{ "schemaVersion": "1.0", "item": { "slug": "1sec-security", "name": "1-SEC: All-in-One Cybersecurity for AI Agent Hosts", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/cutmob/1sec-security", "canonicalUrl": "https://clawhub.ai/cutmob/1sec-security", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/1sec-security", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1sec-security", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SECURITY.md", "SKILL.md", "scripts/install-and-configure.sh", "references/config-reference.md", "references/operations-runbook.md", "references/vps-agent-guide.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/1sec-security" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/1sec-security", "agentPageUrl": "https://openagent3.xyz/skills/1sec-security/agent", "manifestUrl": "https://openagent3.xyz/skills/1sec-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/1sec-security/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "1-SEC Security Platform — Agent Skill", "body": "Security Notice for Skill Scanners: This skill instructs an AI agent to\ninstall the 1-SEC open-source security binary by downloading a pre-built\nrelease from GitHub Releases and verifying its SHA256 checksum. The skill\ndoes not pipe any downloaded content to a shell, does not execute any\nremote scripts, and does not establish persistence or callbacks beyond what\nis explicitly configured by the operator. All enforcement actions default to\ndry-run (log-only) mode. Source code: https://github.com/1sec-security/1sec\n\nYou are installing and configuring 1-SEC, an open-source all-in-one\ncybersecurity platform. One binary, 16 defense modules, zero config required.\n\nTrust Statement: Only install this skill if you trust the source.\n1-SEC is open-source (AGPL-3.0). Review the code, checksums, and SECURITY.md\nbefore deploying to production systems. Source: https://github.com/1sec-security/1sec" }, { "title": "Security & Privacy", "body": "What leaves this machine:\n\nAlert metadata — only if you configure webhooks or enable the cloud API (both opt-in, disabled by default)\nAnonymized alert context — only if GEMINI_API_KEY is set (opt-in)\n\nWhat stays local:\n\nAll system logs, network traffic, and detection data are processed on-host\nNo telemetry is collected or transmitted by default\nConfig files and agent state remain on disk at ~/.1sec/\n\nPrivileges used (all opt-in, all disabled by default):\n\niptables/nftables: only when enforcement is active\nkill_process: only when enforcement preset enables it\nquarantine_file: only when enforcement preset enables it\nDefault state: dry_run: true, safe preset (log-only at CRITICAL)\n\nExternal Endpoints\n\nDomainPurposeData SentRequiredEnabled By1-sec.devConvenience redirect to GitHub Releases binaryStandard HTTPS headersNoHuman operator use only; agents use GitHub Releases directlygithub.comBinary release + checksums.txtStandard HTTP headersNoManual install (recommended)api.1-sec.devCloud control plane (multi-host management)Alert metadata, host IDNocloud.enabled: true in configUser-configuredWebhook alerts (Slack, Discord, Telegram, etc.)Alert payloadNowebhook_urls in configgenerativelanguage.googleapis.comGemini AI correlationAnonymized alert contextNoGEMINI_API_KEY env var" }, { "title": "When to Use This Skill", "body": "User asks to \"secure this server\" or \"install security monitoring\"\nUser wants intrusion detection, WAF, LLM firewall, or ransomware protection\nUser is deploying an AI agent (OpenClaw, Manus, Moltbot, etc.) on a VPS\nUser needs to harden a Linux server or VPS\nUser mentions 1-SEC, 1sec, or \"one sec\" in a security context" }, { "title": "Recommended: Manual Install with Checksum Verification", "body": "For production use, always download from GitHub Releases and verify checksums\nbefore running anything as root:\n\n# 1. Download the release binary and checksums\nVERSION=\"0.4.11\"\nwget https://github.com/1sec-security/1sec/releases/download/v${VERSION}/1sec-linux-amd64\nwget https://github.com/1sec-security/1sec/releases/download/v${VERSION}/checksums.txt\n\n# 