Description

Security and threat scanning skill for OpenClaw agents. Scans files and skills for malware. Monitors agent behavior for compromise indicators. Audits host se...

README (SKILL.md)

Crusty Security — Security & Threat Scanning

Name: Crusty Security
Author: silentcool

Overview

Crusty Security protects OpenClaw agents against real threats: malware in downloaded files, compromised skills from ClawHub, data exfiltration, prompt injection payloads, and host-level compromise. It uses ClamAV for file scanning and AI-agent-specific static analysis.

Threat model: The agent itself is the attack surface. Prompt injection can lead to code execution. Malicious skills run with agent privileges. Crusty Security protects both the host AND the agent's integrity.

Quick Reference

Task	Command
Install ClamAV	`bash scripts/install_clamav.sh`
Scan a file	`bash scripts/scan_file.sh /path/to/file`
Scan a directory	`bash scripts/scan_file.sh -r /path/to/dir`
Audit a skill	`bash scripts/audit_skill.sh /path/to/skill/`
Host security audit	`bash scripts/host_audit.sh`
Monitor agent integrity	`bash scripts/monitor_agent.sh`
Generate security report	`bash scripts/generate_report.sh`

All scripts output JSON. All scripts support --help. All paths are relative to this skill directory.

Setup (First Run)

Run bash setup.sh — that's it. This will:

Install ClamAV if missing
Configure freshclam (macOS Homebrew fix)
Send initial heartbeat to dashboard (if CRUSTY_API_KEY set)
Run initial host audit + workspace scan (populates dashboard immediately)
Check which scheduled scans need to be created

⚠️ IMPORTANT — After setup.sh, you MUST create the cron jobs below using the OpenClaw cron tool. Setup.sh handles the bash-level installation, but cron jobs require agent-level tools. Do this immediately after first install — don't wait for the user to ask.

Required Cron Jobs (create on first install)

Check what's missing: bash scripts/check_crons.sh

Use the OpenClaw cron tool (cron add) to create these. Replace {SKILL_DIR} with the actual path to this skill directory and {WORKSPACE} with the workspace path (usually /data/workspace).

Name	Schedule	sessionTarget	Payload
`crusty-daily-scan`	cron `0 3 * * *`	main / systemEvent	`Run Crusty Security daily scan: bash {SKILL_DIR}/scripts/scan_file.sh --incremental -r {WORKSPACE} && bash {SKILL_DIR}/scripts/monitor_agent.sh`
`crusty-weekly-full`	cron `0 3 * * 0`	main / systemEvent	`Run Crusty Security weekly scan: bash {SKILL_DIR}/scripts/scan_file.sh -r {WORKSPACE} && bash {SKILL_DIR}/scripts/host_audit.sh && bash {SKILL_DIR}/scripts/generate_report.sh --output /tmp/crusty_logs/weekly_report.md`
`crusty-monthly-deep`	cron `0 4 1 * *`	main / systemEvent	`Run Crusty Security monthly deep audit: bash {SKILL_DIR}/scripts/host_audit.sh --deep`

Dashboard Cron Jobs (only if `CRUSTY_API_KEY` is set)

Name	Schedule	sessionTarget	Payload
`crusty-heartbeat`	every 300000ms (5 min)	main / systemEvent	`Crusty Security heartbeat: Run bash {SKILL_DIR}/scripts/dashboard.sh heartbeat`
`crusty-clawhub-sync`	every 43200000ms (12h)	isolated / agentTurn	`Run ClawHub security sync: python3 {SKILL_DIR}/scripts/clawhub_sync.py --push. Report any critical or high severity findings.`

Check cron list first — skip any that already exist (match by name prefix crusty-).

See references/setup.md for detailed configuration.

Dashboard Connection

If your human has configured CRUSTY_API_KEY, the skill sends scan results to the Crusty Security dashboard (crustysecurity.com):

Heartbeats are sent every 5 minutes automatically — keeps the dashboard showing agent status
Scan results are pushed when you add --push to scan commands
ClawHub sync sends skill inventory with python3 scripts/clawhub_sync.py --push
If CRUSTY_API_KEY is NOT set, everything works locally — no data is sent anywhere
The dashboard never connects TO the agent — data flows one way (agent → dashboard)

Scanning Workflows

File Scanning

Triggers: "scan this file", "is this safe", "check this download", "virus scan"

Run bash scripts/scan_file.sh \x3Cpath> for ClamAV local scan
Report results:
- ✅ Clean — "No threats detected. Scanned with ClamAV, signatures from [date]."
- ⚠️ Suspicious — "Low-confidence detection by ClamAV. Recommend quarantine for review."
- 🚨 Malicious — "Threat detected: [name]. Recommend quarantine. Options: quarantine, delete, or ignore."

