← 返回 Skills 市场

Fletcher Cyber Security Engineer

Name: Fletcher Cyber Security Engineer
Author: fletcherfrimpong

作者 FletcherFrimpong · GitHub ↗ · v0.1.2

cross-platform ⚠ suspicious

991

总下载

当前安装

版本数

在 OpenClaw 中安装

/install fletcher-cyber-security-engineer

功能描述

Manage and enforce least-privilege execution, approval-based elevation, port and egress monitoring, and ISO 27001/NIST compliance reporting for OpenClaw secu...

使用说明 (SKILL.md)

Cyber Security Engineer

Implement these controls in every security-sensitive task:

Keep default execution in normal (non-root) mode.
Request explicit user approval before any elevated command.
Scope elevation to the minimum command set required for the active task.
Drop elevated state immediately after the privileged command completes.
Expire elevated state after 30 idle minutes and require re-approval.
Monitor listening network ports and flag insecure or unapproved exposure.
Monitor outbound connections and flag destinations not in the egress allowlist.
If no approved baseline exists, generate one and require user review/pruning.
Benchmark controls against ISO 27001 and NIST and report violations with mitigations.

Non-Goals (Web Browsing)

Do not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill.

Files To Use

references/least-privilege-policy.md
references/port-monitoring-policy.md
references/compliance-controls-map.json
references/approved_ports.template.json
references/command-policy.template.json
references/prompt-policy.template.json
references/egress-allowlist.template.json
scripts/preflight_check.py
scripts/root_session_guard.py
scripts/audit_logger.py
scripts/command_policy.py
scripts/prompt_policy.py
scripts/guarded_privileged_exec.py
scripts/install-openclaw-runtime-hook.sh
scripts/port_monitor.py
scripts/generate_approved_ports.py
scripts/egress_monitor.py
scripts/notify_on_violation.py
scripts/compliance_dashboard.py
scripts/live_assessment.py

Behavior

Never keep root/elevated access open between unrelated tasks.
Never execute root commands without an explicit approval step in the current flow.
Enforce command allow/deny policy when configured.
Require confirmation when untrusted content sources are detected (OPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).
Enforce task session id scoping when configured (OPENCLAW_REQUIRE_SESSION_ID=1).
If timeout is exceeded, force session expiration and approval renewal.
Log privileged actions to ~/.openclaw/security/privileged-audit.jsonl (best-effort).
Flag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.
Flag outbound destinations not present in the egress allowlist.

Output Contract

When reporting status, include:

The specific check_id(s) affected, status, risk, and concise evidence.
Concrete mitigations (what to change, where) and any owners/due dates if present.
For network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public).

安全使用建议

This skill appears to implement the privilege governance features it claims (audit logging, guarded privileged exec, port/egress monitors, compliance reporting). Before installing or running it, check three things: (1) confirm whether the included install script (install-openclaw-runtime-hook.sh) will be executed automatically by the platform or only when you explicitly run it — installing a runtime hook can change global agent behavior and should be run only with full understanding and approval; (2) verify the platform will provide the expected system tools (lsof/ss/netstat) or that you are comfortable granting the skill the ability to call them, since the registry does not declare required binaries; (3) accept that the skill reads and writes files under ~/.openclaw and honors environment flags like OPENCLAW_UNTRUSTED_SOURCE and OPENCLAW_REQUIRE_SESSION_ID — these env vars are referenced but not declared in the registry, so set/inspect them explicitly. If you need higher assurance, review the full contents of install-openclaw-runtime-hook.sh and root_session_guard/guarded_privileged_exec.py to ensure they do not modify other skills' configs or attempt network callbacks. If any of those checks fail or are unclear, treat the package cautiously or run it in an isolated environment first.

