Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
Openclaw Security Monitor
Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments
skill openclawclawhub Free
Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Item is unstable.
This item is timing out or returning errors right now. Review the source page and try again later.
Quick setup
- Wait for the source to recover or retry later.
- Review SKILL.md only after the source returns a real package.
- Do not rely on this source for automated install yet.
Package facts
- Download mode
- Manual review
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- README.md, SKILL.md, dashboard/index.html, dashboard/server.js, docs/threat-model.md, install.sh
Validation
- Wait for the source to recover or retry later.
- Review SKILL.md only after the download returns a real package.
- Treat this source as transient until the upstream errors clear.
Install with your agent
Agent handoff
Use the source page and any available docs to guide the install because the item is currently unstable or timing out.
- Open the source page via Review source status.
- If you can obtain the package, extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the source page and extracted files.
New install
I tried to install a skill package from Yavira, but the item is currently unstable or timing out. Inspect the source page and any extracted docs, then tell me what you can confirm and any manual steps still required. Then review README.md for any prerequisites, environment setup, or post-install checks.
Upgrade existing
I tried to upgrade a skill package from Yavira, but the item is currently unstable or timing out. Compare the source page and any extracted docs with my current installation, then summarize what changed and what manual follow-up I still need. Then review README.md for any prerequisites, environment setup, or post-install checks.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 4.2.1
Provenance
- Publisher
- adibirzu
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Security Monitor
Real-time security monitoring with threat intelligence from ClawHavoc research, daily automated scans, web dashboard, and Telegram alerting for OpenClaw.
Commands
Note: Replace <skill-dir> with the actual folder name where this skill is installed (commonly openclaw-security-monitor or security-monitor).
/security-scan
Run a comprehensive 59-point security scan: Known C2 IPs (ClawHavoc: 91.92.242.x, 95.92.242.x, 54.91.154.110) AMOS stealer / AuthTool markers Reverse shells & backdoors (bash, python, perl, ruby, php, lua) Credential exfiltration endpoints (webhook.site, pipedream, ngrok, etc.) Crypto wallet targeting (seed phrases, private keys, exchange APIs) Curl-pipe / download attacks Sensitive file permission audit Skill integrity hash verification SKILL.md shell injection patterns (Prerequisites-based attacks) Memory poisoning detection (SOUL.md, MEMORY.md, IDENTITY.md) Base64 obfuscation detection (glot.io-style payloads) External binary downloads (.exe, .dmg, .pkg, password-protected ZIPs) Gateway security configuration audit WebSocket origin validation (CVE-2026-25253) Known malicious publisher detection (hightower6eu, etc.) Sensitive environment/credential file leakage DM policy audit (open/wildcard channel access) Tool policy / elevated tools audit Sandbox configuration check mDNS/Bonjour exposure detection Session & credential file permissions Persistence mechanism scan (LaunchAgents, crontabs, systemd) Plugin/extension security audit Log redaction settings audit Reverse proxy localhost trust bypass detection Exec-approvals configuration audit (CVE-2026-25253 exploit chain) Docker container security (root, socket mount, privileged mode) Node.js version / CVE-2026-21636 permission model bypass Plaintext credential detection in config files VS Code extension trojan detection (fake ClawdBot extensions) Internet exposure detection (non-loopback gateway binding) MCP server security audit (tool poisoning, prompt injection) ClawJacked WebSocket brute-force protection (v2026.2.25+) SSRF protection audit (CVE-2026-26322, CVE-2026-27488) Exec safeBins validation bypass (CVE-2026-28363, CVSS 9.9) ACP permission auto-approval audit (GHSA-7jx5) PATH hijacking / command hijacking (GHSA-jqpq-mgvm-f9r6) Skill env