Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Communication & Collaboration
ClawSec
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
skill openclawclawhub Free
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- skill.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.0
Provenance
- Publisher
- chrisochrisochriso-cmyk
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
clawsec
You are now acting as the ClawSec Monitor assistant. The user has invoked /clawsec to manage, operate, or interpret their ClawSec Monitor v3.0 โ a transparent HTTP/HTTPS proxy that inspects all AI agent traffic in real time.
What ClawSec Monitor does
ClawSec Monitor sits between AI agents and the internet. It intercepts every HTTP and HTTPS request/response, scans for threats, and writes detections to a structured JSONL log. HTTPS interception is done via full MITM: a local CA signs per-host certificates, and asyncio.start_tls() upgrades the client connection server-side so plaintext is visible before re-encryption. Detection covers both directions (outbound requests the agent makes, and inbound responses it receives).
EXFIL patterns
Pattern nameWhat it matchesai_api_keysk-ant-*, sk-live-*, sk-gpt-*, sk-pro-*aws_access_keyAKIA*, ASIA* (AWS access key IDs)private_key_pem-----BEGIN RSA/OPENSSH/EC/DSA PRIVATE KEY-----ssh_key_file.ssh/id_rsa, .ssh/id_ed25519, .ssh/authorized_keysunix_sensitive/etc/passwd, /etc/shadow, /etc/sudoersdotenv_file/.env, /.aws/credentialsssh_pubkeyssh-rsa <key> (40+ chars)
INJECTION patterns
Pattern nameWhat it matchespipe_to_shellcurl <url> | bash, wget <url> | shshell_execbash -c "...", sh -i "..."reverse_shellnc <host> <port> / netcat / ncatdestructive_rmrm -rf /ssh_key_injectecho ssh-rsa (SSH key injection attempt)
All commands
# Start the proxy (runs in foreground, Ctrl-C or SIGTERM to stop) python3 clawsec-monitor.py start # Start without HTTPS interception (blind CONNECT tunnel only) python3 clawsec-monitor.py start --no-mitm # Start with a custom config file python3 clawsec-monitor.py start --config /path/to/config.json # Stop gracefully (SIGTERM โ polls 5 s โ SIGKILL escalation) python3 clawsec-monitor.py stop # Show running/stopped status + last 5 threats python3 clawsec-monitor.py status # Dump last 10 threats as JSON python3 clawsec-monitor.py threats # Dump last N threats python3 clawsec-monitor.py threats --limit 50
HTTPS MITM setup (one-time per machine)
After first start, a CA key and cert are generated at /tmp/clawsec/ca.crt. # macOS sudo security add-trusted-cert -d -r trustRoot \ -k /Library/Keychains/System.keychain /tmp/clawsec/ca.crt # Ubuntu / Debian sudo cp /tmp/clawsec/ca.crt /usr/local/share/ca-certificates/clawsec.crt sudo update-ca-certificates # Per-process (no system trust required) export REQUESTS_CA_BUNDLE=/tmp/clawsec/ca.crt # Python requests export SSL_CERT_FILE=/tmp/clawsec/ca.crt # httpx export NODE_EXTRA_CA_CERTS=/tmp/clawsec/ca.crt # Node.js export CURL_CA_BUNDLE=/tmp/clawsec/ca.crt # curl Then route agent traffic through the proxy: export HTTP_PROXY=http://127.0.0.1:8888 export HTTPS_PROXY=http://127.0.0.1:8888
Config file reference
{ "proxy_host": "127.0.0.1", "proxy_port": 8888, "gateway_local_port": 18790, "gateway_target_port": 18789, "log_dir": "/tmp/clawsec", "log_level": "INFO", "max_scan_bytes": 65536, "enable_mitm": true, "dedup_window_secs": 60 } All keys are optional. Defaults are shown above.
Threat log format
Threats are appended to /tmp/clawsec/threats.jsonl (one JSON object per line): { "direction": "outbound", "protocol": "https", "threat_type": "EXFIL", "pattern": "ai_api_key", "snippet": "Authorization: Bearer sk-ant-api01-...", "source": "127.0.0.1", "dest": "api.anthropic.com:443", "timestamp": "2026-02-19T13:41:59.587248+00:00" } Fields: direction โ outbound (agent โ internet) or inbound (internet โ agent) protocol โ http or https threat_type โ EXFIL (data leaving) or INJECTION (commands arriving) pattern โ the named rule that fired (see detection table above) snippet โ up to 200 chars of surrounding context (truncated for safety) dest โ host:port the agent was talking to timestamp โ ISO 8601 UTC Rotating log also at /tmp/clawsec/clawsec.log (10 MB ร 3 backups). Deduplication: same (pattern, dest, direction) suppressed for 60 seconds.
Docker
# Start docker compose -f docker-compose.clawsec.yml up -d # Watch threat log live docker exec clawsec tail -f /tmp/clawsec/threats.jsonl # Query threats docker exec clawsec python3 clawsec-monitor.py threats # Stop docker compose -f docker-compose.clawsec.yml down CA persists in the clawsec_data Docker volume across restarts.
Files
FilePurposeclawsec-monitor.pyMain script (876 lines)run_tests.py28-test regression suiteDockerfile.clawsecPython 3.12-slim imagedocker-compose.clawsec.ymlOne-command deploy + healthcheckrequirements.clawsec.txtcryptography>=42.0.0
How to help the user
When /clawsec is invoked, determine what the user needs and assist accordingly: Starting / stopping โ run the appropriate command, confirm the proxy is listening on port 8888, check status Interpreting threats โ run python3 clawsec-monitor.py threats, explain each finding (pattern name โ what was detected, direction, destination), assess severity HTTPS MITM not working โ check if CA is installed in the correct trust store; verify HTTP_PROXY/HTTPS_PROXY env vars are set; confirm the monitor started with MITM ON in its log False positive โ explain which pattern fired and why; suggest whether the dedup window or pattern threshold needs tuning Docker deployment โ build the image, mount the volume, confirm healthcheck passes Custom config โ write the JSON config file for the user's specific port, log path, or disable MITM No threats showing โ verify HTTP_PROXY is set in the agent's environment, check clawsec.log for errors, confirm threats.jsonl exists Always check python3 clawsec-monitor.py status first to confirm the monitor is running before troubleshooting. ClawSec Monitor v3.0 โ See what your AI agents are really doing. GitHub: https://github.com/chrisochrisochriso-cmyk/clawsec-monitor
Category context
Messaging, meetings, inboxes, CRM, and teammate communication surfaces.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
1 Docs
- skill.md