nanoclaw-traffic-guardian

NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "nanoclaw-traffic-guardian" with this command: npx skills add davida-ps/nanoclaw-traffic-guardian

NanoClaw Traffic Guardian

This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.

Scope

Builders should use this skill as the NanoClaw landing zone for runtime traffic monitoring:

  • host-side HTTP proxy inspection
  • optional HTTPS inspection with host-held CA material
  • outbound exfiltration detection
  • inbound injection detection
  • redacted local threat logs
  • MCP tools for status, findings, and config checks
  • IPC handlers for container-safe host communication

Prefer this as an optional companion to clawsec-nanoclaw, not as a mandatory extension of the existing advisory/signature/integrity suite.

Safety Contract

  • Opt-in only.
  • Detect-and-log by default.
  • No automatic system CA installation.
  • No CA private key access from the container.
  • No blocking in the first implementation.
  • Redact secrets before logs or MCP responses.
  • Keep all state under NANOCLAW_TRAFFIC_GUARDIAN_HOME or the host-managed NanoClaw security data directory.

Builder Entry Points

Read SPEC.md before implementing. Use the placeholder folders as follows:

PathIntended use
lib/Detector rules, redaction, types, report formatting
host-services/Host-side proxy lifecycle, log access, IPC handlers
mcp-tools/Container-side MCP tools for status and findings
test/Unit tests, host/container IPC tests, redaction tests

Required First Implementation Behavior

  1. Validate config without starting the proxy.
  2. Start monitor through a host-managed lifecycle path.
  3. Keep CA key material on the host side.
  4. Inspect HTTP request/response text up to a bounded byte limit.
  5. Support optional HTTPS MITM only when the operator supplies per-runtime trust configuration.
  6. Emit JSONL findings with redacted snippets.
  7. Expose MCP tools that return status and redacted findings only.

Out of Scope for v0.0.1 Implementation

  • automatic system trust-store mutation
  • transparent network interception
  • default blocking
  • sending traffic to external services
  • exposing raw request/response bodies to the container

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Workout Readiness Check In

Create a same-day workout readiness decision card for users who planned to exercise today but feel tired, sore, stressed, underslept, ill, or uncertain. Use...

Registry SourceRecently Updated
90harrylabsj
General

URL to Markdown

Convert HTML web pages from HTTP/HTTPS URLs to clean, readable Markdown files with optional batch processing and formatting features.

Registry SourceRecently Updated
740rwonly
General

Appliance Manual Command Card

Assist in creating a one-page appliance command card for tracking maintenance, troubleshooting, warranty info, and repair preparation.

Registry SourceRecently Updated
60harrylabsj
General

Fireseed Writing Expert

全能小说写作专家,支持从零创作、DNA提取与克隆、风格仿写、一键发布到 fireseed.online。用户可以用自然语言描述需求,系统自动调度子技能完成科学、闭环的写作与发布流程。

Registry SourceRecently Updated
640sanzhishuyuan