For directories:

bash scripts/scan_file.sh -r /data/workspace      # Full recursive scan
bash scripts/scan_file.sh -r --incremental /data/workspace  # Skip unchanged files

Quarantine workflow:

bash scripts/scan_file.sh --quarantine /path/to/file   # Move to quarantine
# Quarantine location: $CRUSTY_QUARANTINE (default: /tmp/crusty_quarantine)
# Manifest: /tmp/crusty_quarantine/manifest.json

Important notes:

ClamAV prefers clamdscan (daemon) when available, falls back to clamscan
Max file size default: 200M (configurable via CRUSTY_MAX_FILE_SIZE)
Encrypted archives: flagged as "unscanned" — cannot inspect contents
Large archives: ClamAV handles zip, rar, 7z, tar, gz natively

Skill Auditing (Supply Chain Security)

Triggers: "audit this skill", "is this skill safe", "check skill security", "scan skill"

bash scripts/audit_skill.sh /path/to/skill/directory/

What it checks:

🔴 Critical: curl/wget piped to shell, reverse shell patterns, crypto mining indicators
🟠 High: eval/exec with dynamic input, base64 decode patterns, data exfiltration endpoints (webhook.site, ngrok, etc.), credential harvesting, binary executables, agent config modification
🟡 Medium: hidden files, system file access, hardcoded IPs, obfuscated code, persistence mechanisms (cron, systemd)
🔵 Low/Info: large skill size, credential references in docs

Output: Risk score (low/medium/high/critical) + detailed findings with evidence.

When to use:

Before installing any skill from ClawHub
When reviewing third-party skill contributions
Periodically on all installed skills: for d in /data/workspace/skills/*/; do bash scripts/audit_skill.sh "$d"; done

Host Security Audit

Triggers: "audit host", "security audit", "check host security"

bash scripts/host_audit.sh or bash scripts/host_audit.sh --deep

Checks:

Suspicious cron jobs (curl piping, base64, reverse shells)
Unexpected listening ports
Recently modified system files (deep mode)
SSH key audit (excessive keys, no-comment keys, root login)
Sensitive file permissions (world-writable /etc/passwd, etc.)
ClamAV signature freshness
openclaw security audit (if available)

Output: Posture score (0-100) + findings. Score deductions: critical (-25), high (-15), medium (-10), low (-5).

Agent Behavior Monitoring

Triggers: "check agent integrity", "monitor agent", "is the agent compromised"

bash scripts/monitor_agent.sh

What it checks:

Recent modifications to AGENTS.md, SOUL.md, MEMORY.md, TOOLS.md, USER.md
Memory file churn (>10 files modified = suspicious)
Unexpected cron jobs (anything not clawguard/freshclam/standard maintenance)
Suspicious outbound connections (IRC ports, backdoor ports, Tor)
Files created outside workspace (/tmp executables, home directory changes)
Suspicious processes (xmrig, nc -l, ncat, socat, chisel)
High CPU processes (>80% — potential miners)
Sensitive file exposure (.env files, world-readable SSH keys)

Output: Status (healthy / warnings_present / compromised_indicators) + findings.

Security Report Generation

Triggers: "security report", "threat report", "posture report"

bash scripts/generate_report.sh or bash scripts/generate_report.sh --days 30 --output report.md

Compiles all recent scan results into a markdown security posture report with:

Scan summary (total, clean, threats, errors)
Threat details with file paths and actions taken
Security posture score with emoji indicators
Recommendations (missing tools, scan schedules)

Automatic Scheduled Scanning

Cron jobs are defined in the Setup (First Run) section above. Create them immediately on first install using the OpenClaw cron tool.

To verify all crons are configured: bash scripts/check_crons.sh

False Positive Handling

ClamAV has moderate false positive rates. Strategy:

Single ClamAV detection, known safe source → Likely false positive. Log and skip.
ClamAV detection, unknown source → Quarantine and investigate.
ClamAV detection + skill audit findings → Real threat. Quarantine immediately.

To handle a false positive:

Submit to ClamAV: https://www.clamav.net/reports/fp
Document in scan logs for future reference

Quarantine Procedures

Location: $CRUSTY_QUARANTINE (default: /tmp/crusty_quarantine) Manifest: manifest.json in quarantine directory tracks original paths and timestamps.

# View quarantined files
cat /tmp/crusty_quarantine/manifest.json | python3 -m json.tool

# Restore a false positive
mv /tmp/crusty_quarantine/\x3Cfile> /original/path/

# Permanently delete
rm -rf /tmp/crusty_quarantine/*

Never use clamscan --remove. Always quarantine first, verify, then delete.

