← 返回 Skills 市场
LuLu Monitor
作者
Eason Chen
· GitHub ↗
· v2.0.0
1567
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install lulu-monitor
功能描述
AI-powered LuLu Firewall companion for macOS. Monitors firewall alerts, analyzes connections with AI, sends Telegram notifications with Allow/Block buttons....
使用说明 (SKILL.md)
LuLu Monitor
AI-powered companion for LuLu Firewall on macOS.
What It Does
- Monitors LuLu firewall alert popups
- Extracts connection info (process, IP, port, DNS)
- Spawns a fast AI (haiku) to analyze the connection
- Sends Telegram notification with risk assessment
- Provides 4 action buttons: Always Allow, Allow Once, Always Block, Block Once
- Executes the action on LuLu when user taps a button
Auto-Execute Mode (Optional)
For reduced interruptions, enable auto-execute mode. When the AI has high confidence (known safe programs like curl, brew, node, git connecting to normal destinations), it will:
- Automatically execute the Allow action
- Still send a Telegram notification explaining what was auto-allowed
To enable:
# Create config.json in install directory
cat > ~/.openclaw/lulu-monitor/config.json \x3C\x3C 'EOF'
{
"telegramId": "YOUR_TELEGRAM_ID",
"autoExecute": true,
"autoExecuteAction": "allow-once"
}
EOF
Options:
autoExecute:false(default) - all alerts require manual button pressautoExecuteAction:"allow-once"(default, conservative) or"allow"(permanent rule)
Installation
Prerequisites
Run the check script first:
bash scripts/check-prerequisites.sh
Required:
- LuLu Firewall:
brew install --cask lulu - Node.js:
brew install node - OpenClaw Gateway: Running with Telegram channel configured
- Accessibility Permission: System Settings > Privacy > Accessibility > Enable Terminal/osascript
Gateway Configuration (Required)
The monitor calls sessions_spawn via OpenClaw's /tools/invoke HTTP API. This tool is blocked by default. Add it to the allowlist in ~/.openclaw/openclaw.json:
{
"gateway": {
"tools": {
"allow": ["sessions_spawn"]
}
}
}
Without this, alerts will be detected but fail to forward (404 in logs).
Install
bash scripts/install.sh
This will:
- Clone the repo to
~/.openclaw/lulu-monitor/ - Install npm dependencies
- Set up launchd for auto-start
- Start the service
Verify
curl http://127.0.0.1:4441/status
Should return {"running":true,...}
Sending Alerts with Inline Buttons
⚠️ The message tool's buttons/components parameter does NOT work for Telegram inline buttons. You must use the CLI via exec:
openclaw message send --channel telegram --target \x3Cchat_id> \
--message "🔔 LuLu Alert: \x3Csummary>" \
--buttons '[[{"text":"✅ Always Allow","callback_data":"lulu:allow"},{"text":"✅ Allow Once","callback_data":"lulu:allow-once"}],[{"text":"❌ Always Block","callback_data":"lulu:block"},{"text":"❌ Block Once","callback_data":"lulu:block-once"}]]'
After sending via CLI, reply with NO_REPLY to avoid duplicate messages.
Handling Callbacks
When user clicks a Telegram button, OpenClaw receives a callback like:
callback_data: lulu:allow
callback_data: lulu:allow-once
callback_data: lulu:block
callback_data: lulu:block-once
To handle it, call the local endpoint:
curl -X POST http://127.0.0.1:4441/callback \
-H "Content-Type: application/json" \
-d '{"action":"allow"}' # or "block", "allow-once", "block-once"
This will:
- Click the appropriate button on LuLu alert
- Set Rule Scope to "endpoint"
- Set Rule Duration to "Always" or "Process lifetime"
- Edit the Telegram message to show result
Troubleshooting
Service not running
# Check status
launchctl list | grep lulu-monitor
# View logs
tail -f ~/.openclaw/lulu-monitor/logs/stdout.log
# Restart
launchctl unload ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist
launchctl load ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist
Accessibility permission issues
AppleScript needs permission to control LuLu. Go to: System Settings > Privacy & Security > Accessibility Enable: Terminal, iTerm, or whatever terminal you use
Alert not detected
- Ensure LuLu is running:
pgrep -x LuLu - Check if alert window exists:
osascript -e 'tell application "System Events" to tell process "LuLu" to get every window'
Uninstall
bash ~/.openclaw/lulu-monitor/skill/scripts/uninstall.sh
安全使用建议
This skill mostly does what it claims, but it makes two changes you should review before installing: (1) it clones and runs code from a GitHub repo and runs npm install — inspect the repository (especially src/index.js and package.json scripts) before running install.sh to ensure there are no malicious install scripts or unexpected network calls; (2) it instructs you to add sessions_spawn to your OpenClaw gateway allowlist — that enables a powerful tool globally on your gateway and increases the potential blast radius if other code accesses the gateway. Also review the generated launchd plist and logs, and be cautious with the optional auto-execute mode (it can automatically allow connections). If you don't want to trust the remote repo, consider manually reviewing and vendorizing the code, or running the service in a restricted environment (separate user account or VM) and only enabling sessions_spawn if you understand and accept the implications.
