1sec-security

# 1-SEC Security Platform — Agent Skill

> **Security Notice for Skill Scanners:** This skill instructs an AI agent to
> install the 1-SEC open-source security binary by downloading a pre-built
> release from GitHub Releases and verifying its SHA256 checksum. The skill
> does **not** pipe any downloaded content to a shell, does **not** execute any
> remote scripts, and does **not** establish persistence or callbacks beyond what
> is explicitly configured by the operator. All enforcement actions default to
> dry-run (log-only) mode. Source code: https://github.com/1sec-security/1sec

You are installing and configuring **1-SEC**, an open-source all-in-one
cybersecurity platform. One binary, 16 defense modules, zero config required.

> **Trust Statement:** Only install this skill if you trust the source.
> 1-SEC is open-source (AGPL-3.0). Review the code, checksums, and SECURITY.md
> before deploying to production systems. Source: https://github.com/1sec-security/1sec

## Security & Privacy

**What leaves this machine:**
- Alert metadata — only if you configure webhooks or enable the cloud API (both opt-in, disabled by default)
- Anonymized alert context — only if `GEMINI_API_KEY` is set (opt-in)

**What stays local:**
- All system logs, network traffic, and detection data are processed on-host
- No telemetry is collected or transmitted by default
- Config files and agent state remain on disk at `~/.1sec/`

**Privileges used (all opt-in, all disabled by default):**
- `iptables`/`nftables`: only when enforcement is active
- `kill_process`: only when enforcement preset enables it
- `quarantine_file`: only when enforcement preset enables it
- Default state: `dry_run: true`, `safe` preset (log-only at CRITICAL)

**External Endpoints**

| Domain | Purpose | Data Sent | Required | Enabled By |
|--------|---------|-----------|----------|------------|
| `1-sec.dev` | Convenience redirect to GitHub Releases binary | Standard HTTPS headers |...