Skip to content

Cyber Security Engineer

Verified

Security engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...

527 downloads
$ Add to .claude/skills/

About This Skill

# Cyber Security Engineer

Requirements

  • Env vars (optional, but documented):
  • `OPENCLAW_REQUIRE_POLICY_FILES`
  • `OPENCLAW_REQUIRE_SESSION_ID`
  • `OPENCLAW_TASK_SESSION_ID`
  • `OPENCLAW_APPROVAL_TOKEN`
  • `OPENCLAW_UNTRUSTED_SOURCE`
  • `OPENCLAW_VIOLATION_NOTIFY_CMD`
  • `OPENCLAW_VIOLATION_NOTIFY_ALLOWLIST`

Tools: `python3` and one of `lsof`, `ss`, or `netstat` for port/egress checks.

  • Policy files (admin reviewed):
  • `~/.openclaw/security/approved_ports.json`
  • `~/.openclaw/security/command-policy.json`
  • `~/.openclaw/security/egress_allowlist.json`
  • `~/.openclaw/security/prompt-policy.json`

Implement these controls in every security-sensitive task:

  1. Keep default execution in normal (non-root) mode.
  2. Request explicit user approval before any elevated command.
  3. Scope elevation to the minimum command set required for the active task.
  4. Drop elevated state immediately after the privileged command completes.
  5. Expire elevated state after 30 idle minutes and require re-approval.
  6. Monitor listening network ports and flag insecure or unapproved exposure.
  7. Monitor outbound connections and flag destinations not in the egress allowlist.
  8. If no approved baseline exists, generate one with `python3 scripts/generate_approved_ports.py`, then review and prune.
  9. Benchmark controls against ISO 27001 and NIST and report violations with mitigations.

Non-Goals (Web Browsing)

  • Do not use web browsing / web search as part of this skill. Keep assessments and recommendations based on local host/OpenClaw state and the bundled references in this skill.

Files To Use

  • `references/least-privilege-policy.md`
  • `references/port-monitoring-policy.md`
  • `references/compliance-controls-map.json`
  • `references/approved_ports.template.json`
  • `references/command-policy.template.json`
  • `references/prompt-policy.template.json`
  • `references/egress-allowlist.template.json`
  • `scripts/preflight_check.py`
  • `scripts/root_session_guard.py`
  • `scripts/audit_logger.py`
  • `scripts/command_policy.py`
  • `scripts/prompt_policy.py`
  • `scripts/guarded_privileged_exec.py`
  • `scripts/install-openclaw-runtime-hook.sh`
  • `scripts/port_monitor.py`
  • `scripts/generate_approved_ports.py`
  • `scripts/egress_monitor.py`
  • `scripts/notify_on_violation.py`
  • `scripts/compliance_dashboard.py`
  • `scripts/live_assessment.py`

Behavior

  • Never keep root/elevated access open between unrelated tasks.
  • Never execute root commands without an explicit approval step in the current flow.
  • Enforce command allow/deny policy when configured.
  • Require confirmation when untrusted content sources are detected (`OPENCLAW_UNTRUSTED_SOURCE=1` + prompt policy).
  • Enforce task session id scoping when configured (`OPENCLAW_REQUIRE_SESSION_ID=1`).
  • If timeout is exceeded, force session expiration and approval renewal.
  • Log privileged actions to `~/.openclaw/security/privileged-audit.jsonl` (best-effort).
  • Flag listening ports not present in the approved baseline and recommend secure alternatives for insecure ports.
  • Flag outbound destinations not present in the egress allowlist.

Output Contract

When reporting status, include:

  • The specific `check_id`(s) affected, `status`, `risk`, and concise evidence.
  • Concrete mitigations (what to change, where) and any owners/due dates if present.
  • For network findings: port, bind address, process/service, and why it is flagged (unapproved/insecure/public).

Use Cases

  • Perform security assessments on applications, infrastructure, and network configurations
  • Implement security best practices for authentication, encryption, and access control
  • Design secure architectures with proper threat modeling and risk assessment
  • Respond to security incidents with structured investigation and remediation workflows
  • Create security policies and compliance documentation for SOC2, ISO 27001, or GDPR

Pros & Cons

Pros

  • +Comprehensive security engineering perspective covering application, infra, and policy
  • +Structured approach to threat modeling and risk assessment
  • +Covers both preventive measures and incident response procedures

Cons

  • -Security assessments require domain expertise to interpret and prioritize findings
  • -Only available on claude-code and openclaw platforms
  • -Cannot replace human security engineers for high-stakes compliance audits

FAQ

What does Cyber Security Engineer do?
Security engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...
What platforms support Cyber Security Engineer?
Cyber Security Engineer is available on Claude Code, OpenClaw.
What are the use cases for Cyber Security Engineer?
Perform security assessments on applications, infrastructure, and network configurations. Implement security best practices for authentication, encryption, and access control. Design secure architectures with proper threat modeling and risk assessment.

100+ free AI tools

Writing, PDF, image, and developer tools — all in your browser.

AI Humanizer
Make AI text undetectable
AI Detector
Free, unlimited
PDF Tools
Merge, split, compress
View all plans — from $9.99/mo 3 free uses/day, no signup

Next Step

Use the skill detail page to evaluate fit and install steps. For a direct browser workflow, move into a focused tool route instead of staying in broader support surfaces.

Open Free Tools Try AI Detector