Offline Mode

Crusty Security works fully offline with reduced capability:

✅ ClamAV scanning (local signatures)
✅ Skill auditing (static analysis, no network needed)
✅ Host auditing (local checks)
✅ Agent monitoring (local checks)
⚠️ ClamAV signatures may be stale (check freshness in host audit)

Resource-Constrained Environments (Raspberry Pi)

For hosts with \x3C2GB RAM:

install_clamav.sh auto-detects low RAM and skips daemon mode
Use clamscan (on-demand) instead of clamd (daemon)
Use incremental scanning (--incremental) to reduce scan time
Skill auditing and agent monitoring have minimal resource requirements

For hosts with \x3C1GB RAM:

Consider skipping ClamAV entirely
Use skill auditing + agent monitoring only
These tools are shell/Python with negligible memory usage

Environment Variables

Variable	Default	Description
`CRUSTY_API_KEY`	(none)	Dashboard API key (`cg_live_...`)
`CRUSTY_DASHBOARD_URL`	`https://crustysecurity.com`	Dashboard URL
`CRUSTY_QUARANTINE`	`/tmp/crusty_quarantine`	Quarantine directory
`CRUSTY_LOG_DIR`	`/tmp/crusty_logs`	Scan log directory
`CRUSTY_MAX_FILE_SIZE`	`200M`	Max file size to scan
`CRUSTY_WORKSPACE`	auto-detected	Agent workspace path

Backwards compat: CLAWGUARD_* env vars are still supported but deprecated. Use CRUSTY_* going forward.

Incident Response

When a real threat is confirmed, see references/remediation.md for the full checklist. Quick summary:

Quarantine the file immediately
Assess scope — was it executed? Did it modify other files?
Check persistence — cron jobs, SSH keys, shell profiles, systemd services
Check exfiltration — outbound connections, DNS queries, API key usage
Rotate credentials if any were potentially exposed
Full scan — bash scripts/scan_file.sh -r /
Document the incident

Usage Guidance

Do not run setup.sh or create the recommended cron jobs on a production host until you review the code and configuration. Steps to evaluate safely: - Inspect setup.sh and install_clamav.sh locally (or in an isolated VM/container) to see exactly what they install and what system files they modify. Look for any network calls, downloads, or commands that create persistence beyond cron. - Review scripts that push data to the dashboard (dashboard.sh, clawhub_sync.py) to confirm what is sent. clawhub_sync.py computes file hashes and collects installed-skill paths; decide whether you are comfortable sharing that with crustysecurity.com. - Do not set CRUSTY_API_KEY (or CLAWGUARD_API_KEY) until you trust the dashboard operator. With a key set the skill will push heartbeats and results on a schedule. - Before granting scheduling privileges, examine the exact cron payloads the skill will create (use openclaw cron list / create steps manually). Avoid automated, immediate cron creation; create cron jobs manually after inspection if you accept them. - Because SKILL.md contains a prompt-injection pattern, treat the skill's instructions as potentially trying to influence agent behavior beyond the declared scope. Run the skill in an isolated environment first and monitor outbound network traffic while testing. - If you need on-host scanning only, consider running scan_file.sh and audit_skill.sh interactively (without enabling dashboard/API key or cron jobs) and verify outputs. If you want, I can: (1) highlight specific lines in setup.sh and install_clamav.sh for risky operations, (2) extract and summarize what the dashboard push payloads contain, or (3) produce safe, minimal cron payloads you can create manually.

Capability Analysis

Type: OpenClaw Skill Name: crusty-security Version: 0.1.4 The OpenClaw AgentSkills skill bundle 'crusty-security' is designed as a security and threat scanning tool. Its primary functions include file scanning with ClamAV, static analysis of other skills, host security auditing, and agent behavior monitoring. The skill explicitly documents its use of cron jobs for persistence (to ensure regular security scans and monitoring) and its optional integration with an external dashboard (crustysecurity.com) for centralized reporting, conditional on an API key. Data sent to the dashboard (heartbeats, scan results, skill inventory) is diagnostic and aligns with the stated purpose of a security product. The `SKILL.md` and `README.md` contain clear instructions to the agent on how to correctly configure these security features, including critical guidance on using `isolated` sessions for cron jobs to ensure reliable execution. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, covert backdoors, or self-exploitation. The scripts are designed to detect threats, not to perform them.

Capability Assessment

ℹ Purpose & Capability

The skill claims to perform local scanning, skill auditing, and agent monitoring and only declares minimal requirements (bash, python3). That aligns with the included scripts. However the SKILL.md and scripts reference an optional remote dashboard and several environment variables (CRUSTY_API_KEY, CLAWGUARD_*, CLAWGUARD_DATA_DIR, CRUSTY_QUARANTINE, etc.) even though the registry metadata declared no required env vars/credentials. The dashboard sync of installed-skill metadata and scan results is plausible for this product, but the missing declaration of the API key and inconsistent env-var naming (CRUSTY_* vs CLAWGUARD_*) is an incoherence and a transparency issue.