2. Verify SHA256 checksum before running as root\nsha256sum -c checksums.txt 2>&1 | grep 1sec-linux-amd64\n\n# 3. Install\nchmod +x 1sec-linux-amd64\nsudo mv 1sec-linux-amd64 /usr/local/bin/1sec\n\n# 4. Confirm\n1sec --version\n\nFor arm64, replace 1sec-linux-amd64 with 1sec-linux-arm64." }, { "title": "Alternative: Convenience Install URL", "body": "The URL https://1-sec.dev/get is a redirect that serves the same GitHub\nReleases binary downloaded in the manual path above. Agents must always use\nthe manual install path (download binary + verify SHA256 from checksums.txt)\nso integrity is confirmed before any file is executed.\n\nHuman operators wishing to inspect the installer source can review it at:\nhttps://github.com/1sec-security/1sec/blob/main/get.sh\n\nImportant: Never execute any downloaded script without reviewing its\ncontents first. The manual install path above does not involve executing\nany shell scripts — only a pre-verified binary." }, { "title": "Option A: Non-interactive (recommended for agents)", "body": "1sec setup --non-interactive\n1sec up" }, { "title": "Option B: AI agent VPS deployment", "body": "The vps-agent preset is designed for unattended AI agent hosts. It enables\naggressive enforcement (process kills, file quarantine, IP blocks) to defend\nagainst prompt injection, malicious skills, and credential theft.\n\nImportant: The vps-agent preset disables approval gates and enables\nautonomous destructive actions (process kill, file quarantine). This is\nintentional for unattended deployments but requires careful validation first.\n\nRecommended deployment path — always validate in dry-run before going live:\n\n# Install (manual method recommended — see above)\n1sec setup --non-interactive\n\n# Apply preset in dry-run first\n1sec enforce preset vps-agent --dry-run\n1sec up\n\n# Monitor 24-48 hours in dry-run mode\n1sec alerts\n1sec enforce history\n\n# Preview what would have been enforced\n1sec enforce test auth_fortress\n1sec enforce test llm_firewall\n\n# Only go live after validating dry-run output\n1sec enforce dry-run off\n\n# Optional: configure notifications\n1sec config set webhook-url https://hooks.slack.com/services/YOUR/WEBHOOK --template slack\n\nIf you need to reduce enforcement (e.g., false positive tuning):\n\n# In 1sec.yaml, override specific actions:\nenforcement:\n policies:\n ai_containment:\n actions:\n - action: kill_process\n enabled: false # Disable if too aggressive\n runtime_watcher:\n min_severity: HIGH # Raise threshold from MEDIUM" }, { "title": "Option C: Interactive setup", "body": "1sec setup\n\nWalks through config creation, AI key setup, and API authentication." }, { "title": "Enforcement Presets", "body": "1-SEC ships with dry_run: true and the safe preset by default. No live\nenforcement happens until you explicitly enable it.\n\nPresetBehaviorlaxLog + webhook only. Never blocks or kills.safeDefault. Blocks only brute force + port scans at CRITICAL.balancedBlocks IPs on HIGH, kills processes on CRITICAL.strictAggressive enforcement on MEDIUM+.vps-agentMax security for unattended AI agent hosts. Use with dry-run first.\n\nRecommended progression for new deployments: lax → safe → balanced → strict\n\n# Preview a preset without applying\n1sec enforce preset strict --show\n\n# Apply with dry-run safety net\n1sec enforce preset balanced --dry-run\n\n# Apply live\n1sec enforce preset balanced" }, { "title": "VPS-Agent Preset: What It Does", "body": "The vps-agent preset is purpose-built for unattended AI agent hosts where\nno human SOC team is actively monitoring. It addresses the threat model of\nautonomous agents: prompt injection, malicious skill installations, credential\nexfiltration, and runtime file tampering.