← Back to Skills Marketplace
easonc13

LuLu Monitor

by Eason Chen · GitHub ↗ · v2.0.0
cross-platform ⚠ suspicious
1567
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install lulu-monitor
Description
AI-powered LuLu Firewall companion for macOS. Monitors firewall alerts, analyzes connections with AI, sends Telegram notifications with Allow/Block buttons....
README (SKILL.md)

LuLu Monitor

AI-powered companion for LuLu Firewall on macOS.

LuLu Monitor Screenshot

What It Does

  1. Monitors LuLu firewall alert popups
  2. Extracts connection info (process, IP, port, DNS)
  3. Spawns a fast AI (haiku) to analyze the connection
  4. Sends Telegram notification with risk assessment
  5. Provides 4 action buttons: Always Allow, Allow Once, Always Block, Block Once
  6. Executes the action on LuLu when user taps a button

Auto-Execute Mode (Optional)

For reduced interruptions, enable auto-execute mode. When the AI has high confidence (known safe programs like curl, brew, node, git connecting to normal destinations), it will:

  1. Automatically execute the Allow action
  2. Still send a Telegram notification explaining what was auto-allowed

To enable:

# Create config.json in install directory
cat > ~/.openclaw/lulu-monitor/config.json \x3C\x3C 'EOF'
{
  "telegramId": "YOUR_TELEGRAM_ID",
  "autoExecute": true,
  "autoExecuteAction": "allow-once"
}
EOF

Options:

  • autoExecute: false (default) - all alerts require manual button press
  • autoExecuteAction: "allow-once" (default, conservative) or "allow" (permanent rule)

Installation

Prerequisites

Run the check script first:

bash scripts/check-prerequisites.sh

Required:

  • LuLu Firewall: brew install --cask lulu
  • Node.js: brew install node
  • OpenClaw Gateway: Running with Telegram channel configured
  • Accessibility Permission: System Settings > Privacy > Accessibility > Enable Terminal/osascript

Gateway Configuration (Required)

The monitor calls sessions_spawn via OpenClaw's /tools/invoke HTTP API. This tool is blocked by default. Add it to the allowlist in ~/.openclaw/openclaw.json:

{
  "gateway": {
    "tools": {
      "allow": ["sessions_spawn"]
    }
  }
}

Without this, alerts will be detected but fail to forward (404 in logs).

Install

bash scripts/install.sh

This will:

  1. Clone the repo to ~/.openclaw/lulu-monitor/
  2. Install npm dependencies
  3. Set up launchd for auto-start
  4. Start the service

Verify

curl http://127.0.0.1:4441/status

Should return {"running":true,...}

Sending Alerts with Inline Buttons

⚠️ The message tool's buttons/components parameter does NOT work for Telegram inline buttons. You must use the CLI via exec:

openclaw message send --channel telegram --target \x3Cchat_id> \
  --message "🔔 LuLu Alert: \x3Csummary>" \
  --buttons '[[{"text":"✅ Always Allow","callback_data":"lulu:allow"},{"text":"✅ Allow Once","callback_data":"lulu:allow-once"}],[{"text":"❌ Always Block","callback_data":"lulu:block"},{"text":"❌ Block Once","callback_data":"lulu:block-once"}]]'

After sending via CLI, reply with NO_REPLY to avoid duplicate messages.

Handling Callbacks

When user clicks a Telegram button, OpenClaw receives a callback like:

callback_data: lulu:allow
callback_data: lulu:allow-once
callback_data: lulu:block
callback_data: lulu:block-once

To handle it, call the local endpoint:

curl -X POST http://127.0.0.1:4441/callback \
  -H "Content-Type: application/json" \
  -d '{"action":"allow"}'  # or "block", "allow-once", "block-once"

This will:

  1. Click the appropriate button on LuLu alert
  2. Set Rule Scope to "endpoint"
  3. Set Rule Duration to "Always" or "Process lifetime"
  4. Edit the Telegram message to show result

Troubleshooting

Service not running

# Check status
launchctl list | grep lulu-monitor

# View logs
tail -f ~/.openclaw/lulu-monitor/logs/stdout.log

# Restart
launchctl unload ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist
launchctl load ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist

Accessibility permission issues

AppleScript needs permission to control LuLu. Go to: System Settings > Privacy & Security > Accessibility Enable: Terminal, iTerm, or whatever terminal you use

Alert not detected

  • Ensure LuLu is running: pgrep -x LuLu
  • Check if alert window exists: osascript -e 'tell application "System Events" to tell process "LuLu" to get every window'

Uninstall

bash ~/.openclaw/lulu-monitor/skill/scripts/uninstall.sh
Usage Guidance
This skill mostly does what it claims, but it makes two changes you should review before installing: (1) it clones and runs code from a GitHub repo and runs npm install — inspect the repository (especially src/index.js and package.json scripts) before running install.sh to ensure there are no malicious install scripts or unexpected network calls; (2) it instructs you to add sessions_spawn to your OpenClaw gateway allowlist — that enables a powerful tool globally on your gateway and increases the potential blast radius if other code accesses the gateway. Also review the generated launchd plist and logs, and be cautious with the optional auto-execute mode (it can automatically allow connections). If you don't want to trust the remote repo, consider manually reviewing and vendorizing the code, or running the service in a restricted environment (separate user account or VM) and only enabling sessions_spawn if you understand and accept the implications.
Capability Analysis
Type: OpenClaw Skill Name: lulu-monitor Version: 2.0.0 The skill is classified as suspicious due to its requirement for high-risk permissions and capabilities, even though these are explicitly disclosed. Specifically, it instructs the user to allow the `sessions_spawn` tool in OpenClaw's gateway configuration (SKILL.md), which grants the AI agent broad command execution capabilities. The `install.sh` script also sets up a persistent `launchd` service, running a Node.js script (`src/index.js`, not provided) with system-level persistence, and the skill requires macOS Accessibility Permissions to interact with the LuLu Firewall GUI. While these capabilities are explained as necessary for the skill's stated purpose, they represent a significant attack surface and potential for abuse if the core logic were compromised or contained hidden malicious intent, classifying it as having risky capabilities without clear malicious intent.
Capability Assessment
Purpose & Capability
The name/description (LuLu firewall companion that sends Telegram alerts and applies allow/block actions) matches the files and instructions: it requires LuLu, Node, OpenClaw Gateway (with Telegram channel) and installs a local Node service to inspect alerts and call back to LuLu. Using the OpenClaw CLI and local HTTP endpoints is coherent with the purpose.
Instruction Scope
SKILL.md and scripts limit activity to local endpoints, LuLu UI automation (AppleScript/Accessibility), and OpenClaw Gateway calls. However, the instructions explicitly require adding sessions_spawn to OpenClaw's allowlist and rely on invoking the gateway's /tools/invoke API — that is broader than just reading local alerts because it enables a gateway tool that can spawn sessions. The skill also recommends using CLI exec to send Telegram inline buttons and instructs creating a config file in ~/.openclaw/lulu-monitor/config.json. There is no instruction to exfiltrate secrets, but the gateway allowlist change is significant and should be reviewed.
Install Mechanism
The included install.sh clones a GitHub repository (https://github.com/EasonC13-agent/lulu-monitor.git) and runs npm install, then creates a launchd plist to run src/index.js. Cloning from GitHub is traceable (not a random IP or pastebin), but npm install runs third-party packages (and lifecycle scripts), which can execute arbitrary code on install. The skill writes files to ~/.openclaw/lulu-monitor and installs a persistent service — moderate install risk that is expected for this kind of tool but worth auditing the remote repo and package.json before running.
Credentials
The skill does not request secret environment variables and only needs the OpenClaw instance to be configured with a Telegram channel. That is proportionate. However, it asks you to modify OpenClaw's config to allow the sessions_spawn tool; this is a privilege escalation for the gateway and is not locally scoped to just this skill's config (so it increases the system-wide capabilities available to other code interacting with the gateway).
Persistence & Privilege
The installer creates a launchd service that runs continuously under the user's account. That's expected for a monitoring agent, but combined with the required OpenClaw allowlist change (sessions_spawn) it increases persistent privileges and attack surface: a persistent agent plus a broadly enabled gateway tool could enable remote command/session spawning via the gateway. 'always' is false, but the skill still requests persistent presence and a global gateway permission change.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install lulu-monitor
  3. After installation, invoke the skill by name or use /lulu-monitor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Multi-user push, action logging, actor display
v1.1.2
Fix: Telegram inline buttons must use CLI (openclaw message send --buttons), not message tool. Added docs section on sending alerts with buttons.
v1.4.0
Document gateway.tools.allow sessions_spawn requirement (required for /tools/invoke to work)
v1.3.0
Add screenshot showing Telegram notifications with AI analysis
v1.2.0
Add autoExecuteAction config: default allow-once (conservative)
v1.1.1
Documentation improvements
v1.1.0
Add auto-execute mode for high confidence alerts (opt-in)
v1.0.0
Initial release: AI-powered LuLu Firewall companion with Telegram notifications
Metadata
Slug lulu-monitor
Version 2.0.0
License
All-time Installs 1
Active Installs 0
Total Versions 8
Frequently Asked Questions

What is LuLu Monitor?

AI-powered LuLu Firewall companion for macOS. Monitors firewall alerts, analyzes connections with AI, sends Telegram notifications with Allow/Block buttons.... It is an AI Agent Skill for Claude Code / OpenClaw, with 1567 downloads so far.

How do I install LuLu Monitor?

Run "/install lulu-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is LuLu Monitor free?

Yes, LuLu Monitor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does LuLu Monitor support?

LuLu Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created LuLu Monitor?

It is built and maintained by Eason Chen (@easonc13); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments