← 返回 Skills 市场
27
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install nanoclaw-traffic-guardian
功能描述
NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.
使用说明 (SKILL.md)
NanoClaw Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
Scope
Builders should use this skill as the NanoClaw landing zone for runtime traffic monitoring:
- host-side HTTP proxy inspection
- optional HTTPS inspection with host-held CA material
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- MCP tools for status, findings, and config checks
- IPC handlers for container-safe host communication
Prefer this as an optional companion to clawsec-nanoclaw, not as a mandatory extension of the existing advisory/signature/integrity suite.
Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No CA private key access from the container.
- No blocking in the first implementation.
- Redact secrets before logs or MCP responses.
- Keep all state under
NANOCLAW_TRAFFIC_GUARDIAN_HOMEor the host-managed NanoClaw security data directory.
Builder Entry Points
Read SPEC.md before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
lib/ |
Detector rules, redaction, types, report formatting |
host-services/ |
Host-side proxy lifecycle, log access, IPC handlers |
mcp-tools/ |
Container-side MCP tools for status and findings |
test/ |
Unit tests, host/container IPC tests, redaction tests |
Required First Implementation Behavior
- Validate config without starting the proxy.
- Start monitor through a host-managed lifecycle path.
- Keep CA key material on the host side.
- Inspect HTTP request/response text up to a bounded byte limit.
- Support optional HTTPS MITM only when the operator supplies per-runtime trust configuration.
- Emit JSONL findings with redacted snippets.
- Expose MCP tools that return status and redacted findings only.
Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- exposing raw request/response bodies to the container
安全使用建议
This version appears safe as a specification-only scaffold with no executable proxy or install script. Before using any future implementation based on it, confirm that traffic monitoring is opt-in, HTTPS interception requires explicit trust setup, CA private keys stay on the host, logs are redacted and access-controlled, and MCP tools expose only bounded status and redacted findings.
功能分析
Type: OpenClaw Skill
Name: nanoclaw-traffic-guardian
Version: 0.0.1-beta1
This bundle is a documentation-only specification and scaffold for a traffic monitoring tool (NanoClaw Traffic Guardian). It contains no executable code, only placeholder directories and detailed architectural guidelines in SKILL.md and SPEC.md. The project defines a security framework for detecting exfiltration and injection while emphasizing safety measures such as secret redaction and host-side CA management, showing no signs of malicious intent or functional risk.
能力标签
能力评估
Purpose & Capability
The stated purpose is runtime traffic monitoring and the artifacts consistently describe proxy inspection, exfiltration detection, injection detection, MCP status tools, and redacted local findings. These are sensitive capabilities, but they are purpose-aligned and explicitly scoped as a spec scaffold with no active implementation.
Instruction Scope
The instructions are aimed at builders and repeatedly require opt-in operation, no automatic trust-store mutation, no blocking in the first implementation, and redaction before logs or MCP responses.
Install Mechanism
There is no install spec and no code files; the package is instruction/specification-only, so the provided artifacts do not implement runtime interception, command execution, downloads, or persistence.
Credentials
The planned environment includes proxy URLs, CA bundles, log directories, and maximum scan-byte controls, which are proportionate to traffic monitoring but should remain operator-controlled in any future implementation.
Persistence & Privilege
The future design includes host-held CA material and JSONL threat findings; the artifacts mitigate this with host-side key ownership, redaction, bounded state directories, and no automatic system CA installation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nanoclaw-traffic-guardian - 安装完成后,直接呼叫该 Skill 的名称或使用
/nanoclaw-traffic-guardian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1-beta1
Release 0.0.1-beta1 via CI
元数据
常见问题
nanoclaw-traffic-guardian 是什么?
NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 27 次。
如何安装 nanoclaw-traffic-guardian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nanoclaw-traffic-guardian」即可一键安装,无需额外配置。
nanoclaw-traffic-guardian 是免费的吗?
是的,nanoclaw-traffic-guardian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
nanoclaw-traffic-guardian 支持哪些平台?
nanoclaw-traffic-guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 nanoclaw-traffic-guardian?
由 davida-ps(@davida-ps)开发并维护,当前版本 v0.0.1-beta1。
推荐 Skills