Capstone: Your Personal Security Policy

Security That Sticks

🔄 Quick Recall: Over 7 lessons, you’ve learned the threat landscape (Lesson 1), built a threat model (Lesson 2), implemented Docker isolation (Lesson 3), set permission boundaries (Lesson 4), created a skill vetting framework (Lesson 5), configured monitoring (Lesson 6), and understood why prompt injection remains unsolved (Lesson 7). Now let’s make it permanent.

Pixee.ai’s research found a striking gap: 98% of organizations with 500+ employees deploy agentic AI, but 79% lack formal security policies. Security decisions are made ad hoc, incident by incident, and lessons learned get forgotten.

Your personal security policy closes that gap. It’s not a legal document — it’s a living reference that captures your decisions so you don’t have to re-make them every time.

Your Policy Template

The following template combines frameworks from OWASP (Source 3), NIST (Source 6), Gartner (Source 8), AWS (Source 10), and Auth0 (Source 32). Customize it for your specific agent setup.

Section 1: Agent Inventory

List every AI agent you use:

Why this matters: You can’t secure agents you’ve forgotten about. Shadow AI — agents deployed without formal approval — was one of Bitdefender’s key findings in enterprise environments. It happens to individuals too.

Section 2: Permission Tiers

Define three permission levels based on your threat model:

Tier 1 — Restricted (Low Trust)

• Read-only access to specified directories
• No internet access
• No credential access
• No shell execution
• Use for: untested skills, new agents, experimental workflows

Tier 2 — Standard (Medium Trust)

• Read/write access to project directories
• Allowlisted API endpoints only
• Agent-specific scoped tokens
• No shell execution unless explicitly approved per-task
• Use for: vetted skills, daily workflows, coding assistance

Tier 3 — Extended (High Trust)

• Broader file access (still not full system)
• Internet access through proxy with logging
• Shell execution for pre-approved commands
• Human-in-the-loop for irreversible actions
• Use for: long-running autonomous tasks, multi-step workflows

Never grant: Unrestricted shell, full filesystem, personal API keys, email sending without approval.

✅ Quick Check: A new skill claims to organize your Downloads folder. What permission tier should you start with? (Answer: Tier 1 — Restricted. Give it read-only access to the Downloads folder first. Run it, verify it works as described, review its behavior. If it checks out, promote to Tier 2 with read/write access to only that folder.)

Section 3: Incident Response

When your monitoring (Lesson 6) fires an alert:

Step 1: Stop (30 seconds)

docker stop agent-container --time=0

Don’t investigate while the agent is running. Stop first.

Step 2: Preserve (2 minutes)

docker logs agent-container > /tmp/incident-$(date +%Y%m%d).log
docker cp agent-container:/app/data /tmp/incident-data-$(date +%Y%m%d)/

Copy logs and data before touching anything.

Step 3: Revoke (2 minutes)

• Revoke all API keys the agent had access to
• Rotate any secrets in the agent’s environment
• Change passwords if credential exposure is suspected

Step 4: Investigate (15-60 minutes)

• What triggered the alert?
• What files did the agent access in the last 24 hours?
• Were any outbound network requests made to unexpected destinations?
• Were any memory files modified?

Step 5: Remediate

• If a skill was the cause: remove it, re-vet all other installed skills
• If prompt injection was the cause: clean memory files, review processed documents
• If a vulnerability was exploited: update the agent, review Docker configuration
• Document what happened and what you changed

Step 6: Resume Start the agent with fresh credentials. Monitor closely for 48 hours.

Section 4: Credential Management

Following Gartner’s “block, rotate, audit” framework:

Block: Never give agents your personal credentials. Create agent-specific tokens with minimum required scope.

Rotate: Schedule credential rotation:

• Critical (financial APIs, email): Weekly
• Standard (dev tools, search): Monthly
• After any security event: Immediately

Audit: Review active credentials quarterly:

• Which tokens are active? Are any unnecessary?
• Which tokens have broader scope than needed?
• Are any credentials still present from decommissioned agents?

Section 5: Skill Management

Your vetting framework from Lesson 5, formalized:

Before installation:

• 5-point vetting framework passed (source, scan, review, prerequisites, test)
• Permission tier assigned (start at Tier 1)

After installation:

• First run monitored with enhanced logging
• Behavior matches description
• No unexpected file access, network calls, or memory modifications
• Promoted to appropriate tier after verification

Ongoing:

• Re-scan installed skills monthly with Cisco Skill Scanner
• Check for skill updates and review changelogs before updating
• Immediately remove any skill flagged as Suspicious or Malicious on VirusTotal

Section 6: Weekly Review Checklist

Every week, spend 15 minutes:

• Review agent activity logs for anomalies
• Check monitoring alerts from the past week
• Verify no new credential patterns in config files
• Confirm Docker hardening flags are still in place (docker inspect)
• Check for agent software updates and security patches
• Review memory files for unexpected entries
• Verify kill switch still works (quick test)

Schedule it. Put it on your calendar. Security that depends on remembering to do it doesn’t happen.

✅ Quick Check: During your weekly review, you notice your agent’s Docker container is running without –cap-drop=ALL. You’re sure you configured it. What happened? (Answer: Something recreated the container without your hardening flags — possibly an agent update, a restart script, or a docker-compose change. This is why weekly reviews include verifying Docker configuration. Fix it immediately and investigate what triggered the recreation.)

Course Review

Where to Go From Here

Deepen your knowledge:

• Read the OWASP Top 10 for Agentic Applications (Source 3) — it’s the industry standard
• Follow Simon Willison’s blog for prompt injection research updates
• Subscribe to security advisories for whatever agents you use

Build your skills:

• Take the “Build Custom OpenClaw Skills” course to understand skills from the creator’s perspective — knowing how skills work makes you better at vetting them
• Practice your incident response procedure with a simulated alert

Stay current:

• Agent security is evolving rapidly — new vulnerabilities, new defenses, new frameworks appear monthly
• Re-evaluate your security policy quarterly as the landscape changes
• The best security policy is the one you actually follow and update

Key Takeaways

• 98% deploy agentic AI, 79% lack policies — your written policy puts you ahead of most organizations
• Three permission tiers (Restricted, Standard, Extended) give you a framework for every situation
• Incident response is a procedure, not an improvisation — stop, preserve, revoke, investigate, remediate, resume
• “Block, rotate, audit” for credentials — never share personal keys, rotate regularly, review quarterly
• Weekly reviews take 15 minutes and catch configuration drift, unexpected access, and emerging threats
• The policy is a living document — update it when your setup changes or when you learn something new