- Added baseline skill metadata, frontmatter, and implementation specification.
- Reserved folder structure for Picoclaw traffic-monitoring runtime code, profile export, and tests.
- Beta release notes: this release is a scaffold/spec baseline and does not yet ship active runtime proxy interception.
- Beta release notes: defaults remain non-invasive (no automatic traffic mutation or enforcement enabled by default).
skills/picoclaw-traffic-guardian/README.md
+18
View File
@@ -0,0 +1,18 @@
# Picoclaw Traffic Guardian
Baseline skill for Picoclaw runtime traffic monitoring.
This package is intentionally a spec scaffold. Builders should add the Picoclaw-specific monitor implementation here while preserving the safety contract in `SKILL.md` and `SPEC.md`.
## Intended Capability
- detect outbound secret exfiltration in Picoclaw gateway HTTP/HTTPS traffic
- detect inbound command-injection and tool-abuse payloads
- write redacted local JSONL findings
- export monitor posture for `picoclaw-security-guardian`
- provide explicit start, stop, status, and log-query commands
## Builder Notes
Keep runtime ownership in this skill. `picoclaw-security-guardian` should only profile and drift-check this skill's state, config, and output fingerprints.
skills/picoclaw-traffic-guardian/SKILL.md
+68
View File
@@ -0,0 +1,68 @@
---
name: picoclaw-traffic-guardian
version: 0.0.1-beta1
description: Picoclaw runtime traffic monitoring baseline for lightweight AI gateway proxy inspection, egress detection, and posture integration.
homepage: https://clawsec.prompt.security
author: prompt-security
license: AGPL-3.0-or-later
picoclaw:
emoji: "TG"
requires:
bins: [node, python3]
---
# Picoclaw Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Scope
Builders should use this skill as the Picoclaw landing zone for runtime traffic monitoring:
- lightweight AI gateway HTTP proxy inspection
- optional HTTPS inspection with per-process CA trust
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- profile export for `picoclaw-security-guardian`
Do not add proxy runtime ownership to `picoclaw-security-guardian` or `picoclaw-self-pen-testing`. Those skills should profile, drift-check, or review this monitor's status, not run it.
## Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No global proxy environment changes.
- No blocking in the first implementation.
- Redact secrets before logs, summaries, or profile outputs.
- Keep all state under `PICOCLAW_TRAFFIC_GUARDIAN_HOME` or `$PICOCLAW_HOME/security/clawsec/traffic-guardian`.
## Builder Entry Points
Read `SPEC.md` before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
| `lib/` | Detector rules, redaction, profile export, report formatting |
| `scripts/` | Start, stop, status, config validation, log query, profile export helpers |
| `test/` | Unit tests, proxy fixture tests, redaction tests, profile integration tests |
## Required First Implementation Behavior
1. Validate config without starting the proxy.
2. Start monitor in foreground or explicit background mode.
3. Scope proxy environment variables to the target Picoclaw gateway process.
4. Inspect HTTP request/response text up to a bounded byte limit.
5. Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
6. Emit JSONL findings with redacted snippets.
7. Export a small profile fragment that `picoclaw-security-guardian` can include in deterministic posture profiles.
## Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- collecting full request/response bodies
skills/picoclaw-traffic-guardian/SPEC.md
+104
View File
@@ -0,0 +1,104 @@
# Picoclaw Traffic Guardian Specification
## Goal
Provide Picoclaw with opt-in runtime traffic monitoring that observes lightweight AI gateway HTTP/HTTPS traffic for exfiltration and injection signals and exports monitor posture for Picoclaw profiles.
## Required Architecture
Implement three layers:
1. Detector core
- normalized finding schema
- pattern registry
- snippet redaction
- deduplication
- JSONL report writer
2. Picoclaw adapter
- lifecycle commands for start, stop, status, and threats
- process-scoped proxy environment guidance
- profile fragment compatible with `picoclaw-security-guardian`
3. Operator interface
- safe setup text
- explicit per-process proxy export commands
- CA fingerprint display when HTTPS inspection is enabled
## Finding Schema
Findings must be JSON objects with these fields:
```json
{
"schema_version": "clawsec-traffic-finding/v1",
"platform": "picoclaw",
"direction": "outbound",
"protocol": "http",
"threat_type": "EXFIL",
"pattern": "ai_api_key",
"severity": "high",
"source": "127.0.0.1",
"dest": "api.example.com:443",
"snippet": "[REDACTED]",
"timestamp": "2026-04-26T00:00:00.000Z"
}
```
## Profile Fragment Schema
The first implementation must write a small profile fragment:
```json
{
"schema_version": "clawsec-traffic-posture/v1",
"platform": "picoclaw",
"monitor_status": "running",
"mode": "detect",
"https_inspection": false,
"ca_fingerprint_sha256": null,
"config_sha256": "hex",
"finding_log_sha256": "hex",
"generated_at": "2026-04-26T00:00:00.000Z"
}
```
## Minimum Detection Set
Outbound EXFIL:
- AI API keys
- AWS access key IDs
- private key PEM markers
- SSH key file paths
- sensitive Unix file paths
- dotenv and cloud credential paths
- gateway config/token path markers when Picoclaw exposes stable names
Inbound INJECTION:
- pipe-to-shell commands
- shell exec flags
- reverse shell command shapes
- destructive remove commands
- SSH authorized-key injection shapes
## Safety Requirements
- Default mode is detect-and-log.
- Blocking mode must not exist in the first implementation.
- Snippets must be redacted before persistence.
- Maximum scan bytes must be configurable and bounded.
- CA trust must be per-process by default.
- System trust-store instructions must require explicit operator confirmation and must never run automatically.
## Tests Required Before Release
- detector unit tests for each pattern
- redaction tests proving secrets are not persisted
- proxy fixture tests for HTTP request and response inspection
- no-false-positive tests for common benign traffic
- lifecycle tests for stale PID/state cleanup
- profile fragment schema and digest tests
- compatibility tests showing `picoclaw-security-guardian` can include the profile fragment
skills/picoclaw-traffic-guardian/lib/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/picoclaw-traffic-guardian/scripts/.gitkeep
+1
View File
@@ -0,0 +1 @@
skills/picoclaw-traffic-guardian/skill.json
+112
View File
@@ -0,0 +1,112 @@
{
"name": "picoclaw-traffic-guardian",
"version": "0.0.1-beta1",
"description": "Picoclaw runtime traffic monitoring baseline for lightweight AI gateway proxy inspection, egress detection, and posture integration.",
"author": "prompt-security",
"license": "AGPL-3.0-or-later",
"homepage": "https://clawsec.prompt.security/",
"platform": "picoclaw",
"keywords": [
"security",
"picoclaw",
"ai-gateway",
"traffic-monitoring",
"egress",
"exfiltration",
"injection",
"proxy",
"mitm",
"runtime"
],
"sbom": {
"files": [
{
"path": "SKILL.md",
"required": true,
"description": "Picoclaw traffic guardian skill instructions and operating model"
},
{
"path": "README.md",
"required": true,
"description": "Human-oriented overview and builder handoff notes"
},
{
"path": "CHANGELOG.md",
"required": true,
"description": "Version history and baseline release notes"
},
{
"path": "SPEC.md",
"required": true,
"description": "Implementation specification for Picoclaw runtime traffic monitoring"
},
{
"path": "lib/.gitkeep",
"required": false,
"description": "Placeholder for shared detector, profile, and report code"
},
{
"path": "scripts/.gitkeep",
"required": false,
"description": "Placeholder for lifecycle, status, and profile export scripts"
},
{
"path": "test/.gitkeep",
"required": false,
"description": "Placeholder for unit and integration tests"
}
]
},
"picoclaw": {
"emoji": "TG",
"category": "security",
"requires": {
"bins": [
"node",
"python3"
]
},
"runtime": {
"required_env": [],
"optional_env": [
"PICOCLAW_TRAFFIC_GUARDIAN_HOME",
"PICOCLAW_TRAFFIC_GUARDIAN_CONFIG",
"PICOCLAW_TRAFFIC_GUARDIAN_MODE",
"PICOCLAW_TRAFFIC_GUARDIAN_PROXY_URL",
"PICOCLAW_TRAFFIC_GUARDIAN_CA_BUNDLE",
"PICOCLAW_TRAFFIC_GUARDIAN_LOG_DIR",
"PICOCLAW_TRAFFIC_GUARDIAN_MAX_SCAN_BYTES",
"PICOCLAW_TRAFFIC_GUARDIAN_REDACT_SNIPPETS",
"PICOCLAW_TRAFFIC_GUARDIAN_PROFILE_OUTPUT"
]
},
"capabilities": {
"runtime_traffic_monitoring": "spec_baseline",
"http_proxy_inspection": "planned",
"https_mitm_inspection": "planned_optional",
"egress_exfiltration_detection": "planned",
"inbound_injection_detection": "planned",
"profile_export": "planned",
"blocking": "future_version"
},
"execution": {
"always": false,
"persistence": "Spec baseline only. Builders must keep monitoring opt-in and scheduler-free unless an operator explicitly applies one.",
"network_egress": "Future runtime will proxy operator-scoped Picoclaw gateway traffic. No runtime network behavior is implemented in v0.0.1."
