← Back to Skills Marketplace
Anomaly Watcher
by
Adnane Arharbi
· GitHub ↗
· v1.0.0
· MIT-0
103
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install anomaly-watcher
Description
Continuous behavioral monitoring for OpenClaw agents. Detect anomalies in command patterns, resource usage, and skill invocations against established baselines.
README (SKILL.md)
Anomaly Watcher — Behavioral Baseline Monitor
Purpose
Establish a behavioral baseline for the agent and continuously monitor for deviations that may indicate compromise, misconfiguration, or abuse.
Integration
Always-on monitoring via hooks:
PostToolUse— log every tool invocationUserPromptSubmit— log input patternsPostSkillExecution— log skill results
Monitored Metrics
| Metric | Baseline Unit | Alert Threshold |
|---|---|---|
| Command exec frequency | per hour | >2σ from 7-day avg |
| File access patterns | unique paths/hour | >2σ |
| Network request volume | requests/hour | >2σ |
| Skill invocation frequency | per skill per hour | >2σ |
| Token consumption rate | tokens/hour | >2σ |
| Error rate | errors/hour | >2σ |
| Memory write patterns | writes/hour | >2σ |
| Cross-session messages | messages/hour | >2σ |
| New file creation rate | files/hour | >2σ |
| Unique external domains | domains/hour | >2σ |
Anomaly Detection Algorithm
- Collect — append each action to
.security/baseline/metrics.jsonl - Baseline — rolling 7-day average and standard deviation per metric
- Compare — current window (1 hour) vs baseline
- Classify:
NORMAL— within 1σELEVATED— between 1σ and 2σANOMALOUS— between 2σ and 3σCRITICAL— above 3σ or matches known attack signature
- Alert — based on classification
Alert Actions
| Classification | Action |
|---|---|
| NORMAL | No action |
| ELEVATED | Log to anomaly.jsonl |
| ANOMALOUS | Log + notify human via preferred channel |
| CRITICAL | Log + notify + recommend pause (human decides) |
Known Attack Signatures
- Sudden spike in file reads across many directories → possible reconnaissance
- Outbound to new external domain + high data volume → possible exfiltration
- Rapid skill installs from ClawHub → possible supply chain attack
- Memory writes with encoded content → possible persistence attempt
Guardrails
- Monitoring is strictly read-only — never modifies agent behavior
- Baseline calibration requires minimum 48 hours of data
- False positives are tracked in
.security/false-positives.jsonl - Baseline resets require human approval
- The watcher itself has no network access (local analysis only)
Usage Guidance
This skill generally does what its name claims, but it will persist detailed telemetry (including user prompts and token/interaction metrics) into .security/ files. Before installing: 1) Decide whether you are comfortable with local disk logging of prompts and interaction metrics; these can contain secrets. 2) If you proceed, ensure the .security directory has strict filesystem permissions and is excluded from backups/remote telemetry. 3) Require prompt/PII redaction in whatever supplies recordMetric events (or modify the skill to redact before writing). 4) Verify how 'notify human' is implemented (SKILL.md mentions notifications but the code is local-only); confirm there are no hidden network calls in the truncated portion of the file. 5) Expect baseline calibration to need ~48 hours of safe, representative data; test in a non-production environment first. If you need help, ask the author to: add explicit redaction, require human approval/confirmation hooks for baseline reset and notifications, and document exactly what event fields will be logged.
Capability Assessment
Purpose & Capability
Name/description align with the code and SKILL.md: the skill collects metrics, computes baselines, and flags anomalies. However, SKILL.md promises hook integration (PostToolUse, UserPromptSubmit, PostSkillExecution) and 'no network access' while also saying it will 'notify human via preferred channel' — a functional mismatch. The set of metrics (including user prompts, tokens, memory writes) is plausible for an anomaly monitor but is broader and more privacy-sensitive than a minimal monitor.
Instruction Scope
Instructions and code write detailed telemetry to .security/* (metrics.jsonl, anomalies.jsonl, false-positives.jsonl). SKILL.md explicitly lists logging UserPromptSubmit (user input patterns) and token consumption — which can contain sensitive secrets. The code exposes a generic recordMetric API that will store arbitrary 'details' provided by callers, so integration could cause sensitive prompt contents or credentials to be persisted. SKILL.md also claims guardrails (read-only, baseline reset requires human approval) and notification behavior that the provided code does not fully enforce or implement.
Install Mechanism
No install spec and no external downloads; the skill is delivered as code files only and relies on standard Node fs/path. This is lower risk than remote installers. No unusual binaries or install actions are present.
Credentials
The skill requests no environment variables or credentials (good). However, it is designed to record metrics such as 'token consumption' and 'user prompts' that could reveal secrets; the lack of explicit redaction or exclusion rules means the absence of env/credential requests does not eliminate the risk of sensitive data being captured via events.
Persistence & Privilege
always is false and the skill does not request system-wide configuration or other skills' secrets. It writes files only under targetDir/.security, which is confined but persistent on disk. The skill does not appear to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install anomaly-watcher - After installation, invoke the skill by name or use
/anomaly-watcher - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of anomaly-watcher: Always-on behavioral monitoring for OpenClaw agents.
- Establishes rolling behavioral baselines for key agent metrics (commands, files, network, skills, etc.).
- Detects and classifies anomalies using statistical deviation from a 7-day average.
- Alerts are logged and escalated based on severity (NORMAL, ELEVATED, ANOMALOUS, CRITICAL).
- Monitors for known attack signatures (recon, exfiltration, supply chain, persistence).
- Strictly read-only: never modifies agent behavior or requires network access.
Metadata
Frequently Asked Questions
What is Anomaly Watcher?
Continuous behavioral monitoring for OpenClaw agents. Detect anomalies in command patterns, resource usage, and skill invocations against established baselines. It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.
How do I install Anomaly Watcher?
Run "/install anomaly-watcher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Anomaly Watcher free?
Yes, Anomaly Watcher is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Anomaly Watcher support?
Anomaly Watcher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Anomaly Watcher?
It is built and maintained by Adnane Arharbi (@arhadnane); the current version is v1.0.0.
More Skills