← Back to Skills Marketplace
fletcherfrimpong

Fletcher Cyber Security Engineer

by FletcherFrimpong · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
991
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install fletcher-cyber-security-engineer
Description
Manage and enforce least-privilege execution, approval-based elevation, port and egress monitoring, and ISO 27001/NIST compliance reporting for OpenClaw secu...
README (SKILL.md)

Cyber Security Engineer

Implement these controls in every security-sensitive task:

  1. Keep default execution in normal (non-root) mode.
  2. Request explicit user approval before any elevated command.
  3. Scope elevation to the minimum command set required for the active task.
  4. Drop elevated state immediately after the privileged command completes.
  5. Expire elevated state after 30 idle minutes and require re-approval.
  6. Monitor listening network ports and flag insecure or unapproved exposure.
  7. Monitor outbound connections and flag destinations not in the egress allowlist.
  8. If no approved baseline exists, generate one and require user review/pruning.
  9. Benchmark controls against ISO 27001 and NIST and report violations with mitigations.

Non-Goals (Web Browsing)

  • Do not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill.

Files To Use

  • references/least-privilege-policy.md
  • references/port-monitoring-policy.md
  • references/compliance-controls-map.json
  • references/approved_ports.template.json
  • references/command-policy.template.json
  • references/prompt-policy.template.json
  • references/egress-allowlist.template.json
  • scripts/preflight_check.py
  • scripts/root_session_guard.py
  • scripts/audit_logger.py
  • scripts/command_policy.py
  • scripts/prompt_policy.py
  • scripts/guarded_privileged_exec.py
  • scripts/install-openclaw-runtime-hook.sh
  • scripts/port_monitor.py
  • scripts/generate_approved_ports.py
  • scripts/egress_monitor.py
  • scripts/notify_on_violation.py
  • scripts/compliance_dashboard.py
  • scripts/live_assessment.py

Behavior

  • Never keep root/elevated access open between unrelated tasks.
  • Never execute root commands without an explicit approval step in the current flow.
  • Enforce command allow/deny policy when configured.
  • Require confirmation when untrusted content sources are detected (OPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).
  • Enforce task session id scoping when configured (OPENCLAW_REQUIRE_SESSION_ID=1).
  • If timeout is exceeded, force session expiration and approval renewal.
  • Log privileged actions to ~/.openclaw/security/privileged-audit.jsonl (best-effort).
  • Flag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.
  • Flag outbound destinations not present in the egress allowlist.

Output Contract

When reporting status, include:

