← 返回 Skills 市场
34
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hermes-traffic-guardian
功能描述
Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.
使用说明 (SKILL.md)
Hermes Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
Scope
Builders should use this skill as the Hermes landing zone for runtime traffic monitoring:
- operator-scoped HTTP proxy inspection
- optional HTTPS inspection with per-process CA trust
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- status export for
hermes-attestation-guardian
Do not add proxy runtime ownership to hermes-attestation-guardian. That skill should attest this monitor's status and configuration, not run it.
Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No global proxy environment changes.
- No blocking in the first implementation.
- Redact secrets before logs, summaries, or attestation-linked outputs.
- Keep all state under
HERMES_TRAFFIC_GUARDIAN_HOMEor$HERMES_HOME/security/traffic-guardian.
Builder Entry Points
Read SPEC.md before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
lib/ |
Detector rules, redaction, posture export, report formatting |
scripts/ |
Start, stop, status, config validation, log query, attestation export helpers |
test/ |
Unit tests, proxy fixture tests, redaction tests, attestation export tests |
Required First Implementation Behavior
- Validate config without starting the proxy.
- Start monitor in foreground or explicit background mode.
- Scope proxy environment variables to the target Hermes service or CLI process.
- Inspect HTTP request/response text up to a bounded byte limit.
- Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
- Emit JSONL findings with redacted snippets.
- Export a small posture JSON file that
hermes-attestation-guardiancan include as a trust anchor or watched file.
Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- collecting full request/response bodies
安全使用建议
This version appears safe as an instruction-only scaffold with no runtime code. If a future implementation is added, review it separately for proxy scope, HTTPS CA handling, log redaction, log retention, and protection of the posture export file.
功能分析
Type: OpenClaw Skill
Name: hermes-traffic-guardian
Version: 0.0.1-beta1
The 'hermes-traffic-guardian' bundle is a documentation-only specification and scaffold for a security monitoring tool. It contains no executable code, only placeholder directories and markdown files (SKILL.md, SPEC.md, README.md) defining requirements for a future traffic proxy. The instructions explicitly prioritize safety, including mandatory secret redaction, opt-in usage, and prohibitions against automatic system-wide changes or data exfiltration.
能力标签
能力评估
Purpose & Capability
The stated purpose and artifacts consistently describe a traffic-monitoring scaffold, not active runtime code. Planned HTTP/HTTPS inspection is sensitive but purpose-aligned and explicitly opt-in.
Instruction Scope
The instructions emphasize opt-in use, detect-and-log defaults, redaction, bounded scanning, no default blocking, and no automatic system trust-store changes.
Install Mechanism
No install spec or code files are present, and the package describes itself as a specification baseline only.
Credentials
A future implementation would observe Hermes HTTP/HTTPS traffic and write local findings, which is sensitive but proportionate to the stated security-monitoring goal when kept process-scoped and redacted.
Persistence & Privilege
The design includes local JSONL findings and posture export, but it requires redaction, scoped storage, and no scheduler or automatic persistence unless an operator explicitly applies one.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hermes-traffic-guardian - 安装完成后,直接呼叫该 Skill 的名称或使用
/hermes-traffic-guardian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1-beta1
Release 0.0.1-beta1 via CI
元数据
常见问题
hermes-traffic-guardian 是什么?
Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 34 次。
如何安装 hermes-traffic-guardian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hermes-traffic-guardian」即可一键安装,无需额外配置。
hermes-traffic-guardian 是免费的吗?
是的,hermes-traffic-guardian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
hermes-traffic-guardian 支持哪些平台?
hermes-traffic-guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 hermes-traffic-guardian?
由 davida-ps(@davida-ps)开发并维护,当前版本 v0.0.1-beta1。
推荐 Skills