← Back to Skills Marketplace
34
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install hermes-traffic-guardian
Description
Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.
README (SKILL.md)
Hermes Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
Scope
Builders should use this skill as the Hermes landing zone for runtime traffic monitoring:
- operator-scoped HTTP proxy inspection
- optional HTTPS inspection with per-process CA trust
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- status export for
hermes-attestation-guardian
Do not add proxy runtime ownership to hermes-attestation-guardian. That skill should attest this monitor's status and configuration, not run it.
Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No global proxy environment changes.
- No blocking in the first implementation.
- Redact secrets before logs, summaries, or attestation-linked outputs.
- Keep all state under
HERMES_TRAFFIC_GUARDIAN_HOMEor$HERMES_HOME/security/traffic-guardian.
Builder Entry Points
Read SPEC.md before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
lib/ |
Detector rules, redaction, posture export, report formatting |
scripts/ |
Start, stop, status, config validation, log query, attestation export helpers |
test/ |
Unit tests, proxy fixture tests, redaction tests, attestation export tests |
Required First Implementation Behavior
- Validate config without starting the proxy.
- Start monitor in foreground or explicit background mode.
- Scope proxy environment variables to the target Hermes service or CLI process.
- Inspect HTTP request/response text up to a bounded byte limit.
- Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
- Emit JSONL findings with redacted snippets.
- Export a small posture JSON file that
hermes-attestation-guardiancan include as a trust anchor or watched file.
Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- collecting full request/response bodies
Usage Guidance
This version appears safe as an instruction-only scaffold with no runtime code. If a future implementation is added, review it separately for proxy scope, HTTPS CA handling, log redaction, log retention, and protection of the posture export file.
Capability Analysis
Type: OpenClaw Skill
Name: hermes-traffic-guardian
Version: 0.0.1-beta1
The 'hermes-traffic-guardian' bundle is a documentation-only specification and scaffold for a security monitoring tool. It contains no executable code, only placeholder directories and markdown files (SKILL.md, SPEC.md, README.md) defining requirements for a future traffic proxy. The instructions explicitly prioritize safety, including mandatory secret redaction, opt-in usage, and prohibitions against automatic system-wide changes or data exfiltration.
Capability Tags
Capability Assessment
Purpose & Capability
The stated purpose and artifacts consistently describe a traffic-monitoring scaffold, not active runtime code. Planned HTTP/HTTPS inspection is sensitive but purpose-aligned and explicitly opt-in.
Instruction Scope
The instructions emphasize opt-in use, detect-and-log defaults, redaction, bounded scanning, no default blocking, and no automatic system trust-store changes.
Install Mechanism
No install spec or code files are present, and the package describes itself as a specification baseline only.
Credentials
A future implementation would observe Hermes HTTP/HTTPS traffic and write local findings, which is sensitive but proportionate to the stated security-monitoring goal when kept process-scoped and redacted.
Persistence & Privilege
The design includes local JSONL findings and posture export, but it requires redaction, scoped storage, and no scheduler or automatic persistence unless an operator explicitly applies one.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install hermes-traffic-guardian - After installation, invoke the skill by name or use
/hermes-traffic-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.1-beta1
Release 0.0.1-beta1 via CI
Metadata
Frequently Asked Questions
What is hermes-traffic-guardian?
Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture. It is an AI Agent Skill for Claude Code / OpenClaw, with 34 downloads so far.
How do I install hermes-traffic-guardian?
Run "/install hermes-traffic-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is hermes-traffic-guardian free?
Yes, hermes-traffic-guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does hermes-traffic-guardian support?
hermes-traffic-guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created hermes-traffic-guardian?
It is built and maintained by davida-ps (@davida-ps); the current version is v0.0.1-beta1.
More Skills