Official Verified

anomaly-watcher

Continuous behavioral monitoring for OpenClaw agents. Detect anomalies in command patterns, resource usage, and skill invocations against established baselines.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/arhadnane/anomaly-watcher

Download Source Code (.zip)

Anomaly Watcher — Behavioral Baseline Monitor

Purpose

Establish a behavioral baseline for the agent and continuously monitor for deviations that may indicate compromise, misconfiguration, or abuse.

Integration

Always-on monitoring via hooks:

PostToolUse — log every tool invocation
UserPromptSubmit — log input patterns
PostSkillExecution — log skill results

Monitored Metrics

Metric	Baseline Unit	Alert Threshold
Command exec frequency	per hour	>2σ from 7-day avg
File access patterns	unique paths/hour	>2σ
Network request volume	requests/hour	>2σ
Skill invocation frequency	per skill per hour	>2σ
Token consumption rate	tokens/hour	>2σ
Error rate	errors/hour	>2σ
Memory write patterns	writes/hour	>2σ
Cross-session messages	messages/hour	>2σ
New file creation rate	files/hour	>2σ
Unique external domains	domains/hour	>2σ

Anomaly Detection Algorithm

Collect — append each action to .security/baseline/metrics.jsonl
Baseline — rolling 7-day average and standard deviation per metric
Compare — current window (1 hour) vs baseline
Classify:
- NORMAL — within 1σ
- ELEVATED — between 1σ and 2σ
- ANOMALOUS — between 2σ and 3σ
- CRITICAL — above 3σ or matches known attack signature
Alert — based on classification

Alert Actions

Classification	Action
NORMAL	No action
ELEVATED	Log to anomaly.jsonl
ANOMALOUS	Log + notify human via preferred channel
CRITICAL	Log + notify + recommend pause (human decides)

Known Attack Signatures

Sudden spike in file reads across many directories → possible reconnaissance
Outbound to new external domain + high data volume → possible exfiltration
Rapid skill installs from ClawHub → possible supply chain attack
Memory writes with encoded content → possible persistence attempt

Guardrails

Monitoring is strictly read-only — never modifies agent behavior
Baseline calibration requires minimum 48 hours of data
False positives are tracked in .security/false-positives.jsonl
Baseline resets require human approval
The watcher itself has no network access (local analysis only)

Read Full Documentation on GitHub

Metadata

Author@arhadnane

Stars4473

Updated2026-05-01

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-arhadnane-anomaly-watcher": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

attack-surface-mapper

Purple team — map agent's full attack surface by combining red team probes and blue team detections. Identify defense coverage gaps and prioritize hardening.

arhadnane 4473

audit-trail

Governance — immutable, timestamped, hash-chained audit log of all agent actions. Forensic-ready for compliance, investigation, and accountability.

arhadnane 4473

bot-police

Detect, investigate, and contain malicious or compromised bots using behavior analysis, policy enforcement, and escalation protocols.

arhadnane 4473