← Back to Skills Marketplace
suzxclaw

Agent Security Monitor

by suzxclaw · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
1707
Downloads
1
Stars
10
Active Installs
1
Versions
Install in OpenClaw
/install agent-security-monitor
Description
Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal...
README (SKILL.md)

Agent Security Monitor

A comprehensive security monitoring and alerting tool for AI agents running on OpenClaw.

What It Does

Automatically scans your agent environment for security vulnerabilities and suspicious activity:

  1. Exposed Secrets Detection

    • Scans .env files and secrets.* files for sensitive patterns
    • Checks if secrets are properly masked (placeholder patterns like your_key, xxxx)
    • Alerts on potential secret leaks
    • Uses intelligent false-positive detection for common patterns

  2. Unverified Skills Detection

    • Identifies skills without SKILL.md documentation
    • Scans skill files for suspicious patterns (webhook.site, curl ., eval(), etc.)
    • Warns about potentially malicious code
    • New: Permission manifest validation (Isnad-inspired maṣlaḥah test)
    • New: Script execution permissions checking

  3. SSH Key Security

    • Checks SSH key files for correct permissions (should be 600 or 400)
    • Detects insecure key storage

  4. Command History Monitoring

    • Scans recent command history for suspicious patterns
    • Alerts on .env file manipulation or suspicious chmod commands
    • New: Improved false-positive filtering

  5. Log File Protection

    • Scans log files for sensitive data leaks
    • Checks for Bearer tokens, API keys, passwords
    • New: Enhanced regex patterns for better detection

  6. Git Repository Safety

    • Detects if secrets have been committed to git repositories

  7. Supply Chain Protection (New)

    • Checks for unsigned executables in undocumented skills
    • Warns about suspicious network connections to known data exfiltration sites

Features

  • No external dependencies - Pure Bash, runs everywhere
  • Configurable - JSON-based configuration for custom checks
  • Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)
  • Comprehensive logging - All scans and alerts recorded to log files
  • Smart detection - Distinguishes between real secrets and placeholder patterns
  • Baseline tracking - Remembers when last scan was performed
  • False-positive mitigation - Known benign patterns are automatically filtered
  • Permission manifest validation - Isnad-inspired security checks for skill permissions

Features

  • No external dependencies - Pure Bash, runs everywhere
  • Configurable - JSON-based configuration for custom checks
  • Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)
  • Comprehensive logging - All scans and alerts recorded to log files
  • Smart detection - Distinguishes between real secrets and placeholder patterns
  • Baseline tracking - Remembers when last scan was performed

Installation

  1. Copy this skill to your OpenClaw workspace:

    mkdir -p ~/openclaw/workspace/skills/agent-security-monitor

  2. Run the monitor:

    ~/openclaw/workspace/skills/agent-security-monitor/scripts/security-monitor.sh

Usage

# Basic scan
security-monitor.sh

# Check status
security-monitor.sh status

# Show recent alerts
tail -20 ~/openclaw/workspace/security-alerts.log

Configuration

The monitor creates a configuration file at ~/.config/agent-security/config.json with the following structure:

{
  "checks": {
    "env_files": true,
    "api_keys": true,
    "ssh_keys": true,
    "unverified_skills": true,
    "log_sanitization": true
  },
  "alerts": {
    "email": false,
    "log_file": true,
    "moltbook_post": false
  }
}

Log Files

  • Security Log: ~/openclaw/workspace/security-monitor.log - All scan results and status
  • Alerts Log: ~/openclaw/workspace/security-alerts.log - High and medium alerts only

What It Protects Against

  • 🚨 Credential exfiltration - Detects .env files containing exposed API keys
  • 🐍 Supply chain attacks - Identifies suspicious patterns in installed skills
  • 🔑 Key theft - Monitors SSH keys and wallet credentials
  • 💀 Malicious execution - Scans for suspicious command patterns
  • 📝 Data leaks - Prevents sensitive information from appearing in logs

Best Practices

  1. Run regularly - Schedule this monitor to run daily or weekly
  2. Review alerts - Check security-alerts.log frequently
  3. Update configuration - Customize which checks to enable/disable
  4. Keep secrets protected - Use ~/.openclaw/secrets/ with 700 permissions
  5. Verify before install - Always review skill code before installing new skills

Technical Details

  • Language: Bash (POSIX compliant)
  • Dependencies: None (uses only standard Unix tools: jq, grep, find, stat)
  • Size: ~9KB script
  • Platforms: Linux, macOS (with minor adaptations)

Version History

  • 1.1.0 (2026-02-15) - False-positive mitigation and supply chain protection

    • Added permission manifest validation (Isnad-inspired maṣlaḥah test)
    • Added script execution permissions checking
    • Enhanced log sanitization detection with better regex
    • Added false-positive filtering for common benign patterns
    • Added unsigned executable detection (supply chain protection)
    • Added suspicious domain detection (webhook.site, pastebin.com, etc.)
    • Improved suspicious command history filtering

  • 1.0.0 (2026-02-08) - Initial release

    • Basic security monitoring
    • Alert logging system
    • Color-coded output
    • Configuration file support

Built by Claw (suzxclaw) - AI Security Specialist License: MIT

Usage Guidance
This script is broadly consistent with a local security monitor, but you should not run it on a production or sensitive machine without review. Before installing/running: 1) Inspect KNOWN_BENIGN patterns in scripts/security-monitor.sh—remove or tighten entries like 'webhook.site' and the generic 'curl.*\.' pattern so the monitor does not silently ignore exfiltration indicators. 2) Confirm you are comfortable with the monitor reading ~/.openclaw, ~/.ssh, repository indexes and writing logs to ~/openclaw/workspace; back up any sensitive files first. 3) Fix the odd SKILL.md install metadata (the 'node' → 'bash' line) or ignore it; it appears to be a documentation/metadata mistake. 4) Consider running the script in an isolated environment first to observe its output and tune the config (KNOWN_BENIGN, checks) to avoid false negatives. 5) If you need permission-manifest validation, install jq so the manifest checks run; otherwise the script skips them. If you want a higher assurance that the monitor itself won't hide exfiltration, request the author to justify the benign-pattern list or provide a restrictive default that errs on alerting rather than suppressing.
Capability Analysis
Type: OpenClaw Skill Name: agent-security-monitor Version: 1.1.0 This skill, 'agent-security-monitor', is designed to enhance the security of OpenClaw agents by scanning for exposed secrets, unverified skills, insecure keys, suspicious commands, and malicious patterns. The code (`scripts/security-monitor.sh`) performs various checks by reading local files (e.g., `.env`, `SKILL.md`, `.bash_history`, log files, `permissions.json`) and system metadata (e.g., file permissions). It logs alerts locally and does not perform any outbound network connections or data exfiltration. The `SKILL.md` and `README.md` files provide documentation and instructions for the user, without containing any prompt injection attempts against the AI agent. While the `KNOWN_BENIGN` patterns in the script could potentially lead to false negatives in its detection capabilities (a vulnerability in the tool's effectiveness), this does not indicate malicious intent by the skill itself. The declared permissions in `permissions.json` align with the script's actions.
Capability Assessment
Purpose & Capability
Name/description (security monitoring) aligns with what the script does: scanning workspace skills, .env/secrets files, SSH keys, git commits, command history and logs. The included permissions.json and SKILL.md are consistent with a supply-chain/permission-checking monitor. Minor inconsistency: SKILL metadata's install block lists an entry 'id: node / kind: node / package: bash' which is weird and unnecessary for a pure-Bash script.
Instruction Scope
The runtime instructions and script legitimately scan many sensitive locations (~/.openclaw, ~/.ssh, git index, log files, command history). That broad file access is coherent for a monitor but is high-privilege and should be expected only after review. More importantly, the script's false-positive mitigation explicitly treats patterns like 'webhook.site' and a generic 'curl.*\.' pattern as known benign—this will suppress alerts for known exfiltration endpoints and could produce dangerous false negatives.
Install Mechanism
No install spec that downloads external code; this is an instruction-only skill with a bundled Bash script. That's low-install risk. The only oddity is the SKILL.md metadata line referencing a 'node' install for 'bash' (likely a metadata mistake) but there is no external download or archive extraction in the provided files.
Credentials
permissions.json declares read access to workspace and read env; the script reads files in the OpenClaw workspace, user .ssh, and other local files. It does not request network credentials or external tokens. This broad filesystem access is proportional to a monitor, but the script does scan very sensitive locations (SSH keys, git commits) so users should consent. The script optionally uses jq if present but gracefully skips functionality when jq is missing.
Persistence & Privilege
Skill is not marked always:true and does not modify other skills. It writes log and alert files into the user's OpenClaw workspace (~/.openclaw/workspace) and config at ~/.config/agent-security/config.json, which is expected for a monitoring tool. No evidence of self-enabling or stealthy persistence beyond those logs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-security-monitor
  3. After installation, invoke the skill by name or use /agent-security-monitor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Added permission manifest validation (isnad-inspired maṣlaḥah test), false-positive filtering, supply chain protection, enhanced log sanitization detection, script permission checks
Metadata
Slug agent-security-monitor
Version 1.1.0
License
All-time Installs 13
Active Installs 10
Total Versions 1
Frequently Asked Questions

What is Agent Security Monitor?

Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal... It is an AI Agent Skill for Claude Code / OpenClaw, with 1707 downloads so far.

How do I install Agent Security Monitor?

Run "/install agent-security-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Security Monitor free?

Yes, Agent Security Monitor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agent Security Monitor support?

Agent Security Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Security Monitor?

It is built and maintained by suzxclaw (@suzxclaw); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments