davida-ps
369745821f
* feat(traffic-guardian): add runtime monitoring skill baselines * fix(traffic-guardian): align changelog and i18n fallback docs * chore(traffic-guardian): prepare beta1 release metadata
3.9 KiB
Runtime Traffic Guardian Baseline
Summary
This module defines the baseline for a new platform-specific runtime traffic monitoring family:
skills/openclaw-traffic-guardian/skills/hermes-traffic-guardian/skills/nanoclaw-traffic-guardian/skills/picoclaw-traffic-guardian/
These packages are intentionally specification scaffolds. They reserve the skill names, platform metadata, SBOM entries, frontmatter, folder structure, and safety contracts so platform builders can add implementations without changing the architectural decision.
Capability Gap
The existing ClawSec matrix covers advisory verification, config drift, self-pen-testing/posture review, and supply-chain verification. It does not currently provide live runtime traffic monitoring:
- HTTP request/response inspection
- optional HTTPS inspection with explicit CA trust
- outbound secret exfiltration detection
- inbound command-injection detection
- redacted local threat logging
- platform-specific status/profile/attestation surfaces
Architecture Decision
Runtime traffic monitoring is a separate skill family, not an extension of existing posture or scanner skills.
Reasoning:
clawsec-scanneris periodic report-only vulnerability scanning and OpenClaw hook DAST.hermes-attestation-guardianproduces and verifies deterministic posture artifacts; it should attest monitor state, not run a proxy.clawsec-nanoclawowns advisory/signature/integrity MCP tools; traffic interception requires host-side network ownership and stricter container boundaries.picoclaw-security-guardianis read-only posture/drift/supply-chain logic; proxy runtime would violate that safety posture.
Shared Safety Contract
All traffic guardian implementations must preserve these constraints:
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No global
HTTP_PROXYorHTTPS_PROXYmutation. - No blocking in the first implementation.
- Redact secret snippets before persistence or surfaced output.
- Bound scan bytes and log retention.
- Keep platform adapter state under platform-specific ClawSec security directories.
Platform Ownership
| Skill | Runtime owner | Integration point |
|---|---|---|
openclaw-traffic-guardian |
OpenClaw adapter | Optional clawsec-suite add-on and optional OpenClaw hook/status integration |
hermes-traffic-guardian |
Hermes adapter | Posture export watched by hermes-attestation-guardian |
nanoclaw-traffic-guardian |
NanoClaw host service | Container-safe MCP tools and IPC result channel |
picoclaw-traffic-guardian |
Picoclaw adapter | Profile fragment consumed by picoclaw-security-guardian |
Shared Finding Schema
Builders should use the common schema described in each skill's SPEC.md:
{
"schema_version": "clawsec-traffic-finding/v1",
"platform": "openclaw",
"direction": "outbound",
"protocol": "http",
"threat_type": "EXFIL",
"pattern": "ai_api_key",
"severity": "high",
"source": "127.0.0.1",
"dest": "api.example.com:443",
"snippet": "[REDACTED]",
"timestamp": "2026-04-26T00:00:00.000Z"
}
Minimum Detection Families
Outbound EXFIL:
- AI API keys
- AWS access key IDs
- private key PEM markers
- SSH key file paths
- sensitive Unix file paths
- dotenv and cloud credential paths
Inbound INJECTION:
- pipe-to-shell commands
- shell exec flags
- reverse shell command shapes
- destructive remove commands
- SSH authorized-key injection shapes
Platform builders may add stable platform-specific markers, such as NanoClaw WhatsApp session paths or Picoclaw gateway token paths, once those names are verified.
Source References
- skills/openclaw-traffic-guardian/SKILL.md
- skills/openclaw-traffic-guardian/SPEC.md
- skills/hermes-traffic-guardian/SKILL.md
- skills/hermes-traffic-guardian/SPEC.md
- skills/nanoclaw-traffic-guardian/SKILL.md
- skills/nanoclaw-traffic-guardian/SPEC.md
- skills/picoclaw-traffic-guardian/SKILL.md
- skills/picoclaw-traffic-guardian/SPEC.md