Overview
Wolffish runs a comprehensive security audit of your machine — checks open ports and what’s listening on them, firewall status and configuration, running services, SSH setup, disk encryption, OS-level protections, and scans for outdated software with known CVEs. It compiles everything into a structured report ranked by severity with exact remediation steps. Works on macOS, Linux, and Windows. The agent detects your OS and runs the appropriate commands — no manual configuration needed. No third-party vulnerability scanners. No cloud dashboards. No agents phoning home. Just shell commands + web search for CVE lookups, running locally on your machine.Video Walkthrough
Capabilities Required
shell— runs system commands to audit local machine state (OS-specific:lsof/ss/netstat, firewall tools, package managers, etc.)web-search— looks up CVEs for outdated packages found during the audit
Setup
This use case usesshell and web-search — both need a cloud LLM to work. Read the general Setting Up for Success guide for the full picture — what’s below is specific to this workflow.
Recommended
- DeepSeek v4 Pro — this workflow is primarily shell commands and structured reporting. DeepSeek v4 Pro handles it well and keeps costs low.
Required
- Wolffish installed and running — the desktop app with a configured brain workspace.
- Cloud API key — DeepSeek, Anthropic (Claude), or OpenAI, configured in Settings > Models. Needed for CVE lookups via web search and for generating the structured report.
- A package manager — the outdated-package scan relies on your system’s package manager. Homebrew on macOS, apt/dnf/pacman on Linux, or winget/choco on Windows.
Optional
- Elevated privileges — some commands need
sudo(Linux/macOS) or Administrator (Windows) to see all listeners, system services, and firewall rules. Without elevation, the audit still runs but may miss some system-level services. Wolffish will prompt you (via the Amygdala) before running any privileged command.
Schedule
The Prompt
Send this to Wolffish on-demand, or add it to your heartbeat for automated daily runs. When sent directly, the message goes straight to the LLM with your available capabilities — no brainstem or heartbeat involved.How It Works
On-demand: You send the prompt directly. Prefrontal loads the relevant capabilities (shell + web-search) into context and the LLM executes the audit. Automated: Brainstem fires the heartbeat on schedule, which triggers the same flow without manual input. In both cases, the LLM detects the OS and runs the appropriate shell commands:| Check | macOS | Linux | Windows |
|---|---|---|---|
| Open ports | lsof -iTCP -sTCP:LISTEN | ss -tlnp | netstat -ano | findstr LISTENING |
| Firewall | socketfilterfw --getglobalstate | ufw status / iptables -L | netsh advfirewall show allprofiles |
| Services | launchctl list | systemctl list-units | Get-Service |
| Disk encryption | fdesetup status | cryptsetup status / lsblk | manage-bde -status |
| OS protections | csrutil status, spctl --status | AppArmor/SELinux status | Windows Defender, Secure Boot |
| SSH config | cat /etc/ssh/sshd_config | cat /etc/ssh/sshd_config | Get-Service sshd + config |
| Package updates | brew outdated | apt list --upgradable / dnf check-update | winget upgrade / choco outdated |
| Background processes | ~/Library/LaunchAgents | systemctl list-unit-files | Startup apps + scheduled tasks |
- For each installed package with a version number, the LLM uses
web_searchto check for known CVEs. - The LLM compiles findings into a structured report: critical > warning > info.
- Each finding includes: what it found, why it matters, and how to fix it.
- Hippocampus logs the report as an episode for historical tracking.
- Basalganglia records the outcome.
Limits
- Some commands need elevated privileges (
sudoon Linux/macOS, Administrator on Windows) — Amygdala will prompt you - CVE lookups via web search are best-effort, not a substitute for a dedicated vulnerability scanner
- Local scans only see what the OS exposes — can’t detect rootkits or kernel-level compromises
- System-managed packages (e.g. Apple’s
/usr/bin/ruby, Windows inbox components) can’t be upgraded directly — the agent will note this and recommend alternatives
Cost & Model Guide
This is one of the cheapest use cases. No computer-use, no screenshots — just shell commands and text processing.Recommended Model
DeepSeek v4 Pro is the recommended model. The workflow is straightforward: run commands, parse output, look up CVEs, write a report. DeepSeek v4 Pro handles this well and keeps the cost low. Claude Sonnet 4.x works well too — a solid alternative if you’re already on Anthropic’s API. Claude Haiku 4.5 may miss subtle security implications or produce less actionable remediation steps. Use it if you’re on a tight budget and comfortable interpreting results yourself.Approximate Cost Per Run
| Model | Est. Cost Per Run | Monthly (Weekly) |
|---|---|---|
| DeepSeek v4 Pro | ~0.15-0.40 USD | ~0.60-1.60 USD |
| Claude Sonnet 4.x | ~0.30-0.80 USD | ~1.20-3.20 USD |
| Claude Haiku 4.5 | ~0.10-0.25 USD | ~0.40-1.00 USD |
Token Budget
~200,000 tokens per run with an 80,000 context window. The bulk comes from CVE web search results and cross-referencing. Approximately 15-25 LLM calls (web searches for CVE landscape + shell commands + Apple advisory lookups + cross-referencing + report generation).Example Run
Here’s what a real audit looks like on macOS. The agent searched the web for recent CVEs, ran local shell commands, cross-referenced the findings, and produced this report:Full Example Report (macOS)
Full Example Report (macOS)
Good, I have the CVE landscape. Now let me run local checks and cross-reference with those findings. Let me fetch the detailed Apple advisories and run local checks in parallel. All data collected. Let me now cross-reference everything and give you the full picture.
