✓ Verified
💻 Development
✓ Enhanced Data
Lulu Monitor
AI-powered LuLu Firewall companion for macOS.
- Rating
- 4.3 (298 reviews)
- Downloads
- 5,444 downloads
- Version
- 1.0.0
Overview
AI-powered LuLu Firewall companion for macOS.
Complete Documentation
View Source →
LuLu Monitor
AI-powered companion for LuLu Firewall on macOS.
What It Does
- Monitors LuLu firewall alert popups
- Extracts connection info (process, IP, port, DNS)
- Spawns a fast AI (haiku) to analyze the connection
- Sends Telegram notification with risk assessment
- Provides 4 action buttons: Always Allow, Allow Once, Always Block, Block Once
- Executes the action on LuLu when user taps a button
Auto-Execute Mode (Optional)
For reduced interruptions, enable auto-execute mode. When the AI has high confidence (known safe programs like curl, brew, node, git connecting to normal destinations), it will:
- Automatically execute the Allow action
- Still send a Telegram notification explaining what was auto-allowed
bash
# Create config.json in install directory
cat > ~/.openclaw/lulu-monitor/config.json << 'EOF'
{
"telegramId": "YOUR_TELEGRAM_ID",
"autoExecute": true,
"autoExecuteAction": "allow-once"
}
EOFOptions:
autoExecute:false(default) - all alerts require manual button pressautoExecuteAction:"allow-once"(default, conservative) or"allow"(permanent rule)
Installation
Prerequisites
Run the check script first:
bash
bash scripts/check-prerequisites.shRequired:
- LuLu Firewall:
brew install --cask lulu - Node.js:
brew install node - OpenClaw Gateway: Running with Telegram channel configured
- Accessibility Permission: System Settings > Privacy > Accessibility > Enable Terminal/osascript
Gateway Configuration (Required)
The monitor calls sessions_spawn via OpenClaw's /tools/invoke HTTP API. This tool is blocked by default. Add it to the allowlist in ~/.openclaw/openclaw.json:
json5
{
"gateway": {
"tools": {
"allow": ["sessions_spawn"]
}
}
}Without this, alerts will be detected but fail to forward (404 in logs).
Install
bash
bash scripts/install.shThis will:
- Clone the repo to
~/.openclaw/lulu-monitor/ - Install npm dependencies
- Set up launchd for auto-start
- Start the service
Verify
bash
curl http://127.0.0.1:4441/statusShould return {"running":true,...}
Sending Alerts with Inline Buttons
⚠️ The message tool's buttons/components parameter does NOT work for Telegram inline buttons. You must use the CLI via exec:
bash
openclaw message send --channel telegram --target <chat_id> \
--message "🔔 LuLu Alert: <summary>" \
--buttons '[[{"text":"✅ Always Allow","callback_data":"lulu:allow"},{"text":"✅ Allow Once","callback_data":"lulu:allow-once"}],[{"text":"❌ Always Block","callback_data":"lulu:block"},{"text":"❌ Block Once","callback_data":"lulu:block-once"}]]'After sending via CLI, reply with NO_REPLY to avoid duplicate messages.
Handling Callbacks
When user clicks a Telegram button, OpenClaw receives a callback like:
text
callback_data: lulu:allow
callback_data: lulu:allow-once
callback_data: lulu:block
callback_data: lulu:block-onceTo handle it, call the local endpoint:
bash
curl -X POST http://127.0.0.1:4441/callback \
-H "Content-Type: application/json" \
-d '{"action":"allow"}' # or "block", "allow-once", "block-once"This will:
- Click the appropriate button on LuLu alert
- Set Rule Scope to "endpoint"
- Set Rule Duration to "Always" or "Process lifetime"
- Edit the Telegram message to show result
Troubleshooting
Service not running
bash
# Check status
launchctl list | grep lulu-monitor
# View logs
tail -f ~/.openclaw/lulu-monitor/logs/stdout.log
# Restart
launchctl unload ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist
launchctl load ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plistAccessibility permission issues
AppleScript needs permission to control LuLu. Go to: System Settings > Privacy & Security > Accessibility Enable: Terminal, iTerm, or whatever terminal you useAlert not detected
- Ensure LuLu is running:
pgrep -x LuLu - Check if alert window exists:
osascript -e 'tell application "System Events" to tell process "LuLu" to get every window'
Uninstall
bash
bash ~/.openclaw/lulu-monitor/skill/scripts/uninstall.shInstallation
Terminal bash
openclaw install lulu-monitor
Copied!