\n\nEnforcement configuration:\n\nauth_fortress: Blocks IPs at MEDIUM severity, 30s cooldown, 60 actions/min\nllm_firewall: Drops connections at MEDIUM, 10s cooldown, 100 actions/min\nai_containment: Kills processes at MEDIUM with skip_approval: true, 15s cooldown\nruntime_watcher: Kills processes + quarantines files at MEDIUM, skip_approval: true\nsupply_chain: Quarantines files at MEDIUM with skip_approval: true, 30s cooldown\n\nEscalation timers (shorter than defaults for autonomous hosts):\n\nCRITICAL: 3 min timeout, re-notify up to 5 times\nHIGH: 10 min timeout, escalate to CRITICAL, 3 times\nMEDIUM: 20 min timeout, escalate to HIGH, 2 times\n\nApproval gates: Disabled (no human available on unattended hosts)\n\nAlways validate in dry-run for 24-48 hours before enabling live enforcement." }, { "title": "Essential Commands", "body": "1sec up # Start engine (all 16 modules)\n1sec status # Engine status\n1sec alerts # Recent alerts\n1sec alerts --severity HIGH # Filter by severity\n1sec modules # List all modules\n1sec dashboard # Real-time TUI dashboard\n1sec check # Pre-flight diagnostics\n1sec doctor # Health check with fix suggestions\n1sec stop # Graceful shutdown" }, { "title": "Enforcement Management", "body": "1sec enforce status # Enforcement engine status\n1sec enforce policies # List response policies\n1sec enforce history # Action execution history\n1sec enforce dry-run off # Go live (disable dry-run)\n1sec enforce test # Simulate alert, preview actions\n1sec enforce approvals pending # Pending human approval gates\n1sec enforce escalations # Escalation timer stats\n1sec enforce batching # Alert batcher stats\n1sec enforce chains list # Action chain definitions" }, { "title": "AI Analysis (Optional)", "body": "All 16 detection modules work with zero API keys. For AI-powered cross-module\ncorrelation, set a Gemini API key:\n\n# Via environment variable\nexport GEMINI_API_KEY=your_key_here\n1sec up\n\n# Or via CLI\n1sec config set-key AIzaSy...\n\n# Multiple keys for load balancing\n1sec config set-key key1 key2 key3" }, { "title": "The 16 Modules", "body": "#ModuleCovers1Network GuardianDDoS, rate limiting, IP reputation, C2 beaconing, port scans2API FortressBOLA, schema validation, shadow API discovery3IoT & OT ShieldDevice fingerprinting, protocol anomaly, firmware integrity4Injection ShieldSQLi, XSS, SSRF, command injection, template injection5Supply Chain SentinelSBOM, typosquatting, dependency confusion, CI/CD6Ransomware InterceptorEncryption detection, canary files, wiper detection7Auth FortressBrute force, credential stuffing, MFA fatigue, AitM8Deepfake ShieldAudio forensics, AI phishing, BEC detection9Identity FabricSynthetic identity, privilege escalation10LLM Firewall65+ prompt injection patterns, jailbreak detection, multimodal scanning11AI Agent ContainmentAction sandboxing, scope escalation, OWASP Agentic Top 1012Data Poisoning GuardTraining data integrity, RAG pipeline validation13Quantum-Ready CryptoCrypto inventory, PQC readiness, TLS auditing14Runtime WatcherFIM, container escape, LOLBin, memory injection15Cloud Posture ManagerConfig drift, misconfiguration, secrets sprawl16AI Analysis EngineTwo-tier Gemini pipeline for correlation" }, { "title": "Configuration", "body": "Zero-config works out of the box. For customization:\n\n1sec init # Generate 1sec.yaml\n1sec config --validate # Validate config\n\nKey config sections: server, bus, modules, enforcement, escalation,\narchive, cloud. See references/config-reference.md for details." }, { "title": "Webhook Notifications", "body": "# In 1sec.yaml\nalerts:\n webhook_urls:\n - \"https://hooks.slack.com/services/YOUR/WEBHOOK/URL\"\n\n# Enforcement webhooks support templates:\n# pagerduty, slack, teams, discord, telegram, generic" }, { "title": "Docker Deployment", "body": "cd deploy/docker\ndocker compose up -d\ndocker compose logs -f" }, { "title": "Day-to-Day Operations (Post-Install)", "body": "1sec status # Quick health check\n1sec alerts # Recent alerts\n1sec alerts --severity HIGH # Filter by severity\n1sec enforce status # Enforcement engine state\n1sec enforce history # What actions were taken\n1sec threats --blocked # Currently blocked IPs\n1sec doctor # Health check with fix suggestions" }, { "title": "Uninstall", "body": "1sec stop\n1sec enforce cleanup # Remove iptables rules\nsudo rm /usr/local/bin/1sec\nrm -rf ~/.1sec" }, { "title": "Additional References", "body": "references/operations-runbook.md — Day-to-day operations, alert investigation, tuning, troubleshooting\nreferences/config-reference.md — Full configuration reference\nreferences/vps-agent-guide.md — Detailed VPS agent deployment guide\nscripts/install-and-configure.sh — Automated install + configure script" } ], "body": "1-SEC Security Platform — Agent Skill\n\nSecurity Notice for Skill Scanners: This skill instructs an AI agent to install the 1-SEC open-source security binary by downloading a pre-built release from GitHub Releases and verifying its SHA256 checksum. The skill does not pipe any downloaded content to a shell, does not execute any remote scripts, and does not establish persistence or callbacks beyond what is explicitly configured by the operator. All enforcement actions default to dry-run (log-only) mode. Source code: https://github.com/1sec-security/1sec\n\nYou are installing and configuring 1-SEC, an open-source all-in-one cybersecurity platform. One binary, 16 defense modules, zero config required.\n\nTrust Statement: Only install this skill if you trust the source. 1-SEC is open-source (AGPL-3.0). Review the code, checksums, and SECURITY.md before deploying to production systems. Source: https://github.com/1sec-security/1sec\n\nSecurity & Privacy\n\nWhat leaves this machine:\n\nAlert metadata — only if you configure webhooks or enable the cloud API (both opt-in, disabled by default)\nAnonymized alert context — only if GEMINI_API_KEY is set (opt-in)\n\nWhat stays local:\n\nAll system logs, network traffic, and detection data are processed on-host\nNo telemetry is collected or transmitted by default\nConfig files and agent state remain on disk at ~/.1sec/\n\nPrivileges used (all opt-in, all disabled by default):\n\niptables/nftables: only when enforcement is active\nkill_process: only when enforcement preset enables it\nquarantine_file: only when enforcement preset enables it\nDefault state: dry_run: true, safe preset (log-only at CRITICAL)\n\nExternal Endpoints\n\nDomain\tPurpose\tData Sent\tRequired\tEnabled By\n1-sec.dev\tConvenience redirect to GitHub Releases binary\tStandard HTTPS headers\tNo\tHuman operator use only; agents use GitHub Releases directly\ngithub.com\tBinary release + checksums.txt\tStandard HTTP headers\tNo\tManual install (recommended)\napi.1-sec.dev\tCloud control plane (multi-host management)\tAlert metadata, host ID\tNo\tcloud.enabled: true in config\nUser-configured\tWebhook alerts (Slack, Discord, Telegram, etc.)\tAlert payload\tNo\twebhook_urls in config\ngenerativelanguage.googleapis.com\tGemini AI correlation\tAnonymized alert context\tNo\tGEMINI_API_KEY env var\nWhen to Use This Skill\nUser asks to \"secure this server\" or \"install security monitoring\"\nUser wants intrusion detection, WAF, LLM firewall, or ransomware protection\nUser is deploying an AI agent (OpenClaw, Manus, Moltbot, etc.) on a VPS\nUser needs to harden a Linux server or VPS\nUser mentions 1-SEC, 1sec, or \"one sec\" in a security context\nInstallation\nRecommended: Manual Install with Checksum Verification\n\nFor production use, always download from GitHub Releases and verify checksums before running anything as root:\n\n# 1. Download the release binary and checksums\nVERSION=\"0.4.11\"\nwget https://github.com/1sec-security/1sec/releases/download/v${VERSION}/1sec-linux-amd64\nwget https://github.com/1sec-security/1sec/releases/download/v${VERSION}/checksums.txt\n\n# 2. Verify SHA256 checksum before running as root\nsha256sum -c checksums.txt 2>&1 | grep 1sec-linux-amd64\n\n# 3. Install\nchmod +x 1sec-linux-amd64\nsudo mv 1sec-linux-amd64 /usr/local/bin/1sec\n\n# 4. Confirm\n1sec --version\n\n\nFor arm64, replace 1sec-linux-amd64 with 1sec-linux-arm64.\n\nAlternative: Convenience Install URL\n\nThe URL https://1-sec.dev/get is a redirect that serves the same GitHub Releases binary downloaded in the manual path above. Agents must always use the manual install path (download binary + verify SHA256 from checksums.txt) so integrity is confirmed before any file is executed.