lulu-monitor
AI-powered LuLu Firewall companion for macOS. Monitors firewall alerts, analyzes connections with AI, sends Telegram notifications with Allow/Block buttons. Use when setting up LuLu integration, handling firewall callbacks, or troubleshooting LuLu Monitor issues.
Why use this skill?
Monitor LuLu firewall alerts, analyze connections with AI, and manage network permissions remotely via Telegram with this OpenClaw AI agent skill.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/dexiaong/lulu-monitortWhat This Skill Does
LuLu Monitor is an intelligent AI-powered companion designed specifically for the LuLu Firewall on macOS. It acts as an automated security bridge between your macOS environment and your Telegram client. When the LuLu Firewall triggers a connection alert, this skill captures the process information, target IP, port, and DNS data, and transmits it to an AI model (Haiku) for an immediate risk assessment.
Instead of blindly accepting or denying network requests, you receive a detailed Telegram notification explaining the nature of the connection. The notification includes interactive action buttons, allowing you to trigger 'Always Allow', 'Allow Once', 'Always Block', or 'Block Once' commands directly from your phone or desktop. For power users, the skill includes an 'Auto-Execute' mode that, when enabled via a local configuration file, automatically authorizes low-risk processes like 'curl' or 'git', significantly reducing alert fatigue while maintaining high-level visibility into your outbound traffic.
Installation
To install, execute the following command: clawhub install openclaw/skills/skills/dexiaong/lulu-monitor. Prerequisites include a working installation of LuLu Firewall (via Homebrew), Node.js, an active OpenClaw Gateway with Telegram integration, and specific macOS Accessibility permissions. After running the install script, ensure the service is running by verifying the status endpoint at http://127.0.0.1:4441/status. Always ensure that your ~/.openclaw/lulu-monitor/config.json file is correctly formatted with your Telegram ID to receive alerts.
Use Cases
- Remote Security Monitoring: Managing network permissions for your macOS machine while away from your computer.
- Reducing Alert Fatigue: Automatically whitelisting trusted development tools while being alerted only to suspicious or unknown outbound connections.
- Network Auditing: Getting detailed insights into which processes are phoning home without needing to constantly check the macOS desktop UI.
- Security Hardening: Applying strict 'Block' policies to unknown connections identified as high-risk by the integrated AI analysis.
Example Prompts
- "Check the current status of my LuLu monitor service and make sure it is connected to Telegram."
- "Enable auto-execute mode for my firewall, but set the default action to 'allow-once' for safety."
- "Summarize the recent firewall alerts caught by the LuLu monitor today."
Tips & Limitations
Always ensure that 'Accessibility' permissions are granted to the terminal or osascript, as this is required for the skill to click buttons on the LuLu UI. Note that auto-execute mode should be used cautiously; while convenient, it could potentially allow malicious traffic if you define overly broad trust rules. If you experience issues with notification delivery, double-check your OpenClaw Gateway configuration.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-dexiaong-lulu-monitort": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, external-api
Related Skills
omnicog
Universal service integration for OpenClaw — connect Reddit, Steam, Spotify, GitHub, Discord, and more with a single API.
chaterimo
AI Customer Service for Shopify & E-commerce - Query conversations, analyze chatbot performance, and manage your Chaterimo AI assistant
gmail-client-PM
Read and send emails via Gmail. Use to list unread messages, read specific emails by ID, or send new emails.
parallel-task-executor
多任务并行执行管理器。接收多条指令并同步执行,支持优先级调度、任务依赖、结果收集和进度跟踪。适用于需要并发处理多个独立任务的场景。
arb-injection
BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.