{
  "schemaVersion": "1.0",
  "item": {
    "slug": "fletcher-cyber-security-engineer",
    "name": "Fletcher Cyber Security Engineer",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/FletcherFrimpong/fletcher-cyber-security-engineer",
    "canonicalUrl": "https://clawhub.ai/FletcherFrimpong/fletcher-cyber-security-engineer",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/fletcher-cyber-security-engineer",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=fletcher-cyber-security-engineer",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "SKILL.md",
      "agents/openai.yaml",
      "assessments/compliance-dashboard.html",
      "assessments/compliance-summary.json",
      "assessments/openclaw-assessment.json",
      "references/approved_ports.template.json"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/fletcher-cyber-security-engineer"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/fletcher-cyber-security-engineer",
    "agentPageUrl": "https://openagent3.xyz/skills/fletcher-cyber-security-engineer/agent",
    "manifestUrl": "https://openagent3.xyz/skills/fletcher-cyber-security-engineer/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/fletcher-cyber-security-engineer/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "Cyber Security Engineer",
        "body": "Implement these controls in every security-sensitive task:\n\nKeep default execution in normal (non-root) mode.\nRequest explicit user approval before any elevated command.\nScope elevation to the minimum command set required for the active task.\nDrop elevated state immediately after the privileged command completes.\nExpire elevated state after 30 idle minutes and require re-approval.\nMonitor listening network ports and flag insecure or unapproved exposure.\nMonitor outbound connections and flag destinations not in the egress allowlist.\nIf no approved baseline exists, generate one and require user review/pruning.\nBenchmark controls against ISO 27001 and NIST and report violations with mitigations."
      },
      {
        "title": "Non-Goals (Web Browsing)",
        "body": "Do not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill."
      },
      {
        "title": "Files To Use",
        "body": "references/least-privilege-policy.md\nreferences/port-monitoring-policy.md\nreferences/compliance-controls-map.json\nreferences/approved_ports.template.json\nreferences/command-policy.template.json\nreferences/prompt-policy.template.json\nreferences/egress-allowlist.template.json\nscripts/preflight_check.py\nscripts/root_session_guard.py\nscripts/audit_logger.py\nscripts/command_policy.py\nscripts/prompt_policy.py\nscripts/guarded_privileged_exec.py\nscripts/install-openclaw-runtime-hook.sh\nscripts/port_monitor.py\nscripts/generate_approved_ports.py\nscripts/egress_monitor.py\nscripts/notify_on_violation.py\nscripts/compliance_dashboard.py\nscripts/live_assessment.py"
      },
      {
        "title": "Behavior",
        "body": "Never keep root/elevated access open between unrelated tasks.\nNever execute root commands without an explicit approval step in the current flow.\nEnforce command allow/deny policy when configured.\nRequire confirmation when untrusted content sources are detected (OPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).\nEnforce task session id scoping when configured (OPENCLAW_REQUIRE_SESSION_ID=1).\nIf timeout is exceeded, force session expiration and approval renewal.\nLog privileged actions to ~/.openclaw/security/privileged-audit.jsonl (best-effort).\nFlag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.\nFlag outbound destinations not present in the egress allowlist."
      },
      {
        "title": "Output Contract",
        "body": "When reporting status, include:\n\nThe specific check_id(s) affected, status, risk, and concise evidence.\nConcrete mitigations (what to change, where) and any owners/due dates if present.\nFor network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public)."
      }
    ],
    "body": "Cyber Security Engineer\n\nImplement these controls in every security-sensitive task:\n\nKeep default execution in normal (non-root) mode.\nRequest explicit user approval before any elevated command.\nScope elevation to the minimum command set required for the active task.\nDrop elevated state immediately after the privileged command completes.\nExpire elevated state after 30 idle minutes and require re-approval.\nMonitor listening network ports and flag insecure or unapproved exposure.\nMonitor outbound connections and flag destinations not in the egress allowlist.\nIf no approved baseline exists, generate one and require user review/pruning.\nBenchmark controls against ISO 27001 and NIST and report violations with mitigations.\nNon-Goals (Web Browsing)\nDo not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill.\nFiles To Use\nreferences/least-privilege-policy.md\nreferences/port-monitoring-policy.md\nreferences/compliance-controls-map.json\nreferences/approved_ports.template.json\nreferences/command-policy.template.json\nreferences/prompt-policy.template.json\nreferences/egress-allowlist.template.json\nscripts/preflight_check.py\nscripts/root_session_guard.py\nscripts/audit_logger.py\nscripts/command_policy.py\nscripts/prompt_policy.py\nscripts/guarded_privileged_exec.py\nscripts/install-openclaw-runtime-hook.sh\nscripts/port_monitor.py\nscripts/generate_approved_ports.py\nscripts/egress_monitor.py\nscripts/notify_on_violation.py\nscripts/compliance_dashboard.py\nscripts/live_assessment.py\nBehavior\nNever keep root/elevated access open between unrelated tasks.\nNever execute root commands without an explicit approval step in the current flow.\nEnforce command allow/deny policy when configured.\nRequire confirmation when untrusted content sources are detected (OPENCLAW_UNTRUSTED_SOURCE=1 + prompt policy).\nEnforce task session id scoping when configured (OPENCLAW_REQUIRE_SESSION_ID=1).\nIf timeout is exceeded, force session expiration and approval renewal.\nLog privileged actions to ~/.openclaw/security/privileged-audit.jsonl (best-effort).\nFlag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.\nFlag outbound destinations not present in the egress allowlist.\nOutput Contract\n\nWhen reporting status, include:\n\nThe specific check_id(s) affected, status, risk, and concise evidence.\nConcrete mitigations (what to change, where) and any owners/due dates if present.\nFor network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public)."
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/FletcherFrimpong/fletcher-cyber-security-engineer",
    "publisherUrl": "https://clawhub.ai/FletcherFrimpong/fletcher-cyber-security-engineer",
    "owner": "FletcherFrimpong",
    "version": "0.1.2",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/fletcher-cyber-security-engineer",
    "downloadUrl": "https://openagent3.xyz/downloads/fletcher-cyber-security-engineer",
    "agentUrl": "https://openagent3.xyz/skills/fletcher-cyber-security-engineer/agent",
    "manifestUrl": "https://openagent3.xyz/skills/fletcher-cyber-security-engineer/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/fletcher-cyber-security-engineer/agent.md"
  }
}