},
"operator_review": [
"Do not merge proxy runtime into picoclaw-security-guardian or picoclaw-self-pen-testing.",
"Export traffic-monitor status for picoclaw-security-guardian to profile and drift-check, but keep runtime ownership in this skill.",
"Do not install a system-wide CA automatically.",
"Default to detect-and-log mode; blocking is out of scope for v0.0.1 implementation.",
"Redact secret snippets before writing logs or profile summaries."
],
"triggers": [
"picoclaw traffic guardian",
"picoclaw traffic monitoring",
"monitor picoclaw egress",
"inspect picoclaw http traffic",
"picoclaw proxy inspection"
]
}
}
skills/picoclaw-traffic-guardian/test/.gitkeep
+1
View File
@@ -0,0 +1 @@
wiki/GENERATION.md
+2
View File
@@ -15,6 +15,7 @@
- Updated index and cross-links to use `wiki/` as the documentation source of truth.
- Added a dedicated module page for `clawsec-scanner` and linked it from `wiki/INDEX.md`.
- Future updates should preserve existing headings and append `Update Notes` sections when making deltas.
- 2026-05-04: Added `wiki/modules/runtime-traffic-guardian-baseline.md` and platform-specific runtime traffic guardian skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-15: Expanded `wiki/modules/hermes-attestation-guardian.md` into full narrative claim breakdowns (people-speak + wiring + verification + scenario) and moved draft-plan context into `wiki/modules/hermes-attestation-guardian-draft-history.md`.
- 2026-04-26: Split Picoclaw self-pen-testing into dedicated `wiki/modules/picoclaw-self-pen-testing.md`, and updated `wiki/modules/picoclaw-security-guardian.md` to cover advisory/drift/supply-chain scope only.
- 2026-04-25: Added DeepWiki-friendly `wiki/modules/picoclaw-security-guardian.md` with support-matrix claims, threat model, default safety posture, frontend/advisory-board wiring, verification commands, and source references. Regenerated `public/wiki/**/llms.txt` exports with `npm run gen:wiki-llms`.
@@ -28,6 +29,7 @@
- wiki/modules/clawsec-scanner.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- wiki/dependencies.md
- wiki/data-flow.md
- wiki/glossary.md
wiki/INDEX.md
+7
View File
@@ -42,6 +42,7 @@
- [NanoClaw Integration](modules/nanoclaw-integration.md)
- [Picoclaw Security Guardian](modules/picoclaw-security-guardian.md)
- [Picoclaw Self Pen Testing](modules/picoclaw-self-pen-testing.md)
- [Runtime Traffic Guardian Baseline](modules/runtime-traffic-guardian-baseline.md)
- [Automation and Release Pipelines](modules/automation-release.md)
- [Local Validation and Packaging Tools](modules/local-tooling.md)
@@ -52,6 +53,7 @@
- [Generation Metadata](GENERATION.md)
## Update Notes
- 2026-05-04: Added runtime traffic guardian baseline module and platform-specific skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-26: Split Picoclaw self-pen-testing into standalone `picoclaw-self-pen-testing`; updated Picoclaw module docs and references.
- 2026-04-25: Added Picoclaw Security Guardian module for advisory awareness, config drift detection, and chain-of-supply verification.
- 2026-04-19: Moved NanoClaw platform-support and CI/CD pipeline detail sections out of `README.md` into module pages (`modules/nanoclaw-integration.md`, `modules/automation-release.md`) and left README pointers.
@@ -70,11 +72,16 @@
- skills/clawsec-suite/skill.json
- skills/clawsec-scanner/skill.json
- skills/hermes-attestation-guardian/skill.json
- skills/hermes-traffic-guardian/skill.json
- skills/nanoclaw-traffic-guardian/skill.json
- skills/openclaw-traffic-guardian/skill.json
- skills/picoclaw-security-guardian/skill.json
- skills/picoclaw-self-pen-testing/skill.json
- skills/picoclaw-traffic-guardian/skill.json
- wiki/modules/clawsec-scanner.md
- wiki/modules/hermes-attestation-guardian.md
- wiki/modules/hermes-attestation-guardian-draft-history.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- .github/workflows/ci.yml
wiki/de/GENERATION.md
+2
View File
@@ -20,6 +20,7 @@ Review status: draft
- Updated index and cross-links to use `wiki/` as the documentation source of truth.
- Added a dedicated module page for `clawsec-scanner` and linked it from `wiki/INDEX.md`.
- Future updates should preserve existing headings and append `Update Notes` sections when making deltas.
- 2026-05-04: Added `wiki/modules/runtime-traffic-guardian-baseline.md` and platform-specific runtime traffic guardian skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-15: Expanded `wiki/modules/hermes-attestation-guardian.md` into full narrative claim breakdowns (people-speak + wiring + verification + scenario) and moved draft-plan context into `wiki/modules/hermes-attestation-guardian-draft-history.md`.
- 2026-04-26: Split Picoclaw self-pen-testing into dedicated `wiki/modules/picoclaw-self-pen-testing.md`, and updated `wiki/modules/picoclaw-security-guardian.md` to cover advisory/drift/supply-chain scope only.
- 2026-04-25: Added DeepWiki-friendly `wiki/modules/picoclaw-security-guardian.md` with support-matrix claims, threat model, default safety posture, frontend/advisory-board wiring, verification commands, and source references. Regenerated `public/wiki/**/llms.txt` exports with `npm run gen:wiki-llms`.
@@ -31,6 +32,7 @@ Review status: draft
- wiki/overview.md
- wiki/architecture.md
- wiki/modules/clawsec-scanner.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/dependencies.md
wiki/de/INDEX.md
+7
View File
@@ -44,6 +44,7 @@ Review status: draft
- [NanoClaw Integration](../modules/nanoclaw-integration.md)
- [Picoclaw Security Guardian](../modules/picoclaw-security-guardian.md)
- [Picoclaw Self Pen Testing](../modules/picoclaw-self-pen-testing.md)
- [Runtime Traffic Guardian Baseline](../modules/runtime-traffic-guardian-baseline.md)
- [Automation and Release Pipelines](../modules/automation-release.md)
- [Local Validation and Packaging Tools](../modules/local-tooling.md)
@@ -54,6 +55,7 @@ Review status: draft
- [Generation Metadata](GENERATION.md)
## Update Notes
- 2026-05-04: Added runtime traffic guardian baseline module and platform-specific skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-26: Split Picoclaw self-pen-testing into standalone `picoclaw-self-pen-testing`; updated Picoclaw module docs and references.
- 2026-04-25: Added Picoclaw Security Guardian module for advisory awareness, config drift detection, and chain-of-supply verification.
- 2026-04-19: Moved NanoClaw platform-support and CI/CD pipeline detail sections out of `README.md` into module pages (`modules/nanoclaw-integration.md`, `modules/automation-release.md`) and left README pointers.
@@ -72,11 +74,16 @@ Review status: draft
- skills/clawsec-suite/skill.json
- skills/clawsec-scanner/skill.json
- skills/hermes-attestation-guardian/skill.json
- skills/hermes-traffic-guardian/skill.json
- skills/nanoclaw-traffic-guardian/skill.json
- skills/openclaw-traffic-guardian/skill.json
- skills/picoclaw-security-guardian/skill.json
- skills/picoclaw-self-pen-testing/skill.json
- skills/picoclaw-traffic-guardian/skill.json
- wiki/modules/clawsec-scanner.md
- wiki/modules/hermes-attestation-guardian.md
- wiki/modules/hermes-attestation-guardian-draft-history.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- .github/workflows/ci.yml
wiki/es/GENERATION.md
+2
View File
@@ -20,6 +20,7 @@ Review status: draft
- Updated index and cross-links to use `wiki/` as the documentation source of truth.
- Added a dedicated module page for `clawsec-scanner` and linked it from `wiki/INDEX.md`.
