← Back to Skills Marketplace
Security Monitor
by
chandrasekar-r
· GitHub ↗
· v1.0.0
7790
Downloads
6
Stars
56
Active Installs
1
Versions
Install in OpenClaw
/install security-monitor
Description
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
Usage Guidance
Install only if you are comfortable giving this skill access to local auth logs, port and process listings, Docker status, /root/clawd paths, and /root/clawd/skills/.env. Review or patch the credential-file check and the nonfunctional --threats scoping before use, run it with the least privilege that still allows the checks you need, and protect or rotate the generated log and state files.
Capability Analysis
Type: OpenClaw Skill
Name: security-monitor
Version: 1.0.0
The skill is classified as suspicious due to its use of high-risk capabilities, specifically reading sensitive files and executing system commands, even though these actions are ostensibly for security monitoring. The `scripts/monitor.cjs` file reads potentially sensitive `.env` files from `/root/clawd/` and executes commands like `tail`, `ss`, `ps aux`, and `docker ps` via `child_process.execSync`. While the script does not currently exfiltrate the *content* of credentials (only logging the *presence* of API keys), and a `TODO` comment for Telegram alerts is not implemented, the broad access to system information and sensitive files, combined with the ability to execute arbitrary commands, presents a significant risk if the code were to be modified or if the agent were compromised.
Capability Assessment
Purpose & Capability
System log, port, process, file-change, and Docker checks are coherent for a security monitor, but the script also reads /root/clawd/skills/.env contents to identify credential-related service names, which is sensitive and only loosely disclosed as credential-pattern monitoring.
Instruction Scope
SKILL.md advertises threat-specific monitoring with --threats, but the code only prints that option and unconditionally runs all checks, including system inspection and credential-file inspection.
Install Mechanism
There is no package install, dependency download, automatic service registration, or hidden setup step; execution is via a local Node.js script.
Credentials
The hard-coded /root/clawd paths, auth-log access, process and port inspection, Docker commands, and raw .env read are high-privilege local observations; most are purpose-aligned, but the credential-file read is under-scoped.
Persistence & Privilege
Daemon/background operation and local alert/state files are disclosed and expected for continuous monitoring, but the logs and state may contain security-event metadata and there is no retention or protection guidance.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install security-monitor - After installation, invoke the skill by name or use
/security-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: brute force detection, port anomaly monitoring, process monitoring, file change detection, Docker health checks
Metadata
Frequently Asked Questions
What is Security Monitor?
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches. It is an AI Agent Skill for Claude Code / OpenClaw, with 7790 downloads so far.
How do I install Security Monitor?
Run "/install security-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Monitor free?
Yes, Security Monitor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Security Monitor support?
Security Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Monitor?
It is built and maintained by chandrasekar-r (@chandrasekar-r); the current version is v1.0.0.
More Skills