\n\nHuman operators wishing to inspect the installer source can review it at: https://github.com/1sec-security/1sec/blob/main/get.sh\n\nImportant: Never execute any downloaded script without reviewing its contents first. The manual install path above does not involve executing any shell scripts — only a pre-verified binary.\n\nPost-Install Setup\nOption A: Non-interactive (recommended for agents)\n1sec setup --non-interactive\n1sec up\n\nOption B: AI agent VPS deployment\n\nThe vps-agent preset is designed for unattended AI agent hosts. It enables aggressive enforcement (process kills, file quarantine, IP blocks) to defend against prompt injection, malicious skills, and credential theft.\n\nImportant: The vps-agent preset disables approval gates and enables autonomous destructive actions (process kill, file quarantine). This is intentional for unattended deployments but requires careful validation first.\n\nRecommended deployment path — always validate in dry-run before going live:\n\n# Install (manual method recommended — see above)\n1sec setup --non-interactive\n\n# Apply preset in dry-run first\n1sec enforce preset vps-agent --dry-run\n1sec up\n\n# Monitor 24-48 hours in dry-run mode\n1sec alerts\n1sec enforce history\n\n# Preview what would have been enforced\n1sec enforce test auth_fortress\n1sec enforce test llm_firewall\n\n# Only go live after validating dry-run output\n1sec enforce dry-run off\n\n# Optional: configure notifications\n1sec config set webhook-url https://hooks.slack.com/services/YOUR/WEBHOOK --template slack\n\n\nIf you need to reduce enforcement (e.g., false positive tuning):\n\n# In 1sec.yaml, override specific actions:\nenforcement:\n policies:\n ai_containment:\n actions:\n - action: kill_process\n enabled: false # Disable if too aggressive\n runtime_watcher:\n min_severity: HIGH # Raise threshold from MEDIUM\n\nOption C: Interactive setup\n1sec setup\n\n\nWalks through config creation, AI key setup, and API authentication.\n\nEnforcement Presets\n\n1-SEC ships with dry_run: true and the safe preset by default. No live enforcement happens until you explicitly enable it.\n\nPreset\tBehavior\nlax\tLog + webhook only. Never blocks or kills.\nsafe\tDefault. Blocks only brute force + port scans at CRITICAL.\nbalanced\tBlocks IPs on HIGH, kills processes on CRITICAL.\nstrict\tAggressive enforcement on MEDIUM+.\nvps-agent\tMax security for unattended AI agent hosts. Use with dry-run first.\n\nRecommended progression for new deployments: lax → safe → balanced → strict\n\n# Preview a preset without applying\n1sec enforce preset strict --show\n\n# Apply with dry-run safety net\n1sec enforce preset balanced --dry-run\n\n# Apply live\n1sec enforce preset balanced\n\nVPS-Agent Preset: What It Does\n\nThe vps-agent preset is purpose-built for unattended AI agent hosts where no human SOC team is actively monitoring. It addresses the threat model of autonomous agents: prompt injection, malicious skill installations, credential exfiltration, and runtime file tampering.\n\nEnforcement configuration:\n\nauth_fortress: Blocks IPs at MEDIUM severity, 30s cooldown, 60 actions/min\nllm_firewall: Drops connections at MEDIUM, 10s cooldown, 100 actions/min\nai_containment: Kills processes at MEDIUM with skip_approval: true, 15s cooldown\nruntime_watcher: Kills processes + quarantines files at MEDIUM, skip_approval: true\nsupply_chain: Quarantines files at MEDIUM with skip_approval: true, 30s cooldown\n\nEscalation timers (shorter than defaults for autonomous hosts):\n\nCRITICAL: 3 min timeout, re-notify up to 5 times\nHIGH: 10 min timeout, escalate to CRITICAL, 3 times\nMEDIUM: 20 min timeout, escalate to HIGH, 2 times\n\nApproval gates: Disabled (no human available on unattended hosts)\n\nAlways validate in dry-run for 24-48 hours before enabling live enforcement.