What is the Observe-Synth-Tighten workflow?

It is a three-phase process where you first collect event data, then generate a candidate security policy, and finally harden that policy by removing over-permissions and adding detection guards.

What types of agent activities can this skill analyze?

It can track and analyze file access, network egress, shell commands, MCP tool calls, patch applications, and user inputs.

What are considered 'red flags' during log analysis?

Patterns such as accessing .env or .ssh files, unexpected network calls to unknown domains, and shell commands involving pipes or redirections are flagged as high-risk.

Can I test the synthesized policies before deployment?

Yes, the skill includes tools to validate the policy syntax, suggest relevant test scenarios, and run those scenarios to verify the policy doesn't break intended functionality.

How does policy synthesis work?

The skill processes JSONL activity logs and automatically generates a candidate YAML policy featuring egress allowlists, tool blocks, and forbidden path patterns based on observed behavior.

Clawdstrike Security Observer & Policy Synthesizer

Name: Clawdstrike Security Observer & Policy Synthesizer
Author: backbay-labs

bybackbay-labs

•

273

•

セキュリティとテスト

Analyzes AI agent activity logs to automatically synthesize and harden security policies for autonomous fleets.

This skill implements a comprehensive 'Observe-Synth-Tighten' workflow designed to secure autonomous AI agents. By importing activity logs in JSONL format, it identifies patterns in file access, network egress, shell commands, and tool usage to detect anomalies and potential security risks. The skill then leverages these insights to synthesize formal YAML security policies, enabling developers to build Swarm Detection & Response (SDR) platforms that enforce egress allowlists, restrict sensitive path access, and validate agent behavior through automated test scenarios.

主な機能

01JSONL event collection for granular tracking of file, network, and shell activity

02Automated security policy synthesis based on observed agent behavior

03273 GitHub stars

04Integrated policy validation and automated scenario-based testing

05Heuristic-based anomaly detection for identifying red flags like credential theft

06Comparative analysis against strict baselines to identify over-permissioning

ユースケース

01Establishing compliance baselines for AI agent file and network interactions

02Hardening production AI agents by generating allowlists from staging environment logs

03Threat hunting within autonomous swarms to detect data exfiltration or prompt injection

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add backbay-labs/clawdstrike observe-analyze

For use in Claude.ai and ChatGPT

主な機能

01JSONL event collection for granular tracking of file, network, and shell activity

02Automated security policy synthesis based on observed agent behavior

03273 GitHub stars

04Integrated policy validation and automated scenario-based testing

05Heuristic-based anomaly detection for identifying red flags like credential theft

06Comparative analysis against strict baselines to identify over-permissioning

ユースケース

01Establishing compliance baselines for AI agent file and network interactions

02Hardening production AI agents by generating allowlists from staging environment logs

03Threat hunting within autonomous swarms to detect data exfiltration or prompt injection