← 返回 Skills 市场
Anomaly Watcher
作者
Adnane Arharbi
· GitHub ↗
· v1.0.0
· MIT-0
103
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install anomaly-watcher
功能描述
Continuous behavioral monitoring for OpenClaw agents. Detect anomalies in command patterns, resource usage, and skill invocations against established baselines.
使用说明 (SKILL.md)
Anomaly Watcher — Behavioral Baseline Monitor
Purpose
Establish a behavioral baseline for the agent and continuously monitor for deviations that may indicate compromise, misconfiguration, or abuse.
Integration
Always-on monitoring via hooks:
PostToolUse— log every tool invocationUserPromptSubmit— log input patternsPostSkillExecution— log skill results
Monitored Metrics
| Metric | Baseline Unit | Alert Threshold |
|---|---|---|
| Command exec frequency | per hour | >2σ from 7-day avg |
| File access patterns | unique paths/hour | >2σ |
| Network request volume | requests/hour | >2σ |
| Skill invocation frequency | per skill per hour | >2σ |
| Token consumption rate | tokens/hour | >2σ |
| Error rate | errors/hour | >2σ |
| Memory write patterns | writes/hour | >2σ |
| Cross-session messages | messages/hour | >2σ |
| New file creation rate | files/hour | >2σ |
| Unique external domains | domains/hour | >2σ |
Anomaly Detection Algorithm
- Collect — append each action to
.security/baseline/metrics.jsonl - Baseline — rolling 7-day average and standard deviation per metric
- Compare — current window (1 hour) vs baseline
- Classify:
NORMAL— within 1σELEVATED— between 1σ and 2σANOMALOUS— between 2σ and 3σCRITICAL— above 3σ or matches known attack signature
- Alert — based on classification
Alert Actions
| Classification | Action |
|---|---|
| NORMAL | No action |
| ELEVATED | Log to anomaly.jsonl |
| ANOMALOUS | Log + notify human via preferred channel |
| CRITICAL | Log + notify + recommend pause (human decides) |
Known Attack Signatures
- Sudden spike in file reads across many directories → possible reconnaissance
- Outbound to new external domain + high data volume → possible exfiltration
- Rapid skill installs from ClawHub → possible supply chain attack
- Memory writes with encoded content → possible persistence attempt
Guardrails
- Monitoring is strictly read-only — never modifies agent behavior
- Baseline calibration requires minimum 48 hours of data
- False positives are tracked in
.security/false-positives.jsonl - Baseline resets require human approval
- The watcher itself has no network access (local analysis only)
安全使用建议
This skill generally does what its name claims, but it will persist detailed telemetry (including user prompts and token/interaction metrics) into .security/ files. Before installing: 1) Decide whether you are comfortable with local disk logging of prompts and interaction metrics; these can contain secrets. 2) If you proceed, ensure the .security directory has strict filesystem permissions and is excluded from backups/remote telemetry. 3) Require prompt/PII redaction in whatever supplies recordMetric events (or modify the skill to redact before writing). 4) Verify how 'notify human' is implemented (SKILL.md mentions notifications but the code is local-only); confirm there are no hidden network calls in the truncated portion of the file. 5) Expect baseline calibration to need ~48 hours of safe, representative data; test in a non-production environment first. If you need help, ask the author to: add explicit redaction, require human approval/confirmation hooks for baseline reset and notifications, and document exactly what event fields will be logged.
能力评估
Purpose & Capability
Name/description align with the code and SKILL.md: the skill collects metrics, computes baselines, and flags anomalies. However, SKILL.md promises hook integration (PostToolUse, UserPromptSubmit, PostSkillExecution) and 'no network access' while also saying it will 'notify human via preferred channel' — a functional mismatch. The set of metrics (including user prompts, tokens, memory writes) is plausible for an anomaly monitor but is broader and more privacy-sensitive than a minimal monitor.
Instruction Scope
Instructions and code write detailed telemetry to .security/* (metrics.jsonl, anomalies.jsonl, false-positives.jsonl). SKILL.md explicitly lists logging UserPromptSubmit (user input patterns) and token consumption — which can contain sensitive secrets. The code exposes a generic recordMetric API that will store arbitrary 'details' provided by callers, so integration could cause sensitive prompt contents or credentials to be persisted. SKILL.md also claims guardrails (read-only, baseline reset requires human approval) and notification behavior that the provided code does not fully enforce or implement.
Install Mechanism
No install spec and no external downloads; the skill is delivered as code files only and relies on standard Node fs/path. This is lower risk than remote installers. No unusual binaries or install actions are present.
Credentials
The skill requests no environment variables or credentials (good). However, it is designed to record metrics such as 'token consumption' and 'user prompts' that could reveal secrets; the lack of explicit redaction or exclusion rules means the absence of env/credential requests does not eliminate the risk of sensitive data being captured via events.
Persistence & Privilege
always is false and the skill does not request system-wide configuration or other skills' secrets. It writes files only under targetDir/.security, which is confined but persistent on disk. The skill does not appear to modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install anomaly-watcher - 安装完成后,直接呼叫该 Skill 的名称或使用
/anomaly-watcher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of anomaly-watcher: Always-on behavioral monitoring for OpenClaw agents.
- Establishes rolling behavioral baselines for key agent metrics (commands, files, network, skills, etc.).
- Detects and classifies anomalies using statistical deviation from a 7-day average.
- Alerts are logged and escalated based on severity (NORMAL, ELEVATED, ANOMALOUS, CRITICAL).
- Monitors for known attack signatures (recon, exfiltration, supply chain, persistence).
- Strictly read-only: never modifies agent behavior or requires network access.
元数据
常见问题
Anomaly Watcher 是什么?
Continuous behavioral monitoring for OpenClaw agents. Detect anomalies in command patterns, resource usage, and skill invocations against established baselines. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 103 次。
如何安装 Anomaly Watcher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install anomaly-watcher」即可一键安装,无需额外配置。
Anomaly Watcher 是免费的吗?
是的,Anomaly Watcher 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Anomaly Watcher 支持哪些平台?
Anomaly Watcher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Anomaly Watcher?
由 Adnane Arharbi(@arhadnane)开发并维护,当前版本 v1.0.0。
推荐 Skills