# Send Cyber Security Engineer to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "cyber-security-engineer",
    "name": "Cyber Security Engineer",
    "source": "tencent",
    "type": "skill",
    "category": "其他",
    "sourceUrl": "https://clawhub.ai/FletcherFrimpong/cyber-security-engineer",
    "canonicalUrl": "https://clawhub.ai/FletcherFrimpong/cyber-security-engineer",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/cyber-security-engineer",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cyber-security-engineer",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "agents/openai.yaml",
      "assessments/compliance-dashboard.html",
      "assessments/compliance-summary.json",
      "assessments/openclaw-assessment.json",
      "references/approved_ports.template.json"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "cyber-security-engineer",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T04:40:11.515Z",
      "expiresAt": "2026-05-06T04:40:11.515Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cyber-security-engineer",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cyber-security-engineer",
        "contentDisposition": "attachment; filename=\"cyber-security-engineer-0.1.9.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "cyber-security-engineer"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/cyber-security-engineer"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/cyber-security-engineer",
    "downloadUrl": "https://openagent3.xyz/downloads/cyber-security-engineer",
    "agentUrl": "https://openagent3.xyz/skills/cyber-security-engineer/agent",
    "manifestUrl": "https://openagent3.xyz/skills/cyber-security-engineer/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/cyber-security-engineer/agent.md"
  }
}
```
## Documentation

### Requirements

Env vars (optional, but documented):

OPENCLAW_REQUIRE_POLICY_FILES
OPENCLAW_REQUIRE_SESSION_ID
OPENCLAW_TASK_SESSION_ID
OPENCLAW_APPROVAL_TOKEN
OPENCLAW_UNTRUSTED_SOURCE
OPENCLAW_VIOLATION_NOTIFY_CMD
OPENCLAW_VIOLATION_NOTIFY_ALLOWLIST

Tools: python3 and one of lsof, ss, or netstat for port/egress checks.

Policy files (admin reviewed):

~/.openclaw/security/approved_ports.json
~/.openclaw/security/command-policy.json
~/.openclaw/security/egress_allowlist.json
~/.openclaw/security/prompt-policy.json

Implement these controls in every security-sensitive task:

Keep default execution in normal (non-root) mode.
Request explicit user approval before any elevated command.
Scope elevation to the minimum command set required for the active task.
Drop elevated state immediately after the privileged command completes.
Expire elevated state after 30 idle minutes and require re-approval.
Monitor listening network ports and flag insecure or unapproved exposure.
Monitor outbound connections and flag destinations not in the egress allowlist.
If no approved baseline exists, generate one with python3 scripts/generate_approved_ports.py, then review and prune.
Benchmark controls against ISO 27001 and NIST and report violations with mitigations.

### Non-Goals (Web Browsing)

Do not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill.

### Files To Use

references/least-privilege-policy.md
references/port-monitoring-policy.md
references/compliance-controls-map.json
references/approved_ports.template.json
references/command-policy.template.json
references/prompt-policy.template.json
references/egress-allowlist.template.json
scripts/preflight_check.py
scripts/root_session_guard.py
scripts/audit_logger.py
scripts/command_policy.py
scripts/prompt_policy.py
scripts/guarded_privileged_exec.py
scripts/install-openclaw-runtime-hook.sh
scripts/port_monitor.py
scripts/generate_approved_ports.py
scripts/egress_monitor.py
scripts/notify_on_violation.py
scripts/compliance_dashboard.py
scripts/live_assessment.py

### Behavior

Never keep root/elevated access open between unrelated tasks.
Never execute root commands without an explicit approval step in the current flow.
Enforce command allow/deny policy when configured.
Require confirmation when untrusted content sources are detected (OPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).
Enforce task session id scoping when configured (OPENCLAW_REQUIRE_SESSION_ID=1).
If timeout is exceeded, force session expiration and approval renewal.
Log privileged actions to ~/.openclaw/security/privileged-audit.jsonl (best-effort).
Flag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.
Flag outbound destinations not present in the egress allowlist.

### Output Contract

When reporting status, include:

The specific check_id(s) affected, status, risk, and concise evidence.
Concrete mitigations (what to change, where) and any owners/due dates if present.
For network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public).
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: FletcherFrimpong
- Version: 0.1.5
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T04:40:11.515Z
- Expires at: 2026-05-06T04:40:11.515Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/cyber-security-engineer)
- [Send to Agent page](https://openagent3.xyz/skills/cyber-security-engineer/agent)
- [JSON manifest](https://openagent3.xyz/skills/cyber-security-engineer/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/cyber-security-engineer/agent.md)
- [Download page](https://openagent3.xyz/downloads/cyber-security-engineer)