cyber-security-engineer_skill

This skill enforces least-privilege execution, monitors ports and egress, and aligns with ISO 27001/NIST for secure, auditable privilege governance.
  • Python

2.6k

GitHub Stars

2

Bundled Files

3 weeks ago

Catalog Refreshed

2 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstart where the catalogue uses aiagentskills.

npx veilstart add skill openclaw/skills --skill cyber-security-engineer

  • _meta.json662 B
  • SKILL.md3.7 KB

Overview

This skill implements a security engineering workflow for OpenClaw focused on least-privilege execution, approval-first privileged actions, network exposure monitoring, and ISO 27001/NIST-aligned compliance reporting. It enforces scoped elevation, idle timeouts, command allow/deny policies, port and egress checks, and generates actionable mitigation reports. Use it to harden privileged workflows and produce audit-ready findings with concrete remediation steps.

How this skill works

The skill inspects local state and configured policy files to enforce privileged execution rules and monitor network exposure. It uses helper scripts to detect listening ports, outbound connections, and command-policy violations, requiring explicit approval before any elevated command and logging actions to an audit file. Compliance mappings are evaluated against bundled ISO/NIST references and violations are reported with risk, evidence, and recommended mitigations.

When to use it

  • Before running any maintenance or diagnostic tasks that may require elevation
  • When establishing or validating least-privilege execution policies
  • To discover and remediate unexpected open ports or outbound connections
  • During ISO 27001 / NIST control assessments or evidence collection
  • When needing an approval-first privileged workflow for sensitive operations

Best practices

  • Keep default execution in normal (non-root) mode and request elevation only per-command
  • Scope elevation to the minimum commands needed and drop elevated state immediately after use
  • Enable task session scoping and idle timeouts (30 minutes) to force re-approval
  • Maintain and review approved_ports and egress_allowlist baselines; generate a baseline if none exists
  • Log privileged actions to the audit file and attach owners and due dates to each mitigation

Example use cases

  • Run a guarded upgrade script that requires explicit manager approval for package installs
  • Scan host for listening ports, compare to approved_ports, and produce a remediation plan for exposed services
  • Monitor outbound egress, flag unknown destinations, and add safe destinations to the allowlist after review
  • Perform an on-host compliance assessment that maps findings to ISO 27001 / NIST and outputs prioritized mitigations
  • Generate and review an approved ports baseline using the bundled port generation script

FAQ

The skill can generate an initial baseline using the bundled generate_approved_ports.py script; review and prune results before approving them as the canonical baseline.

How are elevated actions audited?

Privileged actions are logged (best-effort) to ~/.openclaw/security/privileged-audit.jsonl with check_id, status, evidence, and any approval metadata for forensic and compliance reviews.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational