hermes-traffic-guardian

Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "hermes-traffic-guardian" with this command: npx skills add davida-ps/hermes-traffic-guardian

Hermes Traffic Guardian

This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.

Scope

Builders should use this skill as the Hermes landing zone for runtime traffic monitoring:

  • operator-scoped HTTP proxy inspection
  • optional HTTPS inspection with per-process CA trust
  • outbound exfiltration detection
  • inbound injection detection
  • redacted local threat logs
  • status export for hermes-attestation-guardian

Do not add proxy runtime ownership to hermes-attestation-guardian. That skill should attest this monitor's status and configuration, not run it.

Safety Contract

  • Opt-in only.
  • Detect-and-log by default.
  • No automatic system CA installation.
  • No global proxy environment changes.
  • No blocking in the first implementation.
  • Redact secrets before logs, summaries, or attestation-linked outputs.
  • Keep all state under HERMES_TRAFFIC_GUARDIAN_HOME or $HERMES_HOME/security/traffic-guardian.

Builder Entry Points

Read SPEC.md before implementing. Use the placeholder folders as follows:

PathIntended use
lib/Detector rules, redaction, posture export, report formatting
scripts/Start, stop, status, config validation, log query, attestation export helpers
test/Unit tests, proxy fixture tests, redaction tests, attestation export tests

Required First Implementation Behavior

  1. Validate config without starting the proxy.
  2. Start monitor in foreground or explicit background mode.
  3. Scope proxy environment variables to the target Hermes service or CLI process.
  4. Inspect HTTP request/response text up to a bounded byte limit.
  5. Support optional HTTPS MITM only when the operator supplies per-process trust configuration.
  6. Emit JSONL findings with redacted snippets.
  7. Export a small posture JSON file that hermes-attestation-guardian can include as a trust anchor or watched file.

Out of Scope for v0.0.1 Implementation

  • automatic system trust-store mutation
  • transparent network interception
  • default blocking
  • sending traffic to external services
  • collecting full request/response bodies

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Workout Readiness Check In

Create a same-day workout readiness decision card for users who planned to exercise today but feel tired, sore, stressed, underslept, ill, or uncertain. Use...

Registry SourceRecently Updated
90harrylabsj
General

URL to Markdown

Convert HTML web pages from HTTP/HTTPS URLs to clean, readable Markdown files with optional batch processing and formatting features.

Registry SourceRecently Updated
740rwonly
General

Appliance Manual Command Card

Assist in creating a one-page appliance command card for tracking maintenance, troubleshooting, warranty info, and repair preparation.

Registry SourceRecently Updated
60harrylabsj
General

Fireseed Writing Expert

全能小说写作专家,支持从零创作、DNA提取与克隆、风格仿写、一键发布到 fireseed.online。用户可以用自然语言描述需求,系统自动调度子技能完成科学、闭环的写作与发布流程。

Registry SourceRecently Updated
640sanzhishuyuan