功能分析
Type: OpenClaw Skill
Name: lulu-monitor
Version: 2.0.0
The skill is classified as suspicious due to its requirement for high-risk permissions and capabilities, even though these are explicitly disclosed. Specifically, it instructs the user to allow the `sessions_spawn` tool in OpenClaw's gateway configuration (SKILL.md), which grants the AI agent broad command execution capabilities. The `install.sh` script also sets up a persistent `launchd` service, running a Node.js script (`src/index.js`, not provided) with system-level persistence, and the skill requires macOS Accessibility Permissions to interact with the LuLu Firewall GUI. While these capabilities are explained as necessary for the skill's stated purpose, they represent a significant attack surface and potential for abuse if the core logic were compromised or contained hidden malicious intent, classifying it as having risky capabilities without clear malicious intent.
能力评估
Purpose & Capability
The name/description (LuLu firewall companion that sends Telegram alerts and applies allow/block actions) matches the files and instructions: it requires LuLu, Node, OpenClaw Gateway (with Telegram channel) and installs a local Node service to inspect alerts and call back to LuLu. Using the OpenClaw CLI and local HTTP endpoints is coherent with the purpose.
Instruction Scope
SKILL.md and scripts limit activity to local endpoints, LuLu UI automation (AppleScript/Accessibility), and OpenClaw Gateway calls. However, the instructions explicitly require adding sessions_spawn to OpenClaw's allowlist and rely on invoking the gateway's /tools/invoke API — that is broader than just reading local alerts because it enables a gateway tool that can spawn sessions. The skill also recommends using CLI exec to send Telegram inline buttons and instructs creating a config file in ~/.openclaw/lulu-monitor/config.json. There is no instruction to exfiltrate secrets, but the gateway allowlist change is significant and should be reviewed.
Install Mechanism
The included install.sh clones a GitHub repository (https://github.com/EasonC13-agent/lulu-monitor.git) and runs npm install, then creates a launchd plist to run src/index.js. Cloning from GitHub is traceable (not a random IP or pastebin), but npm install runs third-party packages (and lifecycle scripts), which can execute arbitrary code on install. The skill writes files to ~/.openclaw/lulu-monitor and installs a persistent service — moderate install risk that is expected for this kind of tool but worth auditing the remote repo and package.json before running.
Credentials
The skill does not request secret environment variables and only needs the OpenClaw instance to be configured with a Telegram channel. That is proportionate. However, it asks you to modify OpenClaw's config to allow the sessions_spawn tool; this is a privilege escalation for the gateway and is not locally scoped to just this skill's config (so it increases the system-wide capabilities available to other code interacting with the gateway).
Persistence & Privilege
The installer creates a launchd service that runs continuously under the user's account. That's expected for a monitoring agent, but combined with the required OpenClaw allowlist change (sessions_spawn) it increases persistent privileges and attack surface: a persistent agent plus a broadly enabled gateway tool could enable remote command/session spawning via the gateway. 'always' is false, but the skill still requests persistent presence and a global gateway permission change.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install lulu-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/lulu-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Multi-user push, action logging, actor display
v1.1.2
Fix: Telegram inline buttons must use CLI (openclaw message send --buttons), not message tool. Added docs section on sending alerts with buttons.
v1.4.0
Document gateway.tools.allow sessions_spawn requirement (required for /tools/invoke to work)
v1.3.0
Add screenshot showing Telegram notifications with AI analysis
v1.2.0
Add autoExecuteAction config: default allow-once (conservative)
v1.1.1
Documentation improvements
v1.1.0
Add auto-execute mode for high confidence alerts (opt-in)
v1.0.0
Initial release: AI-powered LuLu Firewall companion with Telegram notifications
元数据
常见问题
LuLu Monitor 是什么?
AI-powered LuLu Firewall companion for macOS. Monitors firewall alerts, analyzes connections with AI, sends Telegram notifications with Allow/Block buttons.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1567 次。
如何安装 LuLu Monitor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install lulu-monitor」即可一键安装,无需额外配置。
LuLu Monitor 是免费的吗?
是的,LuLu Monitor 完全免费(开源免费),可自由下载、安装和使用。
LuLu Monitor 支持哪些平台?
LuLu Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 LuLu Monitor?
由 Eason Chen(@easonc13)开发并维护,当前版本 v2.0.0。
推荐 Skills