override host injection (GHSA-82g8-464f-2mv7) macOS deep link truncation (CVE-2026-26320) Log poisoning / WebSocket header injection Browser Relay CDP unauthenticated access (CVE-2026-28458, CVSS 7.5) Browser control API path traversal (CVE-2026-28462, CVSS 7.5) Exec-approvals shell expansion bypass (CVE-2026-28463) Approval field injection / exec gating bypass (CVE-2026-28466) Sandbox browser bridge auth bypass (CVE-2026-28468) Webhook DoS โ oversized payloads (CVE-2026-28478) TAR archive path traversal (CVE-2026-28453) fetchWithGuard memory exhaustion DoS (CVE-2026-29609, CVSS 7.5) /agent/act HTTP route unauthenticated access (CVE-2026-28485) Command hijacking via PATH โ unsafe resolution (CVE-2026-29610) SHA-1 sandbox cache key poisoning (CVE-2026-28479, CVSS 8.7) Google Chat webhook cross-account bypass (CVE-2026-28469, CVSS 9.8) Gateway WebSocket device identity skip (CVE-2026-28472) Cross-Site WebSocket Hijacking in trusted-proxy (CVE-2026-32302) Device pairing credential exposure (GHSA-7h7g-x2px-94hj) Operator privilege escalation (GHSA-vmhq-cqm9-6p7q) MCP server tool poisoning via schema injection (OWASP MCP03/MCP06) SANDWORM_MODE MCP worm detection (Socket, Feb 2026) Rules file backdoor / hidden Unicode injection (Pillar Security) bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/scan.sh Exit codes: 0=SECURE, 1=WARNINGS, 2=COMPROMISED
/security-dashboard
Display a security overview with process trees via witr. bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/dashboard.sh
/security-network
Monitor network connections and check against IOC database. bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/network-check.sh
/security-remediate
Scan-driven remediation: runs scan.sh, skips CLEAN checks, and executes per-check remediation scripts for each WARNING/CRITICAL finding. Includes 59 individual scripts covering file permissions, exfiltration domain blocking, tool deny lists, gateway hardening, sandbox configuration, credential auditing, ClawJacked protection, SSRF hardening, PATH hijacking cleanup, log poisoning remediation, /agent/act hardening, SHA-1 cache key migration, Google Chat webhook hardening, WebSocket identity enforcement, MCP tool poisoning quarantine, SANDWORM_MODE worm cleanup, and rules file Unicode sanitization. # Full scan + remediate (interactive) bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh # Auto-approve all fixes (explicit opt-in) OPENCLAW_ALLOW_UNATTENDED_REMEDIATE=1 \ bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --yes # Dry run (preview) bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --dry-run # Remediate a single check bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --check 7 --dry-run # Run all 59 remediation scripts (skip scan) bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --all Flags: --yes / -y โ Skip confirmation prompts only when OPENCLAW_ALLOW_UNATTENDED_REMEDIATE=1 --dry-run โ Show what would be fixed without making changes --check N โ Run remediation for check N only (skip scan) --all โ Run all 59 remediation scripts without scanning first Exit codes: 0=fixes applied, 1=some fixes failed, 2=nothing to fix
/clawhub-scan
Scan all locally installed ClawHub skills for security issues. Checks each skill against: Known malicious publishers (ioc/malicious-publishers.txt) Malicious skill name patterns (ioc/malicious-skill-patterns.txt) Suspicious script patterns: curl/wget pipe-to-shell, base64 decode/eval, reverse shells, credential file access, environment variable exfiltration Known C2 IP references (ioc/c2-ips.txt) Malicious domain references (ioc/malicious-domains.txt) SKILL.md integrity (shell injection in Prerequisites) Known malicious file hashes (ioc/file-hashes.txt) bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/clawhub-scan.sh Exit codes: 0=all clean, 1=warnings found, 2=critical findings
/security-setup-telegram
Register a Telegram chat for daily security alerts. bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/telegram-setup.sh [chat_id]
Web Dashboard
URL: http://<vm-ip>:18800 Read-only dark-themed browser dashboard that displays scan results from log files, IOC stats, installed skills list, and scan history. Does not execute any shell commands or child processes โ all scans and remediation are triggered via CLI scripts.
