← Back to Skills Marketplace
ClawSec
by
Paperknight
· GitHub ↗
· v1.0.0
16801
Downloads
13
Stars
261
Active Installs
1
Versions
Install in OpenClaw
/install clawsec
Description
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Usage Guidance
Install or use this only if you trust and have reviewed the actual ClawSec Monitor implementation. Prefer per-process CA settings over system-wide trust, route only the agents you intend to monitor, protect and delete /tmp/clawsec logs when finished, and remove any trusted CA or Docker volume after use.
Capability Analysis
Type: OpenClaw Skill
Name: clawsec
Version: 1.0.0
The skill describes a security monitoring tool (ClawSec Monitor) designed to intercept and inspect AI agent HTTP/HTTPS traffic for threats like data exfiltration and command injection. The `skill.md` provides instructions for the AI agent to help users manage, operate, and troubleshoot this proxy. All commands and instructions are directly related to the stated purpose of a security monitor. There is no evidence of malicious intent, prompt injection attempts to subvert the agent, or instructions for the agent to perform unauthorized actions, exfiltrate data, or establish persistence. The privileged operations (e.g., `sudo` for CA installation) are part of the legitimate setup for a security proxy, not an exploit.
Capability Assessment
Purpose & Capability
The stated purpose is coherent with a ClawSec traffic monitor, and MITM behavior is disclosed, but the capability exposes sensitive proxied traffic including API keys, prompts, responses, and session-bearing headers.
Instruction Scope
The operational commands are related to the stated purpose, but the skill includes system trust-store changes, proxy routing, foreground/background service operation, and troubleshooting guidance without clear consent, scope, or removal steps.
Install Mechanism
The submitted package contains only skill.md while referencing a Python monitor, Dockerfile, compose file, tests, and requirements that are not included for review; the agent may be guided to run local or externally obtained high-impact code.
Credentials
HTTPS interception and a local trusted CA are proportionate to a MITM security monitor, but system-wide CA installation is broader than necessary when per-process trust is also available.
Persistence & Privilege
The artifact discloses persistent logs under /tmp/clawsec and a Docker volume that keeps CA material across restarts, but it does not provide cleanup, revocation, or log-protection guidance.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawsec - After installation, invoke the skill by name or use
/clawsec - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Security proxy with HTTPS MITM for Moltbot. Monitors traffic,
catches API key exfiltration, command injection, and SSH abuse.
Built after finding 341 malicious skills. One-command install.
Production-tested: 5,152 req/s, 34/34 tests passed.
Metadata
Frequently Asked Questions
What is ClawSec?
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time. It is an AI Agent Skill for Claude Code / OpenClaw, with 16801 downloads so far.
How do I install ClawSec?
Run "/install clawsec" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawSec free?
Yes, ClawSec is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ClawSec support?
ClawSec is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawSec?
It is built and maintained by Paperknight (@chrisochrisochriso-cmyk); the current version is v1.0.0.
More Skills