Security Audit — yana-macbook-proOS: macOS Tahoe 26.5 (Build 25F71) — Apple Silicon
Date: 2026-05-27
Assessment: Mostly clean with a few things worth attention
Core OS Defenses (All Good)
Items Needing Attention1. Node.js on port 3000 — exposed to all interfaces (MEDIUM)A Node.js dev server or Wolffish backend is listening on all network interfaces, not just localhost. Anyone on your network (coffee shop, coworking space) can hit it.Fix: Bind it to localhost only, e.g.
2. Chrome DevTools debugging port open (LOW)Port 9222 is Chrome’s remote debugging protocol. Bound to localhost so exposure is minimal, but if you didn’t intentionally enable this (
3. 31 outdated Homebrew packages (33 with casks) (MEDIUM)Fix:
4. SSH config: root access to remote server (INFO)You’re SSHing as root to a DigitalOcean droplet. Not a vulnerability per se, but root-over-SSH is the thing security people write stern blog posts about.Fix (optional): Create a non-root user with sudo on that server and disable root SSH login in
5. Firewall — enabled but no stealth mode (LOW)Firewall is on but stealth mode is off — the machine responds to pings and probe packets. On trusted home Wi-Fi this is fine, but on public networks it makes you slightly more discoverable.Fix:
CVE Cross-Reference
The big macOS CVEs to be aware of that you’re protected from:
Action Items (Priority Order)
Bottom line: your machine is in good shape. macOS defenses are fully engaged, you’re on the latest OS with the May patch batch, and your browser/runtime versions are current. The main gap is the 31-33 outdated brew packages and that exposed Node port. Neither is an emergency, but both are worth fixing this week.
Security Audit — yana-macbook-proOS: macOS Tahoe 26.5 (Build 25F71) — Apple Silicon
Date: 2026-05-27
Assessment: Mostly clean with a few things worth attention
Core OS Defenses (All Good)
| Check | Status |
|---|---|
| macOS version | 26.5 — latest release, includes May 2026 patch batch (79 CVEs) |
| FileVault | On |
| SIP | Enabled |
| Gatekeeper | Enabled |
| SSH daemon | Not running |
| Chrome | 148.0.7778.179 — latest |
| No authorized_keys | Nobody can SSH in |
Items Needing Attention1. Node.js on port 3000 — exposed to all interfaces (MEDIUM)
--host 127.0.0.1 or .listen(3000, '127.0.0.1').2. Chrome DevTools debugging port open (LOW)
--remote-debugging-port=9222), something spawned Chrome with it on.Fix: Find what’s launching Chrome with that flag. Common culprits: Puppeteer, Playwright, Selenium, or an automation script. If you don’t need it, kill the flag.3. 31 outdated Homebrew packages (33 with casks) (MEDIUM)
brew upgrade && brew upgrade --cask --greedy. That’s one command. 33 packages, shouldn’t take more than a few minutes.4. SSH config: root access to remote server (INFO)
/etc/ssh/sshd_config (PermitRootLogin no).5. Firewall — enabled but no stealth mode (LOW)Firewall is on but stealth mode is off — the machine responds to pings and probe packets. On trusted home Wi-Fi this is fine, but on public networks it makes you slightly more discoverable.Fix:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode onCVE Cross-Reference
| Software | Your Version | Relevant CVEs | Status |
|---|---|---|---|
| macOS Tahoe | 26.5 | 79 CVEs in May 2026 batch (all patched in 26.5) | Patched |
| Chrome | 148.0.7778.179 | CVE-2026-5281 (UAF, exploited), CVE-2026-3913 (heap overflow), CVE-2026-2441 (zero-day) | Patched |
| Node.js | v24.15.0 | CVE-2026-21636 (medium), March 2026 TLS CVEs | Likely patched in 24.15 |
| Git | 2.47.1 | Multiple since | Update |
| OpenSSH | 10.2p1 (Apple) | CVE-2025-26465/26466 (from Sequoia 15.5) | Apple’s bundled, patched via OS |
| OpenSSL | 3.6.2 | — | Current |
- CVE-2026-28819 (Wi-Fi) — arbitrary code execution with kernel privs
- CVE-2026-43668 (mDNSResponder) — remote kernel memory corruption
- CVE-2026-28972 (Kernel) — out-of-bounds write into kernel memory
Action Items (Priority Order)
- Bind node port 3000 to localhost — 30 seconds, closes your biggest exposure
brew upgrade && brew upgrade --cask --greedy— 5 minutes, clears 33 outdated packages- Enable stealth mode — 10 seconds
- Check what’s spawning Chrome with
--remote-debugging-port— detective work - Audit that DO droplet’s root SSH access — whenever you’re feeling responsible
Bottom line: your machine is in good shape. macOS defenses are fully engaged, you’re on the latest OS with the May patch batch, and your browser/runtime versions are current. The main gap is the 31-33 outdated brew packages and that exposed Node port. Neither is an emergency, but both are worth fixing this week.
Automating with Heartbeat
Add the prompt tobrain/brainstem/heartbeat.md under a daily schedule: