← Back to Skills Marketplace
jestersimpps

fail2ban Reporter

by jester · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2543
Downloads
1
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install fail2ban-reporter
Description
Auto-report fail2ban banned IPs to AbuseIPDB and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned IPs. Watches fail2ban for new bans, reports them to AbuseIPDB, and sends alerts.
README (SKILL.md)

fail2ban Reporter

Monitor fail2ban bans and auto-report attackers to AbuseIPDB.

Setup

  1. Get a free AbuseIPDB API key at https://www.abuseipdb.com/account/api
  2. Store it: pass insert abuseipdb/api-key
  3. Install the monitor: bash {baseDir}/scripts/install.sh

Manual Usage

Report all currently banned IPs

bash {baseDir}/scripts/report-banned.sh

Check a specific IP

bash {baseDir}/scripts/check-ip.sh \x3Cip>

Show ban stats

bash {baseDir}/scripts/stats.sh

Auto-Reporting

The install script sets up a fail2ban action that auto-reports new bans.

bash {baseDir}/scripts/install.sh    # install auto-reporting
bash {baseDir}/scripts/uninstall.sh  # remove auto-reporting

Heartbeat Integration

Add to HEARTBEAT.md to check for new bans periodically:

- [ ] Check fail2ban stats and report any unreported IPs to AbuseIPDB

Workflow

  1. fail2ban bans an IP → action triggers report-single.sh
  2. Script reports to AbuseIPDB with SSH brute-force category
  3. Sends Telegram notification (if configured)
  4. Logs report to /var/log/abuseipdb-reports.log

API Reference

See references/abuseipdb-api.md for full API docs.

Usage Guidance
Before installing: (1) Review the scripts (install.sh, report-*.sh, uninstall.sh) yourself — they will write /etc/fail2ban/action.d/abuseipdb.conf, edit /etc/fail2ban/jail.local, and restart fail2ban (requires sudo). (2) Ensure you actually want automatic external reporting to AbuseIPDB — reports are sent to a third party and could affect how IPs are treated. (3) Provide an AbuseIPDB API key via ABUSEIPDB_KEY or store it at pass show abuseipdb/api-key; the skill metadata does not declare this requirement so it will fail silently if missing. (4) Backup /etc/fail2ban/jail.local before running install.sh because the script edits it with sed. (5) Note: Telegram notifications are advertised but no Telegram code or env vars are present — if you need alerts via Telegram, you'll have to add that yourself. (6) If you are uncomfortable with a script running as root and modifying system service config, run the reporting scripts manually (report-banned.sh / report-single.sh) instead of running install.sh.
Capability Analysis
Type: OpenClaw Skill Name: fail2ban-reporter Version: 1.0.0 This skill is designed to integrate with fail2ban to automatically report banned IPs to AbuseIPDB. It performs high-privilege operations, such as modifying fail2ban configuration files (`/etc/fail2ban/action.d/abuseipdb.conf`, `/etc/fail2ban/jail.local`) and restarting the fail2ban service, as seen in `scripts/install.sh` and `scripts/uninstall.sh`. It also makes external network calls to `api.abuseipdb.com` using `curl` to report and check IPs, as shown in `scripts/report-single.sh` and `scripts/check-ip.sh`. API keys are handled securely via environment variables or `pass`. All actions are clearly aligned with the stated purpose, require explicit user interaction (e.g., `sudo` for installation), and there is no evidence of malicious intent, unauthorized data exfiltration, or harmful prompt injection attempts in `SKILL.md` or `README.md`.
Capability Assessment
Purpose & Capability
The skill's declared registry metadata lists no required environment variables or binaries, but the scripts and SKILL.md clearly require an AbuseIPDB API key (ABUSEIPDB_KEY or pass entry), and system tools like fail2ban, jq, and curl. The README and SKILL.md advertise Telegram notifications but there is no code implementing Telegram integration. The requested filesystem and systemd changes (editing /etc/fail2ban/* and restarting fail2ban) are appropriate for the stated purpose, but the metadata omission and unimplemented Telegram feature are incoherent with the skill description.
Instruction Scope
Runtime instructions and scripts stay within the stated purpose: they read fail2ban state, report IPs to AbuseIPDB, and log results to /var/log/abuseipdb-reports.log. The install/uninstall scripts modify /etc/fail2ban/action.d and /etc/fail2ban/jail.local and restart fail2ban (requires root). Scripts read the AbuseIPDB key either from environment or via pass. There is no evidence of other data collection or exfiltration beyond reporting to AbuseIPDB, but the install modifies system configuration and requires sudo — users should review the exact sed edits before running.
Install Mechanism
There is no remote install step; this is an instruction-and-script package included in the skill. That lowers supply-chain risk. The install script writes files under /etc/fail2ban and restarts fail2ban, which is expected for the functionality. No downloads from untrusted URLs are performed.
Credentials
The skill requires an AbuseIPDB API key (checked at runtime via ABUSEIPDB_KEY or pass show abuseipdb/api-key), plus system-level sudo to edit fail2ban config, but the manifest declares no required env vars or credentials. The use of pass to read a specific entry is reasonable, but the metadata should have declared the primary credential. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and is user-invocable. The installer requires root and modifies system fail2ban configs and restarts the service — this is necessary for auto-reporting, but it's a high-privilege operation. Users should expect and approve these changes before installing. The skill does not appear to change other skills or agent-wide configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install fail2ban-reporter
  3. After installation, invoke the skill by name or use /fail2ban-reporter
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug fail2ban-reporter
Version 1.0.0
License
All-time Installs 4
Active Installs 3
Total Versions 1
Frequently Asked Questions

What is fail2ban Reporter?

Auto-report fail2ban banned IPs to AbuseIPDB and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned IPs. Watches fail2ban for new bans, reports them to AbuseIPDB, and sends alerts. It is an AI Agent Skill for Claude Code / OpenClaw, with 2543 downloads so far.

How do I install fail2ban Reporter?

Run "/install fail2ban-reporter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is fail2ban Reporter free?

Yes, fail2ban Reporter is completely free (open-source). You can download, install and use it at no cost.

Which platforms does fail2ban Reporter support?

fail2ban Reporter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created fail2ban Reporter?

It is built and maintained by jester (@jestersimpps); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments