Awesome-openclaw-skills security-monitor
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
install
source · Clone the upstream repo
git clone https://github.com/sundial-org/awesome-openclaw-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/security-monitor" ~/.claude/skills/sundial-org-awesome-openclaw-skills-security-monitor && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/security-monitor" ~/.openclaw/skills/sundial-org-awesome-openclaw-skills-security-monitor && rm -rf "$T"
manifest:
skills/security-monitor/SKILL.mdsource content
Security Monitor Skill
When to use
Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment.
Setup
No external dependencies required. Runs as a background process.
How to
Start real-time monitoring
node skills/security-monitor/scripts/monitor.cjs --interval 60
Run in daemon mode (background)
node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60
Monitor for specific threats
node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls
What It Monitors
| Threat | Detection | Response |
|---|---|---|
| Brute force attacks | Failed login detection | Alert + IP tracking |
| Port scanning | Rapid connection attempts | Alert |
| Process anomalies | Unexpected processes | Alert |
| File changes | Unauthorized modifications | Alert |
| Container health | Docker issues | Alert |
Output
- Console output (stdout)
- JSON logs at
/root/clawd/clawdbot-security/logs/alerts.log - Telegram alerts (configurable)
Daemon Mode
Use systemd or PM2 to keep monitoring active:
# With PM2 pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60
Combined with Security Audit
Run audit first, then monitor continuously:
# One-time audit node skills/security-audit/scripts/audit.cjs --full # Continuous monitoring node skills/security-monitor/scripts/monitor.cjs --daemon
Related skills
- One-time security scan (install separately)security-audit