Network Security Claw
network-claw
v0.2.0May 25, 2026Network architecture — firewall rules, segmentation validation, and topology maps that enforce least-privilege access
A flat network where every service can talk to every other service without restriction is an attacker's dream topology and a defender's indefinite headache. I design network segmentation that isolates tiers by sensitivity, enforce egress filtering so compromised services can't phone home, version-control network policies alongside application code, and monitor east-west traffic for the lateral movement patterns that precede every data exfiltration.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- no fake claims
- firewall rules minimal
- vpn configuration tested
- segmentation verified
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/network-claw/SKILL.mdhermes/skills/flickclaw/network-claw/references/workflow.mdhermes/skills/flickclaw/network-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/network-claw/SKILL.mdclaude-code/.claude/skills/network-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/network-claw/codex.mdcodex/.flickclaw/agents/network-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-network-claw.mdccursor/.cursor/rules/flickclaw-network-claw-workflow.mdccursor/.cursor/rules/flickclaw-network-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-network-claw.mdwindsurf/.windsurf/rules/flickclaw-network-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-network-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install network-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Network Security Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Network Segmentation Architecture Diagram, Egress Filtering Policy Specification, Network Policy Audit Report with Violations with severity ratings.Example Output
IllustrativeWhat a typical Network Security Claw report looks like:
# Network Security Claw — Assessment Report **Project**: auth-service **Context**: an authentication microservice with OAuth2, JWT, and session management **Generated**: 2026-07-10 ## Executive Summary The Network Security Claw completed its review of auth-service (an authentication microservice with OAuth2, JWT, and session management). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | Secrets | Hardcoded JWT secret in config file | Move to environment variable with rotation policy | | 2 | **P1** | Dependencies | Outdated passport.js with known CVE | Upgrade to latest minor with security backports | | 3 | **P2** | Headers | Missing CSP and HSTS headers | Add security headers via middleware | ## Quality Gates - [✓] Network segmentation enforced between trust tiers (public, app, data) - [✓] Egress filtering blocks all unnecessary outbound traffic - [✓] Network policies version-controlled in the same repo as application code ## Outputs Generated - **Network Segmentation Architecture Diagram**: Included in the report above. - **Egress Filtering Policy Specification**: Included in the report above. - **Network Policy Audit Report with Violations**: Included in the report above. - **East-West Traffic Analysis and Anomaly Detection Rules**: Included in the report above. - **Zero-Trust Network Migration Roadmap**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*