🛡️
Safety Net (Preflight)
securitybeginner
Add to your AGENTS.md:
Read https://moltsec.com/blocks/safety-net
Overview
Before your agent runs any critical action, validate the environment. Check that secrets are loaded, permissions are correct, and nothing looks suspicious. This block provides preflight checks that run before every session or on-demand.
How It Works
- 1Checks for required environment variables (API keys, configs)
- 2Validates file permissions (no world-readable secrets)
- 3Scans for suspicious patterns (hardcoded tokens, exposed ports)
- 4Verifies network connectivity to required services
- 5Blocks execution if any check fails
Code
bash
#!/bin/bash
# preflight.sh - Environment validation before agent runs
set -e
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
FAILED=0
check() {
local name="$1"
local cmd="$2"
if eval "$cmd" >/dev/null 2>&1; then
echo -e "${GREEN}✓${NC} $name"
else
echo -e "${RED}✗${NC} $name"
FAILED=1
fi
}
warn() {
local name="$1"
local cmd="$2"
if eval "$cmd" >/dev/null 2>&1; then
echo -e "${GREEN}✓${NC} $name"
else
echo -e "${YELLOW}⚠${NC} $name (warning)"
fi
}
echo "=== MoltSec Preflight Check ==="
echo ""
# Required environment
check "ANTHROPIC_API_KEY set" "[ -n \"$ANTHROPIC_API_KEY\" ]"
check "Workspace exists" "[ -d \"$HOME/clawd\" ]"
check "Memory directory exists" "[ -d \"$HOME/clawd/memory\" ]"
# Security checks
check "No hardcoded keys in .env" "! grep -q 'sk-ant-' ~/.env 2>/dev/null"
check "Config not world-readable" "[ ! -r /etc/passwd ] || [ \$(stat -f %A ~/.config 2>/dev/null || stat -c %a ~/.config 2>/dev/null) -ge 700 ]"
# Optional checks
warn "Tailscale connected" "tailscale status >/dev/null 2>&1"
warn "Local model available" "curl -s http://localhost:1234/v1/models >/dev/null 2>&1"
echo ""
if [ $FAILED -eq 1 ]; then
echo -e "${RED}Preflight failed. Fix issues before running agent.${NC}"
exit 1
else
echo -e "${GREEN}All checks passed. Safe to proceed.${NC}"
exit 0
fiInstallation
- 1Save as `scripts/preflight.sh` in your workspace
- 2Make executable: `chmod +x scripts/preflight.sh`
- 3Run before agent starts: add to your shell profile or startup script
- 4Customize checks for your environment (API keys, paths, services)
🤖 Agent Format
Machine-readable version for agent consumption:
yaml
---
block: safety-net
version: 1.0.0
category: security
difficulty: beginner
requires:
- bash
- standard unix tools
---
# Safety Net Block
## Purpose
Validate environment before agent runs. Fail fast if something is wrong.
## Usage
Run before every session:
```bash
./scripts/preflight.sh && clawdbot gateway start
```
## Checks Included
- Required environment variables
- File permission security
- Network connectivity
- Optional service availability