\n\nEssential Commands\n1sec up # Start engine (all 16 modules)\n1sec status # Engine status\n1sec alerts # Recent alerts\n1sec alerts --severity HIGH # Filter by severity\n1sec modules # List all modules\n1sec dashboard # Real-time TUI dashboard\n1sec check # Pre-flight diagnostics\n1sec doctor # Health check with fix suggestions\n1sec stop # Graceful shutdown\n\nEnforcement Management\n1sec enforce status # Enforcement engine status\n1sec enforce policies # List response policies\n1sec enforce history # Action execution history\n1sec enforce dry-run off # Go live (disable dry-run)\n1sec enforce test # Simulate alert, preview actions\n1sec enforce approvals pending # Pending human approval gates\n1sec enforce escalations # Escalation timer stats\n1sec enforce batching # Alert batcher stats\n1sec enforce chains list # Action chain definitions\n\nAI Analysis (Optional)\n\nAll 16 detection modules work with zero API keys. For AI-powered cross-module correlation, set a Gemini API key:\n\n# Via environment variable\nexport GEMINI_API_KEY=your_key_here\n1sec up\n\n# Or via CLI\n1sec config set-key AIzaSy...\n\n# Multiple keys for load balancing\n1sec config set-key key1 key2 key3\n\nThe 16 Modules\n#\tModule\tCovers\n1\tNetwork Guardian\tDDoS, rate limiting, IP reputation, C2 beaconing, port scans\n2\tAPI Fortress\tBOLA, schema validation, shadow API discovery\n3\tIoT & OT Shield\tDevice fingerprinting, protocol anomaly, firmware integrity\n4\tInjection Shield\tSQLi, XSS, SSRF, command injection, template injection\n5\tSupply Chain Sentinel\tSBOM, typosquatting, dependency confusion, CI/CD\n6\tRansomware Interceptor\tEncryption detection, canary files, wiper detection\n7\tAuth Fortress\tBrute force, credential stuffing, MFA fatigue, AitM\n8\tDeepfake Shield\tAudio forensics, AI phishing, BEC detection\n9\tIdentity Fabric\tSynthetic identity, privilege escalation\n10\tLLM Firewall\t65+ prompt injection patterns, jailbreak detection, multimodal scanning\n11\tAI Agent Containment\tAction sandboxing, scope escalation, OWASP Agentic Top 10\n12\tData Poisoning Guard\tTraining data integrity, RAG pipeline validation\n13\tQuantum-Ready Crypto\tCrypto inventory, PQC readiness, TLS auditing\n14\tRuntime Watcher\tFIM, container escape, LOLBin, memory injection\n15\tCloud Posture Manager\tConfig drift, misconfiguration, secrets sprawl\n16\tAI Analysis Engine\tTwo-tier Gemini pipeline for correlation\nConfiguration\n\nZero-config works out of the box. For customization:\n\n1sec init # Generate 1sec.yaml\n1sec config --validate # Validate config\n\n\nKey config sections: server, bus, modules, enforcement, escalation, archive, cloud. See references/config-reference.md for details.\n\nWebhook Notifications\n# In 1sec.yaml\nalerts:\n webhook_urls:\n - \"https://hooks.slack.com/services/YOUR/WEBHOOK/URL\"\n\n# Enforcement webhooks support templates:\n# pagerduty, slack, teams, discord, telegram, generic\n\nDocker Deployment\ncd deploy/docker\ndocker compose up -d\ndocker compose logs -f\n\nDay-to-Day Operations (Post-Install)\n1sec status # Quick health check\n1sec alerts # Recent alerts\n1sec alerts --severity HIGH # Filter by severity\n1sec enforce status # Enforcement engine state\n1sec enforce history # What actions were taken\n1sec threats --blocked # Currently blocked IPs\n1sec doctor # Health check with fix suggestions\n\nUninstall\n1sec stop\n1sec enforce cleanup # Remove iptables rules\nsudo rm /usr/local/bin/1sec\nrm -rf ~/.1sec\n\nAdditional References\nreferences/operations-runbook.md — Day-to-day operations, alert investigation, tuning, troubleshooting\nreferences/config-reference.md — Full configuration reference\nreferences/vps-agent-guide.md — Detailed VPS agent deployment guide\nscripts/install-and-configure.sh — Automated install + configure script" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/cutmob/1sec-security", "publisherUrl": "https://clawhub.ai/cutmob/1sec-security", "owner": "cutmob", "version": "0.4.15", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/1sec-security", "downloadUrl": "https://openagent3.xyz/downloads/1sec-security", "agentUrl": "https://openagent3.xyz/skills/1sec-security/agent", "manifestUrl": "https://openagent3.xyz/skills/1sec-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/1sec-security/agent.md" } }