  • The specific check_id(s) affected, status, risk, and concise evidence.
  • Concrete mitigations (what to change, where) and any owners/due dates if present.
  • For network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public).
Usage Guidance
This skill appears to implement the privilege governance features it claims (audit logging, guarded privileged exec, port/egress monitors, compliance reporting). Before installing or running it, check three things: (1) confirm whether the included install script (install-openclaw-runtime-hook.sh) will be executed automatically by the platform or only when you explicitly run it — installing a runtime hook can change global agent behavior and should be run only with full understanding and approval; (2) verify the platform will provide the expected system tools (lsof/ss/netstat) or that you are comfortable granting the skill the ability to call them, since the registry does not declare required binaries; (3) accept that the skill reads and writes files under ~/.openclaw and honors environment flags like OPENCLAW_UNTRUSTED_SOURCE and OPENCLAW_REQUIRE_SESSION_ID — these env vars are referenced but not declared in the registry, so set/inspect them explicitly. If you need higher assurance, review the full contents of install-openclaw-runtime-hook.sh and root_session_guard/guarded_privileged_exec.py to ensure they do not modify other skills' configs or attempt network callbacks. If any of those checks fail or are unclear, treat the package cautiously or run it in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill Name: fletcher-cyber-security-engineer Version: 0.1.2 The skill bundle is designed for security hardening and governance, but contains two significant vulnerabilities. The `scripts/notify_on_violation.py` script uses `subprocess.run(..., shell=True)` with a command taken from an environment variable (`OPENCLAW_VIOLATION_NOTIFY_CMD`) and input derived from a JSON report. This creates a shell injection vulnerability if an attacker can control the report content or the environment variable. Additionally, `scripts/live_assessment.py` allows overriding the `openclaw` binary path via `~/.openclaw/openclaw-bin-path.txt`, which could lead to arbitrary code execution if an attacker can write to this local file. These are vulnerabilities that allow attacks, not proof of intentional malice.
Capability Assessment
Purpose & Capability
The name/description (privilege governance, port/egress monitoring, ISO/NIST reporting) matches the included scripts (port_monitor, egress_monitor, guarded_privileged_exec, audit_logger, dashboard, etc.). However, the SKILL metadata declares no required binaries while scripts call system utilities (lsof/ss/netstat); likewise SKILL files and agents/openai.yaml reference OPENCLAW_* environment flags and policy files under ~/.openclaw, but the registry lists no required env vars. These are plausible design choices but the mismatch between declared requirements and actual code is noteworthy.
Instruction Scope
SKILL.md instructs the agent to use bundled scripts and to enforce approval-first elevation and to write logs to ~/.openclaw/security/privileged-audit.jsonl — that is consistent. But the SKILL.md and agent prompt reference environment variables (OPENCLAW_UNTRUSTED_SOURCE, OPENCLAW_REQUIRE_SESSION_ID and generic OPENCLAW_*), and the code reads/writes files in the user's home (~/.openclaw) and may install runtime hooks. The skill directs the agent to run system commands (lsof/ss/netstat) and to potentially alter runtime behavior via an 'install-openclaw-runtime-hook.sh' script. The instructions do not declare or limit when the installer should run; any automatic or poorly gated invocation of the installer would be high-impact. The guidance to never elevate without explicit approval is present in SKILL.md, but you should verify how/when the install scripts are executed in practice.
Install Mechanism
There is no formal install spec in the registry (no package downloads). All code is bundled in the skill. That lowers supply-chain risk compared to external downloads. However, the package includes a script named install-openclaw-runtime-hook.sh which (when run) will likely alter runtime configuration. Because there is no declared install step, it's unclear whether that script is run automatically by the platform or left to a manual operator — clarify that before proceeding.
Credentials
The skill does not request secrets or credentials, which is appropriate. But SKILL.md and agents/openai.yaml reference OPENCLAW_* environment variables (OPENCLAW_UNTRUSTED_SOURCE, OPENCLAW_REQUIRE_SESSION_ID and others) and rely on policy/config files under ~/.openclaw/security. Those env vars are not declared in requires.env; the mismatch is a governance/visibility issue. The code also expects system utilities (lsof/ss/netstat) but the registry lists no required binaries. While no credentials are requested, the skill will read and write files in the user's home directory and may inspect active network connections — this is proportional to the stated purpose but you should be aware and accept those file/host-level accesses explicitly.
Persistence & Privilege
The skill is not always: true and does not declare autonomous-only privileges beyond normal agent invocation. That is good. However, it includes an install script which appears intended to install a runtime privileged-execution hook. Installing such a hook would increase the skill's persistence/impact by changing runtime behavior for future commands. The SKILL.md emphasizes requiring explicit user approval for elevation, but you should confirm whether the hook-install action itself requires explicit manual approval and whether it modifies global agent/runtime configuration or just the skill's own config files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install fletcher-cyber-security-engineer
  3. After installation, invoke the skill by name or use /fletcher-cyber-security-engineer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Patch-6: documentation refresh; guarded privileged exec + live assessment hygiene; root session guard docstring.
v0.1.1
Add preflight_check.py and OPENCLAW_REQUIRE_POLICY_FILES enforcement for privileged execution; tighten docs and assessment hygiene.
v0.1.0
Initial release: least-privilege guardrails, port and egress monitoring, ISO27001/NIST dashboard, violation notifications.
Metadata
Slug fletcher-cyber-security-engineer
Version 0.1.2
License
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is Fletcher Cyber Security Engineer?

Manage and enforce least-privilege execution, approval-based elevation, port and egress monitoring, and ISO 27001/NIST compliance reporting for OpenClaw secu... It is an AI Agent Skill for Claude Code / OpenClaw, with 991 downloads so far.

How do I install Fletcher Cyber Security Engineer?

Run "/install fletcher-cyber-security-engineer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Fletcher Cyber Security Engineer free?

Yes, Fletcher Cyber Security Engineer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Fletcher Cyber Security Engineer support?

Fletcher Cyber Security Engineer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Fletcher Cyber Security Engineer?

It is built and maintained by FletcherFrimpong (@fletcherfrimpong); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments