lulu-monitor
AI-powered LuLu Firewall companion for macOS. Monitors firewall alerts, analyzes connections with AI, sends Telegram notifications with Allow/Block buttons. Use when setting up LuLu integration, handling firewall callbacks, or troubleshooting LuLu Monitor issues.
Why use this skill?
Enhance your LuLu Firewall with AI-powered alerts, instant Telegram notifications, and automated rule management. Secure your macOS network connections today.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/easonc13/lulu-monitorWhat This Skill Does
LuLu Monitor is an advanced AI-powered security companion designed specifically for the LuLu Firewall on macOS. It serves as an intelligent bridge between low-level network alerts and high-level conversational insight. Instead of simply seeing a cryptic alert popup on your desktop, LuLu Monitor intercepts these alerts, extracts vital metadata (process ID, remote IP, destination port, and DNS information), and routes them to an AI model for risk assessment. This allows you to make informed security decisions based on contextual analysis rather than manual guesswork. The skill integrates directly with Telegram, providing interactive inline buttons that allow you to manage your firewall rules—permitting or blocking connections—remotely and instantly without needing to manually open the LuLu interface.
Installation
To begin, ensure you have LuLu Firewall and Node.js installed on your system via Homebrew. Run the check script provided in the repository to verify system permissions, specifically ensuring 'Accessibility' access is granted to your terminal emulator. You must add sessions_spawn to your ~/.openclaw/openclaw.json gateway allowlist to enable the monitor to communicate with the OpenClaw core. Install the skill using clawhub install openclaw/skills/skills/easonc13/lulu-monitor and complete the configuration by creating the ~/.openclaw/lulu-monitor/config.json file with your Telegram ID. Run bash scripts/install.sh to initialize the background daemon.
Use Cases
- Proactive Threat Hunting: Identify suspicious outbound connections from unrecognized processes immediately.
- Simplified Security Management: Approve or deny connections for new applications without switching windows or interrupting your current workflow.
- Automation for Power Users: Enable 'Auto-Execute' mode to automatically allow trusted development tools like
git,brew, andnodewhile still receiving notifications. - Network Troubleshooting: Use the AI-provided insights to understand why a specific background process is attempting to connect to external servers.
Example Prompts
- "OpenClaw, setup LuLu Monitor and guide me through the configuration of my telegram chat ID for notifications."
- "Check the current status of the lulu-monitor service and verify that it is correctly intercepting outgoing network traffic."
- "Switch my LuLu Monitor settings to auto-execute mode and set the default action to 'allow-once' for all known safe background processes."
Tips & Limitations
Always be cautious with 'Always Allow' rules, as they bypass future checks for that specific process. Ensure your sessions_spawn configuration is accurate, as failure to do so will result in silent alert drops. For advanced automation, always prefer the CLI method for triggering buttons, as standard message components do not support Telegram callback events.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-easonc13-lulu-monitor": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, external-api, code-execution
Related Skills
sui-move
Sui blockchain and Move smart contract development. Use when the user asks about Sui, Move language, smart contracts, objects, transactions, or blockchain development on Sui.
sui-knowledge
Answer questions about Sui blockchain ecosystem, concepts, tokenomics, validators, staking, and general knowledge. Use when users ask "what is Sui", "how does Sui work", "Sui vs other chains", or any Sui-related questions that aren't specifically about Move programming.
abstract-searcher
Add abstracts to .bib file entries by searching academic databases (arXiv, Semantic Scholar, CrossRef) with browser fallback.
mac-control
Control Mac via mouse/keyboard automation using cliclick and AppleScript. Use for clicking UI elements, taking screenshots, getting window bounds, handling coordinate scaling on Retina displays, and automating UI interactions like clicking Chrome extension icons, dismissing dialogs, or toolbar buttons.
m3u8-downloader
Download encrypted m3u8/HLS videos using parallel downloads. Use when given an m3u8 URL to download a video, especially encrypted HLS streams with AES-128.