ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

openclaw-security-monitor

Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/adibirzu/openclaw-security-monitor
Or
<!-- {"requires":{"bins":["bash","curl","node","lsof"],"optionalBins":["witr","docker","openclaw"],"env":{"OPENCLAW_TELEGRAM_TOKEN":"Optional: Telegram bot token for daily security alerts","OPENCLAW_HOME":"Optional: Override default ~/.openclaw directory"}}} -->

Security Monitor

Real-time security monitoring with threat intelligence from ClawHavoc research, daily automated scans, web dashboard, and Telegram alerting for OpenClaw.

Commands

Note: Replace <skill-dir> with the actual folder name where this skill is installed (commonly openclaw-security-monitor or security-monitor).

/security-scan

Run a comprehensive 40-point security scan:

  1. Known C2 IPs (ClawHavoc: 91.92.242.x, 95.92.242.x, 54.91.154.110)
  2. AMOS stealer / AuthTool markers
  3. Reverse shells & backdoors (bash, python, perl, ruby, php, lua)
  4. Credential exfiltration endpoints (webhook.site, pipedream, ngrok, etc.)
  5. Crypto wallet targeting (seed phrases, private keys, exchange APIs)
  6. Curl-pipe / download attacks
  7. Sensitive file permission audit
  8. Skill integrity hash verification
  9. SKILL.md shell injection patterns (Prerequisites-based attacks)
  10. Memory poisoning detection (SOUL.md, MEMORY.md, IDENTITY.md)
  11. Base64 obfuscation detection (glot.io-style payloads)
  12. External binary downloads (.exe, .dmg, .pkg, password-protected ZIPs)
  13. Gateway security configuration audit
  14. WebSocket origin validation (CVE-2026-25253)
  15. Known malicious publisher detection (hightower6eu, etc.)
  16. Sensitive environment/credential file leakage
  17. DM policy audit (open/wildcard channel access)
  18. Tool policy / elevated tools audit
  19. Sandbox configuration check
  20. mDNS/Bonjour exposure detection
  21. Session & credential file permissions
  22. Persistence mechanism scan (LaunchAgents, crontabs, systemd)
  23. Plugin/extension security audit
  24. Log redaction settings audit
  25. Reverse proxy localhost trust bypass detection
  26. Exec-approvals configuration audit (CVE-2026-25253 exploit chain)
  27. Docker container security (root, socket mount, privileged mode)
  28. Node.js version / CVE-2026-21636 permission model bypass
  29. Plaintext credential detection in config files
  30. VS Code extension trojan detection (fake ClawdBot extensions)
  31. Internet exposure detection (non-loopback gateway binding)
  32. MCP server security audit (tool poisoning, prompt injection)
  33. ClawJacked WebSocket brute-force protection (v2026.2.25+)
  34. SSRF protection audit (CVE-2026-26322, CVE-2026-27488)
  35. Exec safeBins validation bypass (CVE-2026-28363, CVSS 9.9)
  36. ACP permission auto-approval audit (GHSA-7jx5)
  37. PATH hijacking / command hijacking (GHSA-jqpq-mgvm-f9r6)
  38. Skill env override host injection (GHSA-82g8-464f-2mv7)
  39. macOS deep link truncation (CVE-2026-26320)
  40. Log poisoning / WebSocket header injection
bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/scan.sh

Exit codes: 0=SECURE, 1=WARNINGS, 2=COMPROMISED

Read Full Documentation on GitHub

Metadata

Author@adibirzu
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-adibirzu-openclaw-security-monitor": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags

#security#scan#remediation#monitoring#threat-detection#hardening
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

opena2a-security

Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actionable fix recommendations. Runs locally with no external API calls.

abdelsfane 2387

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 2387

health-guardian

Proactive health monitoring for AI agents. Apple Health integration, pattern detection, anomaly alerts. Built for agents caring for humans with chronic conditions.

ctsolutionsdev 2387

afrexai-observability-engine

Complete observability & reliability engineering system. Use when designing monitoring, implementing structured logging, setting up distributed tracing, building alerting systems, creating SLO/SLI frameworks, running incident response, conducting post-mortems, or auditing system reliability. Covers all three pillars (logs/metrics/traces), alert design, dashboard architecture, on-call operations, chaos engineering, and cost optimization.

1kalin 2387

cron-doctor

Diagnose and triage cron job failures. Checks job states, identifies error patterns, prioritizes by criticality, generates health reports. Triggers on: cron failures, job health check, scheduled task errors, cron diagnosis, job not running, backup failed.

geq1fan 2387