⚠ Instruction Scope

Runtime instructions direct the agent to run setup.sh which installs ClamAV, run many scripts, and to create cron jobs automatically. SKILL.md explicitly instructs the agent to 'do this immediately after first install — don't wait for the user to ask', and to automatically configure recurring cron jobs (including a 5-minute heartbeat and skill-sync). That grants the skill the ability to schedule persistent tasks and periodically push data to the remote dashboard if an API key is set. Additionally, a pre-scan detected a prompt-injection pattern (ignore-previous-instructions) in SKILL.md, which is a red flag for instruction-manipulation attempts. Even if the cron scheduling and pushes are within a security tool's scope, the instructions go beyond a passive helper and instruct autonomous configuration and regular outbound communications.

ℹ Install Mechanism

There is no formal install spec in the registry (instruction-only), but the package bundle contains multiple scripts (setup.sh, install_clamav.sh, and monitoring/audit scripts). That is not inherently malicious, but because setup.sh will install ClamAV and may modify system state, you should inspect setup.sh and install_clamav.sh before running. No suspicious external download URLs were flagged in the provided excerpts, but full install scripts were truncated in the listing — review them carefully before executing.

⚠ Credentials

Although the registry metadata lists no required env vars, the SKILL.md and scripts clearly reference several environment variables (CRUSTY_API_KEY, CRUSTY_DASHBOARD_URL, CLAWGUARD_* variants, CRUSTY_QUARANTINE, CLAWGUARD_WORKSPACE, etc.). The skill will push scan results, heartbeats, and skill-inventory data to a remote dashboard when an API key is present. Exporting an API key grants periodic outbound data transfer (including skill inventory, scan results, and possibly file path metadata). The discrepancy between declared and referenced env vars and inconsistent naming is an incoherence you should resolve before trusting the skill with credentials.

⚠ Persistence & Privilege

The skill recommends and automates creation of cron jobs that run regularly (every 5 minutes, daily, weekly, monthly) and a bi-daily ClawHub sync. These scheduled tasks create persistent behavior on the host (heartbeats, scans, syncs). While this is reasonable for a monitoring tool, SKILL.md's wording ('do this immediately... don't wait for the user to ask' and 'automatically configures recurring scans when your agent first uses the skill') indicates the skill intends to set up persistent scheduled work autonomously. That persistent presence combined with outbound dashboard sync increases the blast radius if the skill or dashboard is untrusted. The skill is not marked always:true, but it still asks to establish persistent cron jobs.

Version History

v0.1.4

crusty-security 0.1.4 - Renamed skill from "clawguard" to "crusty-security" with new versioning. - Updated all references, environment variables, and quarantine/log paths from "clawguard" to "crusty" for consistency. - Revised cron job instructions: now recommends `main/systemEvent` sessions except for specific dashboard jobs, simplifying setup and reducing potential execution failures. - Improved documentation for critical setup, scan workflows, skill audit, and reporting (see SKILL.md/README.md). - Fixed directory and file naming in scripts and documentation for clarity and reliability.

v0.1.3

Initial public release with complete host, file, and skill security automation: - Added full set of audit and scanning scripts for files, directories, skills, and host security. - Integrated ClamAV installation and scanning workflows. - Provided robust setup automation and comprehensive quick-start documentation. - Introduced agent integrity and supply chain audit (ClawHub sync) tooling. - Implemented dashboard integration and scheduled scan/report job recommendations. - Included detailed remediation, setup, and threat reference guides.

v0.1.1

- Removed the README.md file from the repository. - No changes to functionality or user experience.

v0.1.0

Initial release of Clawguard (formerly Crusty Security) — comprehensive threat scanning and security auditing skill for OpenClaw agents. - Scans files and directories for malware using ClamAV with agent-specific analysis. - Audits skills for signs of supply chain compromise and malicious behavior. - Monitors agent integrity and audits host security posture. - Provides setup scripts for quick installation and configuration, including cron jobs for scheduled and automatic scans. - Supports push integration with the Crusty Security dashboard if an API key is set; otherwise operates fully local. - Detailed documentation on workflows, quarantining, and advanced configuration included in SKILL.md.

Metadata

Slug crusty-security

Version 0.1.4

License —

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Crusty Security?

Security and threat scanning skill for OpenClaw agents. Scans files and skills for malware. Monitors agent behavior for compromise indicators. Audits host se... It is an AI Agent Skill for Claude Code / OpenClaw, with 643 downloads so far.

How do I install Crusty Security?

Run "/install crusty-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Crusty Security free?

Yes, Crusty Security is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Crusty Security support?

Crusty Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Crusty Security?

It is built and maintained by silentcool (@silentcool); the current version is v0.1.4.

More Skills

Crusty Security