ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified system Safety 5/5

feelgoodbot

Set up feelgoodbot file integrity monitoring and TOTP step-up authentication for macOS. Use when the user wants to detect malware, monitor for system tampering, set up security alerts, or require OTP verification for sensitive agent actions.

Why use this skill?

Enhance your macOS security with feelgoodbot. Implement file integrity monitoring and TOTP step-up authentication to protect your AI agent from unauthorized actions.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/kris-hansen/feelgoodbot
Or

What This Skill Does

feelgoodbot is a security-focused utility for macOS designed to bridge the gap between high-utility AI agents and system security. It provides two critical layers of protection: File Integrity Monitoring (FIM) and TOTP-based step-up authentication. The tool acts as a watchdog for your system, tracking unauthorized changes to sensitive binaries, shell configurations, and persistence mechanisms like LaunchDaemons. When a change is detected, it can push alerts directly to your AI agent gateway. Furthermore, the TOTP component acts as a security gate for sensitive agent actions, ensuring that even if an AI is compromised or misinstructed, it cannot perform high-stakes operations (like executing shell commands or initiating external network calls) without the user providing a physical TOTP token.

Installation

Ensure you have Go 1.21+ installed on your macOS system. Run the following command in your terminal:

go install github.com/kris-hansen/feelgoodbot/cmd/feelgoodbot@latest

After installation, initialize the baseline snapshot with feelgoodbot init to define your system's current trusted state. To enable the daemon, execute feelgoodbot daemon install followed by feelgoodbot daemon start. To integrate with Clawdbot, update your ~/.config/feelgoodbot/config.yaml with the appropriate webhook tokens. For TOTP functionality, initialize your secret using feelgoodbot totp init --account "user@feelgoodbot" and scan the resulting QR code with an authenticator app.

Use Cases

  • Malware Prevention: Receive real-time alerts if system files like /usr/bin or SSH authorized_keys are modified by unauthorized processes.
  • Agent Governance: Prevent "rogue" agent behavior by enforcing manual user verification before the agent executes dangerous commands like delete:* or payment:*.
  • Security Auditing: Maintain an audit trail of persistent configurations on your macOS development environment.

Example Prompts

  1. "OpenClaw, please add the 'ssh:*' action to my feelgoodbot protected list and verify the current TOTP setup."
  2. "Check the current file integrity status using feelgoodbot and report any changes detected in the last 24 hours."
  3. "Configure feelgoodbot to alert my clawdbot gateway if any modifications are made to my ~/.zshrc or system launch daemons."

Tips & Limitations

  • Performance: While the daemon is lightweight, scanning complex directory structures frequently may impact system resources; tune your scan_interval based on your hardware.
  • Scope: The file integrity monitoring is strictly limited to macOS environments; Linux or Windows support is not provided.
  • TOTP Security: Treat your TOTP secret key as sensitive; do not share the QR code or your recovery seeds with any third party, including your AI agent logs.
Read Full Documentation on GitHub

Metadata

Author@kris-hansen
Stars1656
Views0
Updated2026-02-28
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-kris-hansen-feelgoodbot": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#macos#totp#monitoring#safety
Safety Score: 5/5

Flags: file-read, file-write, code-execution

Related Skills

google-flights

Search Google Flights for prices and availability. Use when user asks about flight prices, searching for flights, comparing airfares, or planning air travel between cities.

kris-hansen 1656

comanda

Generate, visualize, and execute declarative AI pipelines using the comanda CLI. Use when creating LLM workflows from natural language, viewing workflow charts, editing YAML workflow files, or processing/running comanda workflows. Supports multi-model orchestration (OpenAI, Anthropic, Google, Ollama, Claude Code, Gemini CLI, Codex).

kris-hansen 1656