- Future updates should preserve existing headings and append `Update Notes` sections when making deltas.
- 2026-05-04: Added `wiki/modules/runtime-traffic-guardian-baseline.md` and platform-specific runtime traffic guardian skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-15: Expanded `wiki/modules/hermes-attestation-guardian.md` into full narrative claim breakdowns (people-speak + wiring + verification + scenario) and moved draft-plan context into `wiki/modules/hermes-attestation-guardian-draft-history.md`.
- 2026-04-26: Split Picoclaw self-pen-testing into dedicated `wiki/modules/picoclaw-self-pen-testing.md`, and updated `wiki/modules/picoclaw-security-guardian.md` to cover advisory/drift/supply-chain scope only.
- 2026-04-25: Added DeepWiki-friendly `wiki/modules/picoclaw-security-guardian.md` with support-matrix claims, threat model, default safety posture, frontend/advisory-board wiring, verification commands, and source references. Regenerated `public/wiki/**/llms.txt` exports with `npm run gen:wiki-llms`.
@@ -31,6 +32,7 @@ Review status: draft
- wiki/overview.md
- wiki/architecture.md
- wiki/modules/clawsec-scanner.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/dependencies.md
wiki/es/INDEX.md
+7
View File
@@ -35,6 +35,7 @@
- [NanoClaw Integration](../modules/nanoclaw-integration.md)
- [Picoclaw Security Guardian](../modules/picoclaw-security-guardian.md)
- [Picoclaw Self Pen Testing](../modules/picoclaw-self-pen-testing.md)
- [Runtime Traffic Guardian Baseline](../modules/runtime-traffic-guardian-baseline.md)
- [Automation and Release Pipelines](../modules/automation-release.md)
- [Local Validation and Packaging Tools](../modules/local-tooling.md)
@@ -45,6 +46,7 @@
- [Generation Metadata](../GENERATION.md)
## Notas de actualización
- 2026-05-04: Added runtime traffic guardian baseline module and platform-specific skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-27: Añadida traducción inicial al español (`wiki/es/INDEX.md`, `wiki/es/overview.md`) como fase 1.
- 2026-04-26: Separado Picoclaw self-pen-testing en `picoclaw-self-pen-testing`; actualizados docs y referencias de módulo Picoclaw.
- 2026-04-25: Añadido módulo Picoclaw Security Guardian para awareness de advisories, detección de drift de configuración y verificación de cadena de suministro.
@@ -60,6 +62,11 @@
- `skills/clawsec-suite/skill.json`
- `skills/clawsec-scanner/skill.json`
- `skills/hermes-attestation-guardian/skill.json`
- `skills/hermes-traffic-guardian/skill.json`
- `skills/nanoclaw-traffic-guardian/skill.json`
- `skills/openclaw-traffic-guardian/skill.json`
- `skills/picoclaw-security-guardian/skill.json`
- `skills/picoclaw-self-pen-testing/skill.json`
- `skills/picoclaw-traffic-guardian/skill.json`
- `wiki/modules/runtime-traffic-guardian-baseline.md`
- `.github/workflows/ci.yml`
wiki/fr/GENERATION.md
+2
View File
@@ -20,6 +20,7 @@ Review status: draft
- Updated index and cross-links to use `wiki/` as the documentation source of truth.
- Added a dedicated module page for `clawsec-scanner` and linked it from `wiki/INDEX.md`.
- Future updates should preserve existing headings and append `Update Notes` sections when making deltas.
- 2026-05-04: Added `wiki/modules/runtime-traffic-guardian-baseline.md` and platform-specific runtime traffic guardian skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-15: Expanded `wiki/modules/hermes-attestation-guardian.md` into full narrative claim breakdowns (people-speak + wiring + verification + scenario) and moved draft-plan context into `wiki/modules/hermes-attestation-guardian-draft-history.md`.
- 2026-04-26: Split Picoclaw self-pen-testing into dedicated `wiki/modules/picoclaw-self-pen-testing.md`, and updated `wiki/modules/picoclaw-security-guardian.md` to cover advisory/drift/supply-chain scope only.
- 2026-04-25: Added DeepWiki-friendly `wiki/modules/picoclaw-security-guardian.md` with support-matrix claims, threat model, default safety posture, frontend/advisory-board wiring, verification commands, and source references. Regenerated `public/wiki/**/llms.txt` exports with `npm run gen:wiki-llms`.