💻Code Examples
**To enable:**
to-enable.sh
# Create config.json in install directory
cat > ~/.openclaw/lulu-monitor/config.json << 'EOF'
{
"telegramId": "YOUR_TELEGRAM_ID",
"autoExecute": true,
"autoExecuteAction": "allow-once"
}
EOF}
.txt
Without this, alerts will be detected but fail to forward (404 in logs).
### Installbash scripts/install.sh
bash-scriptsinstallsh.txt
This will:
1. Clone the repo to `~/.openclaw/lulu-monitor/`
2. Install npm dependencies
3. Set up launchd for auto-start
4. Start the service
### Verifycurl http://127.0.0.1:4441/status
curl-http1270014441status.txt
Should return `{"running":true,...}`
## Sending Alerts with Inline Buttons
⚠️ **The `message` tool's `buttons`/`components` parameter does NOT work for Telegram inline buttons.** You must use the CLI via `exec`:--buttons '[[{"text":"✅ Always Allow","callback_data":"lulu:allow"},{"text":"✅ Allow Once","callback_data":"lulu:allow-once"}],[{"text":"❌ Always Block","callback_data":"lulu:block"},{"text":"❌ Block Once","callback_data":"lulu:block-once"}]]'
---buttons-text-always-allowcallbackdataluluallowtext-allow-oncecallbackdataluluallow-oncetext-always-blockcallbackdatalulublocktext-block-oncecallbackdatalulublock-once.txt
After sending via CLI, reply with `NO_REPLY` to avoid duplicate messages.
## Handling Callbacks
When user clicks a Telegram button, OpenClaw receives a callback like:-d '{"action":"allow"}' # or "block", "allow-once", "block-once"
--d-actionallow--or-block-allow-once-block-once.txt
This will:
1. Click the appropriate button on LuLu alert
2. Set Rule Scope to "endpoint"
3. Set Rule Duration to "Always" or "Process lifetime"
4. Edit the Telegram message to show result
## Troubleshooting
### Service not runninglaunchctl load ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist
launchctl-load-librarylaunchagentscomopenclawlulu-monitorplist.txt
### Accessibility permission issues
AppleScript needs permission to control LuLu. Go to:
System Settings > Privacy & Security > Accessibility
Enable: Terminal, iTerm, or whatever terminal you use
### Alert not detected
- Ensure LuLu is running: `pgrep -x LuLu`
- Check if alert window exists: `osascript -e 'tell application "System Events" to tell process "LuLu" to get every window'`
## Uninstallexample.txt
{
"gateway": {
"tools": {
"allow": ["sessions_spawn"]
}
}
}example.sh
openclaw message send --channel telegram --target <chat_id> \
--message "🔔 LuLu Alert: <summary>" \
--buttons '[[{"text":"✅ Always Allow","callback_data":"lulu:allow"},{"text":"✅ Allow Once","callback_data":"lulu:allow-once"}],[{"text":"❌ Always Block","callback_data":"lulu:block"},{"text":"❌ Block Once","callback_data":"lulu:block-once"}]]'example.txt
callback_data: lulu:allow
callback_data: lulu:allow-once
callback_data: lulu:block
callback_data: lulu:block-onceTags
#ios_and-macos-development
Quick Info
Category Development
Model Claude 3.5
Complexity One-Click
Author easonc13
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install lulu-monitor
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
⚡ GPT-Optimized
)}
★ 3.8 (274)
↓ 17,648
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0