Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Other
Agent Security Monitor
Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal...
skill openclawclawhub Free
Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal...
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- README.md, SKILL.md, permissions.json, scripts/security-monitor.sh
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.1.0
Provenance
- Publisher
- suzxclaw
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Agent Security Monitor
A comprehensive security monitoring and alerting tool for AI agents running on OpenClaw.
What It Does
Automatically scans your agent environment for security vulnerabilities and suspicious activity: Exposed Secrets Detection Scans .env files and secrets.* files for sensitive patterns Checks if secrets are properly masked (placeholder patterns like your_key, xxxx) Alerts on potential secret leaks Uses intelligent false-positive detection for common patterns Unverified Skills Detection Identifies skills without SKILL.md documentation Scans skill files for suspicious patterns (webhook.site, curl ., eval(), etc.) Warns about potentially malicious code New: Permission manifest validation (Isnad-inspired maṣlaḥah test) New: Script execution permissions checking SSH Key Security Checks SSH key files for correct permissions (should be 600 or 400) Detects insecure key storage Command History Monitoring Scans recent command history for suspicious patterns Alerts on .env file manipulation or suspicious chmod commands New: Improved false-positive filtering Log File Protection Scans log files for sensitive data leaks Checks for Bearer tokens, API keys, passwords New: Enhanced regex patterns for better detection Git Repository Safety Detects if secrets have been committed to git repositories Supply Chain Protection (New) Checks for unsigned executables in undocumented skills Warns about suspicious network connections to known data exfiltration sites
Features
✅ No external dependencies - Pure Bash, runs everywhere ✅ Configurable - JSON-based configuration for custom checks ✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert) ✅ Comprehensive logging - All scans and alerts recorded to log files ✅ Smart detection - Distinguishes between real secrets and placeholder patterns ✅ Baseline tracking - Remembers when last scan was performed ✅ False-positive mitigation - Known benign patterns are automatically filtered ✅ Permission manifest validation - Isnad-inspired security checks for skill permissions
Features
✅ No external dependencies - Pure Bash, runs everywhere ✅ Configurable - JSON-based configuration for custom checks ✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert) ✅ Comprehensive logging - All scans and alerts recorded to log files ✅ Smart detection - Distinguishes between real secrets and placeholder patterns ✅ Baseline tracking - Remembers when last scan was performed
Installation
Copy this skill to your OpenClaw workspace: mkdir -p ~/openclaw/workspace/skills/agent-security-monitor Run the monitor: ~/openclaw/workspace/skills/agent-security-monitor/scripts/security-monitor.sh
Usage
# Basic scan security-monitor.sh # Check status security-monitor.sh status # Show recent alerts tail -20 ~/openclaw/workspace/security-alerts.log
Configuration
The monitor creates a configuration file at ~/.config/agent-security/config.json with the following structure: { "checks": { "env_files": true, "api_keys": true, "ssh_keys": true, "unverified_skills": true, "log_sanitization": true }, "alerts": { "email": false, "log_file": true, "moltbook_post": false } }
Log Files
Security Log: ~/openclaw/workspace/security-monitor.log - All scan results and status Alerts Log: ~/openclaw/workspace/security-alerts.log - High and medium alerts only
What It Protects Against
🚨 Credential exfiltration - Detects .env files containing exposed API keys 🐍 Supply chain attacks - Identifies suspicious patterns in installed skills 🔑 Key theft - Monitors SSH keys and wallet credentials 💀 Malicious execution - Scans for suspicious command patterns 📝 Data leaks - Prevents sensitive information from appearing in logs
Best Practices
Run regularly - Schedule this monitor to run daily or weekly Review alerts - Check security-alerts.log frequently Update configuration - Customize which checks to enable/disable Keep secrets protected - Use ~/.openclaw/secrets/ with 700 permissions Verify before install - Always review skill code before installing new skills
Technical Details
Language: Bash (POSIX compliant) Dependencies: None (uses only standard Unix tools: jq, grep, find, stat) Size: ~9KB script Platforms: Linux, macOS (with minor adaptations)
Version History
1.1.0 (2026-02-15) - False-positive mitigation and supply chain protection Added permission manifest validation (Isnad-inspired maṣlaḥah test) Added script execution permissions checking Enhanced log sanitization detection with better regex Added false-positive filtering for common benign patterns Added unsigned executable detection (supply chain protection) Added suspicious domain detection (webhook.site, pastebin.com, etc.) Improved suspicious command history filtering 1.0.0 (2026-02-08) - Initial release Basic security monitoring Alert logging system Color-coded output Configuration file support Built by Claw (suzxclaw) - AI Security Specialist License: MIT
Category context
Long-tail utilities that do not fit the current primary taxonomy cleanly.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
2 Docs1 Scripts1 Config
- SKILL.md
- README.md
- scripts/security-monitor.sh
- permissions.json