@@ -31,6 +32,7 @@ Review status: draft
- wiki/overview.md
- wiki/architecture.md
- wiki/modules/clawsec-scanner.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/dependencies.md
wiki/fr/INDEX.md
+7
View File
@@ -44,6 +44,7 @@ Review status: draft
- [NanoClaw Integration](../modules/nanoclaw-integration.md)
- [Picoclaw Security Guardian](../modules/picoclaw-security-guardian.md)
- [Picoclaw Self Pen Testing](../modules/picoclaw-self-pen-testing.md)
- [Runtime Traffic Guardian Baseline](../modules/runtime-traffic-guardian-baseline.md)
- [Automation and Release Pipelines](../modules/automation-release.md)
- [Local Validation and Packaging Tools](../modules/local-tooling.md)
@@ -54,6 +55,7 @@ Review status: draft
- [Generation Metadata](GENERATION.md)
## Update Notes
- 2026-05-04: Added runtime traffic guardian baseline module and platform-specific skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-26: Split Picoclaw self-pen-testing into standalone `picoclaw-self-pen-testing`; updated Picoclaw module docs and references.
- 2026-04-25: Added Picoclaw Security Guardian module for advisory awareness, config drift detection, and chain-of-supply verification.
- 2026-04-19: Moved NanoClaw platform-support and CI/CD pipeline detail sections out of `README.md` into module pages (`modules/nanoclaw-integration.md`, `modules/automation-release.md`) and left README pointers.
@@ -72,11 +74,16 @@ Review status: draft
- skills/clawsec-suite/skill.json
- skills/clawsec-scanner/skill.json
- skills/hermes-attestation-guardian/skill.json
- skills/hermes-traffic-guardian/skill.json
- skills/nanoclaw-traffic-guardian/skill.json
- skills/openclaw-traffic-guardian/skill.json
- skills/picoclaw-security-guardian/skill.json
- skills/picoclaw-self-pen-testing/skill.json
- skills/picoclaw-traffic-guardian/skill.json
- wiki/modules/clawsec-scanner.md
- wiki/modules/hermes-attestation-guardian.md
- wiki/modules/hermes-attestation-guardian-draft-history.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- .github/workflows/ci.yml
wiki/ja/GENERATION.md
+2
View File
@@ -20,6 +20,7 @@ Review status: draft
- Updated index and cross-links to use `wiki/` as the documentation source of truth.
- Added a dedicated module page for `clawsec-scanner` and linked it from `wiki/INDEX.md`.
- Future updates should preserve existing headings and append `Update Notes` sections when making deltas.
- 2026-05-04: Added `wiki/modules/runtime-traffic-guardian-baseline.md` and platform-specific runtime traffic guardian skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-15: Expanded `wiki/modules/hermes-attestation-guardian.md` into full narrative claim breakdowns (people-speak + wiring + verification + scenario) and moved draft-plan context into `wiki/modules/hermes-attestation-guardian-draft-history.md`.
- 2026-04-26: Split Picoclaw self-pen-testing into dedicated `wiki/modules/picoclaw-self-pen-testing.md`, and updated `wiki/modules/picoclaw-security-guardian.md` to cover advisory/drift/supply-chain scope only.
- 2026-04-25: Added DeepWiki-friendly `wiki/modules/picoclaw-security-guardian.md` with support-matrix claims, threat model, default safety posture, frontend/advisory-board wiring, verification commands, and source references. Regenerated `public/wiki/**/llms.txt` exports with `npm run gen:wiki-llms`.
@@ -31,6 +32,7 @@ Review status: draft
- wiki/overview.md
- wiki/architecture.md
- wiki/modules/clawsec-scanner.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/dependencies.md
wiki/ja/INDEX.md
+7
View File
@@ -44,6 +44,7 @@ Review status: draft
- [NanoClaw Integration](../modules/nanoclaw-integration.md)
- [Picoclaw Security Guardian](../modules/picoclaw-security-guardian.md)
- [Picoclaw Self Pen Testing](../modules/picoclaw-self-pen-testing.md)
- [Runtime Traffic Guardian Baseline](../modules/runtime-traffic-guardian-baseline.md)
- [Automation and Release Pipelines](../modules/automation-release.md)
- [Local Validation and Packaging Tools](../modules/local-tooling.md)
@@ -54,6 +55,7 @@ Review status: draft
- [Generation Metadata](GENERATION.md)
## Update Notes
- 2026-05-04: Added runtime traffic guardian baseline module and platform-specific skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-26: Split Picoclaw self-pen-testing into standalone `picoclaw-self-pen-testing`; updated Picoclaw module docs and references.