功能分析

Type: OpenClaw Skill Name: fletcher-cyber-security-engineer Version: 0.1.2 The skill bundle is designed for security hardening and governance, but contains two significant vulnerabilities. The `scripts/notify_on_violation.py` script uses `subprocess.run(..., shell=True)` with a command taken from an environment variable (`OPENCLAW_VIOLATION_NOTIFY_CMD`) and input derived from a JSON report. This creates a shell injection vulnerability if an attacker can control the report content or the environment variable. Additionally, `scripts/live_assessment.py` allows overriding the `openclaw` binary path via `~/.openclaw/openclaw-bin-path.txt`, which could lead to arbitrary code execution if an attacker can write to this local file. These are vulnerabilities that allow attacks, not proof of intentional malice.

能力评估

ℹ Purpose & Capability

The name/description (privilege governance, port/egress monitoring, ISO/NIST reporting) matches the included scripts (port_monitor, egress_monitor, guarded_privileged_exec, audit_logger, dashboard, etc.). However, the SKILL metadata declares no required binaries while scripts call system utilities (lsof/ss/netstat); likewise SKILL files and agents/openai.yaml reference OPENCLAW_* environment flags and policy files under ~/.openclaw, but the registry lists no required env vars. These are plausible design choices but the mismatch between declared requirements and actual code is noteworthy.

⚠ Instruction Scope

SKILL.md instructs the agent to use bundled scripts and to enforce approval-first elevation and to write logs to ~/.openclaw/security/privileged-audit.jsonl — that is consistent. But the SKILL.md and agent prompt reference environment variables (OPENCLAW_UNTRUSTED_SOURCE, OPENCLAW_REQUIRE_SESSION_ID and generic OPENCLAW_*), and the code reads/writes files in the user's home (~/.openclaw) and may install runtime hooks. The skill directs the agent to run system commands (lsof/ss/netstat) and to potentially alter runtime behavior via an 'install-openclaw-runtime-hook.sh' script. The instructions do not declare or limit when the installer should run; any automatic or poorly gated invocation of the installer would be high-impact. The guidance to never elevate without explicit approval is present in SKILL.md, but you should verify how/when the install scripts are executed in practice.

ℹ Install Mechanism

There is no formal install spec in the registry (no package downloads). All code is bundled in the skill. That lowers supply-chain risk compared to external downloads. However, the package includes a script named install-openclaw-runtime-hook.sh which (when run) will likely alter runtime configuration. Because there is no declared install step, it's unclear whether that script is run automatically by the platform or left to a manual operator — clarify that before proceeding.

⚠ Credentials

The skill does not request secrets or credentials, which is appropriate. But SKILL.md and agents/openai.yaml reference OPENCLAW_* environment variables (OPENCLAW_UNTRUSTED_SOURCE, OPENCLAW_REQUIRE_SESSION_ID and others) and rely on policy/config files under ~/.openclaw/security. Those env vars are not declared in requires.env; the mismatch is a governance/visibility issue. The code also expects system utilities (lsof/ss/netstat) but the registry lists no required binaries. While no credentials are requested, the skill will read and write files in the user's home directory and may inspect active network connections — this is proportional to the stated purpose but you should be aware and accept those file/host-level accesses explicitly.

ℹ Persistence & Privilege

The skill is not always: true and does not declare autonomous-only privileges beyond normal agent invocation. That is good. However, it includes an install script which appears intended to install a runtime privileged-execution hook. Installing such a hook would increase the skill's persistence/impact by changing runtime behavior for future commands. The SKILL.md emphasizes requiring explicit user approval for elevation, but you should confirm whether the hook-install action itself requires explicit manual approval and whether it modifies global agent/runtime configuration or just the skill's own config files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install fletcher-cyber-security-engineer
安装完成后，直接呼叫该 Skill 的名称或使用 /fletcher-cyber-security-engineer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.2

Patch-6: documentation refresh; guarded privileged exec + live assessment hygiene; root session guard docstring.

v0.1.1

Add preflight_check.py and OPENCLAW_REQUIRE_POLICY_FILES enforcement for privileged execution; tighten docs and assessment hygiene.

v0.1.0

Initial release: least-privilege guardrails, port and egress monitoring, ISO27001/NIST dashboard, violation notifications.

元数据

Slug fletcher-cyber-security-engineer

版本 0.1.2

许可证 —

累计安装 1

当前安装数 1

历史版本数 3

常见问题