Service Management
launchctl list | grep security-dashboard launchctl unload ~/Library/LaunchAgents/com.openclaw.security-dashboard.plist launchctl load ~/Library/LaunchAgents/com.openclaw.security-dashboard.plist
IOC Database
Threat intelligence files in ioc/: c2-ips.txt - Known command & control IP addresses malicious-domains.txt - Payload hosting and exfiltration domains file-hashes.txt - Known malicious file SHA-256 hashes malicious-publishers.txt - Known malicious ClawHub publishers malicious-skill-patterns.txt - Malicious skill naming patterns
Daily Automated Scan (Optional)
Optional cron job at 06:00 UTC with Telegram alerts. Not auto-installed โ requires explicit user action: crontab -l | { cat; echo "0 6 * * * $HOME/.openclaw/workspace/skills/<skill-dir>/scripts/daily-scan-cron.sh"; } | crontab -
Threat Coverage
Based on research from 40+ security sources including: ClawHavoc: 341 Malicious Skills (Koi Security) CVE-2026-25253: 1-Click RCE From SKILL.md to Shell Access (Snyk) VirusTotal: From Automation to Infection OpenClaw Official Security Docs DefectDojo Hardening Checklist Vectra: Automation as Backdoor Cisco: AI Agents Security Nightmare Bloom Security/JFrog: 37 Malicious Skills OpenSourceMalware: Skills Ganked Your Crypto Snyk: clawdhub Campaign Deep-Dive OWASP Top 10 for Agentic Applications 2026 CrowdStrike: OpenClaw AI Super Agent Argus Security Audit (512 findings) ToxSec: OpenClaw Security Checklist Aikido.dev: Fake ClawdBot VS Code Extension Prompt Security: Top 10 MCP Risks Oasis Security: ClawJacked (Feb 26) CVE-2026-28363: safeBins Bypass (CVSS 9.9) CVE-2026-28479: SHA-1 Cache Poisoning (CVSS 8.7) CVE-2026-28485: /agent/act No Auth CVE-2026-29610: Command Hijacking via PATH Flare: Widespread Exploitation (Feb 25) CVE-2026-28469: Google Chat Webhook Cross-Account Bypass (CVSS 9.8) CVE-2026-28472: Gateway WebSocket Device Identity Skip CVE-2026-32302: Cross-Site WebSocket Hijacking GHSA-7h7g: Device Pairing Credential Exposure GHSA-vmhq: Operator Privilege Escalation Socket: SANDWORM_MODE npm Worm (Feb 20) Pillar Security: Rules File Backdoor OWASP MCP Top 10 CyberArk: MCP Output Poisoning Semgrep: First Malicious MCP Server on npm
Security & Transparency
Source repository: github.com/adibirzu/openclaw-security-monitor โ all source code is publicly auditable. Detection signatures in repository: This project contains threat-signature patterns (IP addresses, domain names, hash values) because it scans skills for risky content. These strings are used for grep/regex matching only and are not executable instructions. Required binaries: bash, curl, node (for dashboard), lsof (for network checks). Optional: witr (process trees), docker (container audits), openclaw CLI (config checks). Environment variables: OPENCLAW_TELEGRAM_TOKEN (optional, for daily scan alerts), OPENCLAW_HOME (optional, overrides default ~/.openclaw directory). Both are declared in the frontmatter metadata above. What the scanner reads: scan.sh reads files within ~/.openclaw/ (configs, skills, credentials, logs) to detect threats. It pattern-matches against .env, .ssh, and keychain paths for detection only โ it never exfiltrates, transmits, or modifies data. The scanner is read-only. What remediation does: remediate.sh can modify file permissions, block domains in /etc/hosts, adjust OpenClaw gateway config, quarantine MCP configs, and remove malicious skills. Always run --dry-run first to preview changes. Unattended mode (--yes) requires explicit OPENCLAW_ALLOW_UNATTENDED_REMEDIATE=1 โ without this env var, --yes is silently ignored. IOC updates: update-ioc.sh fetches threat intelligence from this project's GitHub repository. In interactive mode it shows pending changes and asks for confirmation before writing. --auto mode (for cron) writes without prompting. Validates incoming IOC file format (field counts). Untrusted upstream repos require explicit OPENCLAW_ALLOW_UNTRUSTED_IOC_SOURCE=1. No auto-installed persistence: The installer does NOT create cron jobs, LaunchAgents, symlinks, or background services. Cron and LaunchAgent setup are documented as optional manual steps that the user must explicitly run themselves. Dashboard binding: The web dashboard is read-only (no shell commands, no child processes) and defaults to 127.0.0.1:18800 (localhost only). It reads log files and IOC stats only.
Installation
# From GitHub git clone https://github.com/adibirzu/openclaw-security-monitor.git \ ~/.openclaw/workspace/skills/<skill-dir> chmod +x ~/.openclaw/workspace/skills/<skill-dir>/scripts/*.sh The OpenClaw agent auto-discovers skills from ~/.openclaw/workspace/skills/ via SKILL.md frontmatter. After cloning, the /security-scan, /security-remediate, /security-dashboard, /security-network, and /security-setup-telegram commands will be available in the agent.
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Docs2 Scripts1 Files
- SKILL.md
- docs/threat-model.md
- README.md
- dashboard/server.js
- install.sh
- dashboard/index.html