- 2026-04-25: Added Picoclaw Security Guardian module for advisory awareness, config drift detection, and chain-of-supply verification.
- 2026-04-19: Moved NanoClaw platform-support and CI/CD pipeline detail sections out of `README.md` into module pages (`modules/nanoclaw-integration.md`, `modules/automation-release.md`) and left README pointers.
@@ -72,11 +74,16 @@ Review status: draft
- skills/clawsec-suite/skill.json
- skills/clawsec-scanner/skill.json
- skills/hermes-attestation-guardian/skill.json
- skills/hermes-traffic-guardian/skill.json
- skills/nanoclaw-traffic-guardian/skill.json
- skills/openclaw-traffic-guardian/skill.json
- skills/picoclaw-security-guardian/skill.json
- skills/picoclaw-self-pen-testing/skill.json
- skills/picoclaw-traffic-guardian/skill.json
- wiki/modules/clawsec-scanner.md
- wiki/modules/hermes-attestation-guardian.md
- wiki/modules/hermes-attestation-guardian-draft-history.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- .github/workflows/ci.yml
wiki/ko/GENERATION.md
+2
View File
@@ -20,6 +20,7 @@ Review status: draft
- Updated index and cross-links to use `wiki/` as the documentation source of truth.
- Added a dedicated module page for `clawsec-scanner` and linked it from `wiki/INDEX.md`.
- Future updates should preserve existing headings and append `Update Notes` sections when making deltas.
- 2026-05-04: Added `wiki/modules/runtime-traffic-guardian-baseline.md` and platform-specific runtime traffic guardian skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-15: Expanded `wiki/modules/hermes-attestation-guardian.md` into full narrative claim breakdowns (people-speak + wiring + verification + scenario) and moved draft-plan context into `wiki/modules/hermes-attestation-guardian-draft-history.md`.
- 2026-04-26: Split Picoclaw self-pen-testing into dedicated `wiki/modules/picoclaw-self-pen-testing.md`, and updated `wiki/modules/picoclaw-security-guardian.md` to cover advisory/drift/supply-chain scope only.
- 2026-04-25: Added DeepWiki-friendly `wiki/modules/picoclaw-security-guardian.md` with support-matrix claims, threat model, default safety posture, frontend/advisory-board wiring, verification commands, and source references. Regenerated `public/wiki/**/llms.txt` exports with `npm run gen:wiki-llms`.
@@ -31,6 +32,7 @@ Review status: draft
- wiki/overview.md
- wiki/architecture.md
- wiki/modules/clawsec-scanner.md
- wiki/modules/runtime-traffic-guardian-baseline.md
- wiki/modules/picoclaw-security-guardian.md
- wiki/modules/picoclaw-self-pen-testing.md
- wiki/dependencies.md
wiki/ko/INDEX.md
+7
View File
@@ -22,14 +22,21 @@
## 모듈
- [Frontend Web App](../modules/frontend-web.md)
- [ClawSec Suite Core](../modules/clawsec-suite.md)
- [Runtime Traffic Guardian Baseline](../modules/runtime-traffic-guardian-baseline.md)
- [NanoClaw Integration](../modules/nanoclaw-integration.md)
- [Hermes Attestation Guardian](../modules/hermes-attestation-guardian.md)
- [Picoclaw Security Guardian](../modules/picoclaw-security-guardian.md)
## 번역 노트
- 2026-05-04: Added runtime traffic guardian baseline module and platform-specific skill scaffolds for OpenClaw, Hermes, NanoClaw, and Picoclaw.
- 2026-04-27: 한국어 위키 초기 스캐폴드 추가 (`wiki/ko/INDEX.md`, `wiki/ko/overview.md`).
