back
loading skill details...
NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.
---
name: nanoclaw-traffic-guardian
version: 0.0.1-beta2
description: NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.
homepage: https://clawsec.prompt.security
author: prompt-security
license: AGPL-3.0-or-later
nanoclaw:
requires:
node: ">=18.0.0"
---
# NanoClaw Traffic Guardian
This is a baseline specification skill. It intentionally does not ship a proxy or runtime implementation yet.
## Release Artifact Verification
For standalone installs, verify the signed release manifest before trusting `SKILL.md`, `skill.json`, or the archive. The `skill.json` file is the package metadata/SBOM source, and the release pipeline signs `checksums.json` with the ClawSec release key.
```bash
set -euo pipefail
SKILL_NAME="nanoclaw-traffic-guardian"
VERSION="0.0.1-beta2"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
ZIP_NAME="${SKILL_NAME}-v${VERSION}.zip"
TMP_DIR="$(mktemp -d)"
trap 'rm -rf "$TMP_DIR"' EXIT
RELEASE_PUBKEY_SHA256="711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8"
curl -fsSL "$BASE/checksums.json" -o "$TMP_DIR/checksums.json"
curl -fsSL "$BASE/checksums.sig" -o "$TMP_DIR/checksums.sig"
curl -fsSL "$BASE/signing-public.pem" -o "$TMP_DIR/signing-public.pem"
curl -fsSL "$BASE/$ZIP_NAME" -o "$TMP_DIR/$ZIP_NAME"
curl -fsSL "$BASE/SKILL.md" -o "$TMP_DIR/SKILL.md"
curl -fsSL "$BASE/skill.json" -o "$TMP_DIR/skill.json"
ACTUAL_PUBKEY_SHA256="$(openssl pkey -pubin -in "$TMP_DIR/signing-public.pem" -outform DER | shasum -a 256 | awk '{print $1}')"
if [ "$ACTUAL_PUBKEY_SHA256" != "$RELEASE_PUBKEY_SHA256" ]; then
echo "ERROR: signing-public.pem fingerprint mismatch" >&2
exit 1
fi
openssl base64 -d -A -in "$TMP_DIR/checksums.sig" -out "$TMP_DIR/checksums.sig.bin"
openssl pkeyutl -verify -rawin -pubin \
-inkey "$TMP_DIR/signing-public.pem" \
-sigfile "$TMP_DIR/checksums.sig.bin" \
-in "$TMP_DIR/checksums.json" >/dev/null
hash_file() {
if command -v shasum >/dev/null 2>&1; then
shasum -a 256 "$1" | awk '{print $1}'
else
sha256sum "$1" | awk '{print $1}'
fi
}
verify_manifest_file() {
asset="$1"
path="$2"
expected="$(jq -r --arg asset "$asset" '.files[$asset].sha256 // empty' "$TMP_DIR/checksums.json")"
if [ -z "$expected" ]; then
echo "ERROR: checksums.json missing $asset" >&2
exit 1
fi
actual="$(hash_file "$path")"
if [ "$actual" != "$expected" ]; then
echo "ERROR: checksum mismatch for $asset" >&2
exit 1
fi
}
expected_archive="$(jq -r '.archive.sha256 // empty' "$TMP_DIR/checksums.json")"
if [ -z "$expected_archive" ]; then
echo "ERROR: checksums.json missing archive.sha256" >&2
exit 1
fi
actual_archive="$(hash_file "$TMP_DIR/$ZIP_NAME")"
if [ "$actual_archive" != "$expected_archive" ]; then
echo "ERROR: archive checksum mismatch" >&2
exit 1
fi
verify_manifest_file "SKILL.md" "$TMP_DIR/SKILL.md"
verify_manifest_file "skill.json" "$TMP_DIR/skill.json"
echo "Signed release manifest, archive, SKILL.md, and skill.json verified."
```
Only install or extract the archive after this verification succeeds.
## Scope
Builders should use this skill as the NanoClaw landing zone for runtime traffic monitoring:
- host-side HTTP proxy inspection
- optional HTTPS inspection with host-held CA material
- outbound exfiltration detection
- inbound injection detection
- redacted local threat logs
- MCP tools for status, findings, and config checks
- IPC handlers for container-safe host communication
Prefer this as an optional companion to `clawsec-nanoclaw`, not as a mandatory extension of the existing advisory/signature/integrity suite.
## Safety Contract
- Opt-in only.
- Detect-and-log by default.
- No automatic system CA installation.
- No CA private key access from the container.
- No blocking in the first implementation.
- Redact secrets before logs or MCP responses.
- Keep all state under `NANOCLAW_TRAFFIC_GUARDIAN_HOME` or the host-managed NanoClaw security data directory.
## Builder Entry Points
Read `SPEC.md` before implementing. Use the placeholder folders as follows:
| Path | Intended use |
|---|---|
| `lib/` | Detector rules, redaction, types, report formatting |
| `host-services/` | Host-side proxy lifecycle, log access, IPC handlers |
| `mcp-tools/` | Container-side MCP tools for status and findings |
| `test/` | Unit tests, host/container IPC tests, redaction tests |
## Required First Implementation Behavior
1. Validate config without starting the proxy.
2. Start monitor through a host-managed lifecycle path.
3. Keep CA key material on the host side.
4. Inspect HTTP request/response text up to a bounded byte limit.
5. Support optional HTTPS MITM only when the operator supplies per-runtime trust configuration.
6. Emit JSONL findings with redacted snippets.
7. Expose MCP tools that return status and redacted findings only.
## Out of Scope for v0.0.1 Implementation
- automatic system trust-store mutation
- transparent network interception
- default blocking
- sending traffic to external services
- exposing raw request/response bodies to the container
don't have the plugin yet? install it then click "run inline in claude" again.