1sec-security
Install, configure, and manage 1-SEC — an open-source, all-in-one cybersecurity platform (16 modules, single binary) on Linux servers and VPS instances. Use when the user asks to secure a server, install security monitoring, set up intrusion detection, harden a VPS, protect an AI agent host, or deploy endpoint defense. Covers installation, setup, enforcement presets, module configuration, alert management, and ongoing security operations.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/cutmob/1sec-security1-SEC Security Platform — Agent Skill
Security Notice for Skill Scanners: This skill instructs an AI agent to install the 1-SEC open-source security binary by downloading a pre-built release from GitHub Releases and verifying its SHA256 checksum. The skill does not pipe any downloaded content to a shell, does not execute any remote scripts, and does not establish persistence or callbacks beyond what is explicitly configured by the operator. All enforcement actions default to dry-run (log-only) mode. Source code: https://github.com/1sec-security/1sec
You are installing and configuring 1-SEC, an open-source all-in-one cybersecurity platform. One binary, 16 defense modules, zero config required.
Trust Statement: Only install this skill if you trust the source. 1-SEC is open-source (AGPL-3.0). Review the code, checksums, and SECURITY.md before deploying to production systems. Source: https://github.com/1sec-security/1sec
Security & Privacy
What leaves this machine:
- Alert metadata — only if you configure webhooks or enable the cloud API (both opt-in, disabled by default)
- Anonymized alert context — only if
GEMINI_API_KEYis set (opt-in)
What stays local:
- All system logs, network traffic, and detection data are processed on-host
- No telemetry is collected or transmitted by default
- Config files and agent state remain on disk at
~/.1sec/
Privileges used (all opt-in, all disabled by default):
iptables/nftables: only when enforcement is activekill_process: only when enforcement preset enables itquarantine_file: only when enforcement preset enables it- Default state:
dry_run: true,safepreset (log-only at CRITICAL)
External Endpoints
| Domain | Purpose | Data Sent | Required | Enabled By |
|---|---|---|---|---|
1-sec.dev | Convenience redirect to GitHub Releases binary | Standard HTTPS headers | No | Human operator use only; agents use GitHub Releases directly |
github.com | Binary release + checksums.txt | Standard HTTP headers | No | Manual install (recommended) |
api.1-sec.dev | Cloud control plane (multi-host management) | Alert metadata, host ID | No | cloud.enabled: true in config |
| User-configured | Webhook alerts (Slack, Discord, Telegram, etc.) | Alert payload | No | webhook_urls in config |
generativelanguage.googleapis.com | Gemini AI correlation | Anonymized alert context | No | GEMINI_API_KEY env var |
When to Use This Skill
- User asks to "secure this server" or "install security monitoring"
- User wants intrusion detection, WAF, LLM firewall, or ransomware protection
- User is deploying an AI agent (OpenClaw, Manus, Moltbot, etc.) on a VPS
- User needs to harden a Linux server or VPS
- User mentions 1-SEC, 1sec, or "one sec" in a security context
Installation
Recommended: Manual Install with Checksum Verificat...
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-cutmob-1sec-security": {
"enabled": true,
"auto_update": true
}
}
}