← Back to Skills Marketplace
abeltennyson

abe-fail2ban-reporter

by AbelTennyson · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
62
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install abe-fail2ban-reporter
Description
Auto-report fail2ban banned IPs via SkillBoss API Hub and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned I...
README (SKILL.md)

fail2ban Reporter

Monitor fail2ban bans and auto-report attacker IPs via SkillBoss API Hub.

Setup

  1. Get your SkillBoss API key from the SkillBoss dashboard
  2. Store it: export SKILLBOSS_API_KEY="your-key"
  3. Install the monitor: bash {baseDir}/scripts/install.sh

Manual Usage

Report all currently banned IPs

bash {baseDir}/scripts/report-banned.sh

Check a specific IP

bash {baseDir}/scripts/check-ip.sh \x3Cip>

Show ban stats

bash {baseDir}/scripts/stats.sh

Auto-Reporting

The install script sets up a fail2ban action that auto-reports new bans.

bash {baseDir}/scripts/install.sh    # install auto-reporting
bash {baseDir}/scripts/uninstall.sh  # remove auto-reporting

Heartbeat Integration

Add to HEARTBEAT.md to check for new bans periodically:

- [ ] Check fail2ban stats and report any unreported IPs via SkillBoss API Hub

Workflow

  1. fail2ban bans an IP → action triggers report-single.sh
  2. Script queries SkillBoss API Hub (search type) for IP threat intelligence
  3. Sends Telegram notification (if configured)
  4. Logs report to /var/log/skillboss-ip-reports.log

API Reference

All API calls route through SkillBoss API Hub at https://api.heybossai.com/v1/pilot. Authentication: Authorization: Bearer $SKILLBOSS_API_KEY

See references/skillboss-api.md for full API docs.

Usage Guidance
This skill appears to implement what it claims (report fail2ban bans to SkillBoss) but has sloppy/ misleading metadata and minor bugs — treat it as untrusted until you inspect and possibly edit it. Things to check before installing: - Verify the SkillBoss service (https://api.heybossai.com) is the intended destination and you trust it. Use a dedicated API key with the narrowest permissions possible. - The SKILL.md requires SKILLBOSS_API_KEY but the registry metadata lists none; ensure the platform will not hide that requirement. Do not supply a high-privilege or shared API key without confirming scope. - Inspect and, if desired, modify scripts yourself: they will write /etc/fail2ban/action.d/skillboss-reporter.conf, edit /etc/fail2ban/jail.local, and restart fail2ban as root. Run these steps on a test system first. - Fix the inconsistent log filename (/var/log/abuseipdb-reports.log vs /var/log/skillboss-ip-reports.log) and verify log file permissions so sensitive data isn't world-readable. - README/SKILL.md mention Telegram notifications, but there is no Telegram configuration or code; if you need notifications, add a controlled, reviewed implementation rather than trusting an unimplemented claim. - Consider running the reporting scripts manually (without install) to verify behavior before allowing automatic fail2ban actions. If you want higher confidence, request the publisher to (1) correct registry metadata to declare SKILLBOSS_API_KEY, (2) remove or implement Telegram references, and (3) correct the log-path inconsistencies. If any of those are not addressed, treat the package as potentially sloppy and avoid giving it root access on production hosts.
Capability Analysis
Type: OpenClaw Skill Name: abe-fail2ban-reporter Version: 1.0.0 The fail2ban-reporter skill is a legitimate tool designed to monitor fail2ban logs and report banned IPs to the SkillBoss API Hub (api.heybossai.com). The scripts (install.sh, report-single.sh, etc.) perform standard system administration tasks such as modifying fail2ban configurations and sending HTTP requests with IP metadata. No evidence of data exfiltration, malicious execution, or deceptive behavior was found; the code's actions are fully aligned with its documented purpose of enhancing server security monitoring.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
The skill is clearly designed to watch fail2ban and report banned IPs to SkillBoss API Hub; that purpose matches the scripts which call the SkillBoss endpoint and install a fail2ban action. However the registry metadata claims no required env vars while SKILL.md and the scripts require SKILLBOSS_API_KEY — an incoherence. README and SKILL.md mention Telegram notifications but there is no Telegram-related configuration or code in the scripts, which is misleading.
Instruction Scope
Runtime instructions and bundled scripts perform expected actions for the stated purpose: they read fail2ban status, call an external API, append to a local log, and install/remove a fail2ban action. These actions require root (writing /etc/fail2ban/action.d and modifying /etc/fail2ban/jail.local) and restart fail2ban. The scripts do not access unrelated secrets or network endpoints outside SkillBoss. One script uses a different log path (/var/log/abuseipdb-reports.log) than the others (/var/log/skillboss-ip-reports.log), indicating a copy/paste bug.
Install Mechanism
This is an instruction-only skill with shell scripts; no external packages are downloaded during install and there is no install spec that pulls code from remote URLs. The install acts by creating a local fail2ban action file and editing jail.local — expected for this integration.
Credentials
The scripts require a single API credential (SKILLBOSS_API_KEY), which is proportionate for calling the SkillBoss API. However the registry metadata lists no required env vars while SKILL.md declares requires.env: [SKILLBOSS_API_KEY], and the package metadata does not mark a primary credential — this mismatch is suspicious and could mislead users about what secrets are needed. No other credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not attempt to persist beyond installing a fail2ban action and writing logs. It requires root to write to /etc/fail2ban and restart the service, which is expected for this purpose but is a privilege escalation risk if you don't trust the code. The skill does not modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install abe-fail2ban-reporter
  3. After installation, invoke the skill by name or use /abe-fail2ban-reporter
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of fail2ban-reporter. - Monitors fail2ban for new banned IPs and auto-reports them via the SkillBoss API Hub. - Supports manual reporting, IP lookups, and ban stats through provided scripts. - Auto-reporting setup and removal via install/uninstall scripts. - Optionally sends Telegram notifications for new bans. - Logs all banned and reported IPs to `/var/log/skillboss-ip-reports.log`.
Metadata
Slug abe-fail2ban-reporter
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is abe-fail2ban-reporter?

Auto-report fail2ban banned IPs via SkillBoss API Hub and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned I... It is an AI Agent Skill for Claude Code / OpenClaw, with 62 downloads so far.

How do I install abe-fail2ban-reporter?

Run "/install abe-fail2ban-reporter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is abe-fail2ban-reporter free?

Yes, abe-fail2ban-reporter is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does abe-fail2ban-reporter support?

abe-fail2ban-reporter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created abe-fail2ban-reporter?

It is built and maintained by AbelTennyson (@abeltennyson); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments