← 返回 Skills 市场

Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS)

Name: Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS)
Author: netkr

作者 netkrxn · GitHub ↗ · v1.2.0 · MIT-0

cross-platform ✓ 安全检测通过

160

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mini-hids

功能描述

Real-time Linux log monitoring and AI-assisted detection of brute force attacks, web attacks, and webshells with automated IP blocking and whitelist support.

安全使用建议

This skill appears coherent with its stated purpose, but take these precautions before installing or running it: 1) Review the included Python source yourself (or have a trusted reviewer do so) before running, because the code will execute on your host and may be run as root for firewall/log access. 2) Run initially in a safe environment (staging VM) and test with non-privileged settings (use a non-root firewall simulator or disable automatic banning) to confirm detection/false-positive behavior. 3) If you plan to enable the MCP server, only allow trusted local clients — MCP tools can ban/unban IPs. 4) Back up your firewall rules and whitelist your management IPs to avoid accidental lockout. 5) Prefer to obtain the project directly from the upstream GitHub link referenced in SKILL.md and verify the repository/commit history rather than relying solely on the registry package entry. If you want additional assurance, request provenance (upstream repository URL, release tag, or maintainer identity) and a quick audit of the last 100 lines of mini_hids.py (the provided copy was truncated) so I can re-check for any remaining unexpected behavior.

能力评估

✓ Purpose & Capability

Name/description, SKILL.md, README, and the Python modules are consistent: the project tails auth/web logs, runs regex-based detection, scans web roots for webshell patterns, persists bans in SQLite, and applies bans via iptables/nft/fail2ban. Required binaries/envs listed as none in registry are acceptable because the code detects firewall binaries at runtime; nothing requested is unrelated to the stated HIDS purpose.

ℹ Instruction Scope

SKILL.md and the code instruct the agent/operator to run the daemon and/or MCP server and to edit config.json. The runtime behavior is limited to local filesystem access (logs, web roots, /proc), SQLite and alert log writes, and invoking local firewall binaries. The MCP server exposes ban/unban and status tools — this is expected for an agent-callable HIDS, but it means any MCP client with access is privileged and can trigger firewall changes; the documentation itself warns about treating MCP clients as privileged.

ℹ Install Mechanism

There is no install spec (instruction-only for packaging), but the repository includes runnable Python scripts. This lowers supply-chain risk compared to arbitrary downloads, but running the included code — especially with sudo — still executes third-party code on the host. The SKILL.md references a GitHub repo URL; the registry 'source' is unknown and no package signing or release verification is provided.

✓ Credentials

The skill requests no environment variables or external credentials. It does require access to local logs, firewall binaries, and (for enforcement) root privileges; those are proportionate to a host-based intrusion detection and blocking tool. There is no evidence of network exfiltration or unrelated credential access in the source.

ℹ Persistence & Privilege

The skill does not set always:true and uses normal agent invocation. However, the MCP stdio server exposes tools that can perform privileged actions (ban/unban). That is expected, but when integrated into an agent environment you must ensure only trusted MCP clients can connect; otherwise an agent (or a compromised client) can apply firewall changes.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mini-hids
安装完成后，直接呼叫该 Skill 的名称或使用 /mini-hids 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.0

**v1.2.0 summary:** Major release adds agent-friendly MCP server and improves automation/documentation for small server use. - Added `mcp_server.py`, providing a local MCP server so AI agents and tools can call Mini-HIDS directly. - Included sample MCP config for Claude Desktop in `examples/claude_desktop_mcp.json`. - Added LLM-oriented code/project map in `llms.txt`. - Introduced visual architecture diagrams: `mini-hids-flow.svg` and `mini-hids-flow-zh.svg`. - Expanded and restructured documentation to cover MCP integration, AI agent workflows, and practical deployment. - All previous runtime and detection improvements remain; see the new architecture and feature summary for details.

v1.1.0

Version 1.1.0 (mini-hids) - Introduced proper loading and merging of config.json with built-in defaults; users should now edit config.json. - Daemon and CLI now fully share configuration, database, and firewall logic. - Improved detection of the firewall backend, including accurate nftables recognition. - Ban and unban operations are now idempotent, avoiding redundant firewall rules and ensuring database/path consistency. - The daemon checks for ban expiry more frequently, with expired blacklist records cleaned up automatically. - All runtime files (blacklist.db, hids_alert.log, mini_hids.pid) are now consistently created in the project directory if given relative paths.

v1.0.6

### mini-hids v1.0.6 Changelog - Added new file: `hids_common.py` to the project. - This update lays groundwork for shared functionality between modules or clarifies code organization.

v1.0.5

-Security & Privacy Declaration To ensure effective host protection, this project operates with the following security considerations: Privileged Access: Elevated (root) permissions are required to monitor /var/log/* and execute firewall commands (iptables/nftables) for threat mitigation. Data Transmission: Security logs are only transmitted to the remote LLM endpoint if AI analysis is enabled by the user. Credential Safety: It is highly recommended to use environment variables for API keys. Avoid hardcoding sensitive information directly into source files Transparency: This is an open-source tool licensed under MIT-0; users are encouraged to audit the source code before deployment. - Added new CLI tool: `hids_cli.py` for agent calls and command-line management. - Updated documentation to reflect C/S architecture and usage of the CLI tool for actions such as status checks, alert retrieval, and manual IP ban/unban. - Introduced detailed instructions and examples for using both the background daemon (`mini_hids.py`) and the CLI tool. - Enhanced feature list and setup guidance to highlight command-line interface integration and dual-plane design.

v1.0.4

Security & Privacy Declaration To ensure effective host protection, this project operates with the following security considerations: Privileged Access: Elevated (root) permissions are required to monitor /var/log/* and execute firewall commands (iptables/nftables) for threat mitigation. Data Transmission: Security logs are only transmitted to the remote LLM endpoint if AI analysis is enabled by the user. Credential Safety: It is highly recommended to use environment variables for API keys. Avoid hardcoding sensitive information directly into source files. Transparency: This is an open-source tool licensed under MIT-0; users are encouraged to audit the source code before deployment.

v1.0.3

- Documentation update only; no changes to code or functionality. - SKILL.md was updated for clarity and detail, with no adjustments to configuration or logic. -Security Statement This skill requires root privileges to perform core security functions, including firewall rule management and system log analysis. All data processing is executed locally, and AI analysis is conducted through the user-defined LLM endpoint. Users are advised to manage their API credentials securely.

v1.0.2

- Improved documentation with a new project overview and a direct link to the GitHub repository. - Enhanced feature summary emphasizing AI-driven detection and automated response. - Restructured and clarified introduction and key feature sections for better readability. - No code or logic changes; documentation update only.

v1.0.1

- Added a new "Security and Permissions" section to clarify root privileges, API key handling, and accessed system paths. - Explained why root access is required for firewall management and log reading. - Recommended using environment variables for API key storage to improve security. - Listed specific log and system paths accessed for better transparency. - No code or behavioral changes; documentation update only.

v1.0.0

Implement an automated agent to monitor firewall logs and network traffic for enhanced server protection.

元数据

Slug mini-hids

版本 1.2.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 9

常见问题

Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS) 是什么？

Real-time Linux log monitoring and AI-assisted detection of brute force attacks, web attacks, and webshells with automated IP blocking and whitelist support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 160 次。

如何安装 Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS)？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mini-hids」即可一键安装，无需额外配置。

Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS) 是免费的吗？

是的，Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS) 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS) 支持哪些平台？

Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS) 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS)？

由 netkrxn（@netkr）开发并维护，当前版本 v1.2.0。