## 소스 참조
- `wiki/INDEX.md`
- `wiki/overview.md`
- `wiki/localization.md`
- `skills/hermes-traffic-guardian/skill.json`
- `skills/nanoclaw-traffic-guardian/skill.json`
- `skills/openclaw-traffic-guardian/skill.json`
- `skills/picoclaw-traffic-guardian/skill.json`
- `wiki/modules/runtime-traffic-guardian-baseline.md`
wiki/modules/runtime-traffic-guardian-baseline.md
+108
View File
@@ -0,0 +1,108 @@
# Runtime Traffic Guardian Baseline
## Summary
This module defines the baseline for a new platform-specific runtime traffic monitoring family:
- `skills/openclaw-traffic-guardian/`
- `skills/hermes-traffic-guardian/`
- `skills/nanoclaw-traffic-guardian/`
- `skills/picoclaw-traffic-guardian/`
These packages are intentionally specification scaffolds. They reserve the skill names, platform metadata, SBOM entries, frontmatter, folder structure, and safety contracts so platform builders can add implementations without changing the architectural decision.
## Capability Gap
The existing ClawSec matrix covers advisory verification, config drift, self-pen-testing/posture review, and supply-chain verification. It does not currently provide live runtime traffic monitoring:
- HTTP request/response inspection
- optional HTTPS inspection with explicit CA trust
- outbound secret exfiltration detection
- inbound command-injection detection
- redacted local threat logging
- platform-specific status/profile/attestation surfaces
## Architecture Decision
Runtime traffic monitoring is a separate skill family, not an extension of existing posture or scanner skills.
Reasoning:
- `clawsec-scanner` is periodic report-only vulnerability scanning and OpenClaw hook DAST.
- `hermes-attestation-guardian` produces and verifies deterministic posture artifacts; it should attest monitor state, not run a proxy.
- `clawsec-nanoclaw` owns advisory/signature/integrity MCP tools; traffic interception requires host-side network ownership and stricter container boundaries.
- `picoclaw-security-guardian` is read-only posture/drift/supply-chain logic; proxy runtime would violate that safety posture.
## Shared Safety Contract
All traffic guardian implementations must preserve these constraints:
1. Opt-in only.
2. Detect-and-log by default.
3. No automatic system CA installation.
4. No global `HTTP_PROXY` or `HTTPS_PROXY` mutation.
5. No blocking in the first implementation.
6. Redact secret snippets before persistence or surfaced output.
7. Bound scan bytes and log retention.
8. Keep platform adapter state under platform-specific ClawSec security directories.
## Platform Ownership
| Skill | Runtime owner | Integration point |
|---|---|---|
| `openclaw-traffic-guardian` | OpenClaw adapter | Optional `clawsec-suite` add-on and optional OpenClaw hook/status integration |
| `hermes-traffic-guardian` | Hermes adapter | Posture export watched by `hermes-attestation-guardian` |
| `nanoclaw-traffic-guardian` | NanoClaw host service | Container-safe MCP tools and IPC result channel |
| `picoclaw-traffic-guardian` | Picoclaw adapter | Profile fragment consumed by `picoclaw-security-guardian` |
## Shared Finding Schema
Builders should use the common schema described in each skill's `SPEC.md`:
```json
{
"schema_version": "clawsec-traffic-finding/v1",
"platform": "openclaw",
"direction": "outbound",
"protocol": "http",
"threat_type": "EXFIL",
"pattern": "ai_api_key",
"severity": "high",
"source": "127.0.0.1",
"dest": "api.example.com:443",
"snippet": "[REDACTED]",
"timestamp": "2026-04-26T00:00:00.000Z"
}
```
## Minimum Detection Families
Outbound EXFIL:
- AI API keys
- AWS access key IDs
- private key PEM markers
- SSH key file paths
- sensitive Unix file paths
- dotenv and cloud credential paths
Inbound INJECTION:
- pipe-to-shell commands
- shell exec flags
- reverse shell command shapes
- destructive remove commands
- SSH authorized-key injection shapes
Platform builders may add stable platform-specific markers, such as NanoClaw WhatsApp session paths or Picoclaw gateway token paths, once those names are verified.
## Source References
- skills/openclaw-traffic-guardian/SKILL.md
- skills/openclaw-traffic-guardian/SPEC.md
- skills/hermes-traffic-guardian/SKILL.md
- skills/hermes-traffic-guardian/SPEC.md
- skills/nanoclaw-traffic-guardian/SKILL.md
- skills/nanoclaw-traffic-guardian/SPEC.md
- skills/picoclaw-traffic-guardian/SKILL.md
- skills/picoclaw-traffic-guardian/SPEC.md