security-monitor
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
Best use case
security-monitor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
Teams using security-monitor should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-monitor/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security-monitor Compares
| Feature / Agent | security-monitor | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Monitor Skill ## When to use Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment. ## Setup No external dependencies required. Runs as a background process. ## How to ### Start real-time monitoring ```bash node skills/security-monitor/scripts/monitor.cjs --interval 60 ``` ### Run in daemon mode (background) ```bash node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60 ``` ### Monitor for specific threats ```bash node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls ``` ## What It Monitors | Threat | Detection | Response | |--------|-----------|----------| | **Brute force attacks** | Failed login detection | Alert + IP tracking | | **Port scanning** | Rapid connection attempts | Alert | | **Process anomalies** | Unexpected processes | Alert | | **File changes** | Unauthorized modifications | Alert | | **Container health** | Docker issues | Alert | ## Output - Console output (stdout) - JSON logs at `/root/clawd/clawdbot-security/logs/alerts.log` - Telegram alerts (configurable) ## Daemon Mode Use systemd or PM2 to keep monitoring active: ```bash # With PM2 pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60 ``` ## Combined with Security Audit Run audit first, then monitor continuously: ```bash # One-time audit node skills/security-audit/scripts/audit.cjs --full # Continuous monitoring node skills/security-monitor/scripts/monitor.cjs --daemon ``` ## Related skills - `security-audit` - One-time security scan (install separately)
Related Skills
security-operator
Runtime security guardrails for OpenClaw agents.
task-monitor
Real-time web dashboard for OpenClaw sessions and background tasks. Mobile-responsive with auto-refresh.
testflight-monitor
Monitor available TestFlight beta slots with smart app lookups and silent batch checking.
security-checker
Security scanner for Python skills before publishing to ClawHub.
aave-liquidation-monitor
Proactive monitoring of Aave V3 borrow positions with liquidation alerts.
security-auditor
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
web-monitor-pro
Monitor web pages for changes, price drops, stock availability, and custom conditions.
tech-security-audit
This skill integrates Nmap scanning functionality to perform local network vulnerability assessments.
bilibili-monitor
生成B站热门视频日报并发送邮件。触发词:B站热门、bilibili日报、视频日报、热门视频
go-security-vulnerability
Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.
Security Joes AI Analyst
SecOps checks for endpoints: EDR, Sysmon, updates, EVTX on heartbeat, least privilege, network visibility, credential protection (Kerberos/NTLM/pass-the-hash), device inventory and known vulnerabilities, weekly assessment, and skill integrity (hash-on-wake, version-aware). Use when implementing or reviewing host posture, heartbeat logic, EDR/Sysmon/EVTX, privilege, network exposure, credential hardening, vuln assessment, weekly SecOps review, or skill compromise checks.
price-monitor
Surveille les prix de produits sur des sites e-commerce et alerte quand ils baissent.