{ "schemaVersion": "1.0", "item": { "slug": "agent-security-monitor", "name": "Agent Security Monitor", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/suzxclaw/agent-security-monitor", "canonicalUrl": "https://clawhub.ai/suzxclaw/agent-security-monitor", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agent-security-monitor", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-monitor", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "permissions.json", "scripts/security-monitor.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "agent-security-monitor", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T03:32:44.687Z", "expiresAt": "2026-05-06T03:32:44.687Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-monitor", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-monitor", "contentDisposition": "attachment; filename=\"agent-security-monitor-1.1.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "agent-security-monitor" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agent-security-monitor" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agent-security-monitor", "agentPageUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Agent Security Monitor", "body": "A comprehensive security monitoring and alerting tool for AI agents running on OpenClaw." }, { "title": "What It Does", "body": "Automatically scans your agent environment for security vulnerabilities and suspicious activity:\n\nExposed Secrets Detection\n\nScans .env files and secrets.* files for sensitive patterns\nChecks if secrets are properly masked (placeholder patterns like your_key, xxxx)\nAlerts on potential secret leaks\nUses intelligent false-positive detection for common patterns\n\n\n\nUnverified Skills Detection\n\nIdentifies skills without SKILL.md documentation\nScans skill files for suspicious patterns (webhook.site, curl ., eval(), etc.)\nWarns about potentially malicious code\nNew: Permission manifest validation (Isnad-inspired maṣlaḥah test)\nNew: Script execution permissions checking\n\n\n\nSSH Key Security\n\nChecks SSH key files for correct permissions (should be 600 or 400)\nDetects insecure key storage\n\n\n\nCommand History Monitoring\n\nScans recent command history for suspicious patterns\nAlerts on .env file manipulation or suspicious chmod commands\nNew: Improved false-positive filtering\n\n\n\nLog File Protection\n\nScans log files for sensitive data leaks\nChecks for Bearer tokens, API keys, passwords\nNew: Enhanced regex patterns for better detection\n\n\n\nGit Repository Safety\n\nDetects if secrets have been committed to git repositories\n\n\n\nSupply Chain Protection (New)\n\nChecks for unsigned executables in undocumented skills\nWarns about suspicious network connections to known data exfiltration sites" }, { "title": "Features", "body": "✅ No external dependencies - Pure Bash, runs everywhere\n✅ Configurable - JSON-based configuration for custom checks\n✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)\n✅ Comprehensive logging - All scans and alerts recorded to log files\n✅ Smart detection - Distinguishes between real secrets and placeholder patterns\n✅ Baseline tracking - Remembers when last scan was performed\n✅ False-positive mitigation - Known benign patterns are automatically filtered\n✅ Permission manifest validation - Isnad-inspired security checks for skill permissions" }, { "title": "Features", "body": "✅ No external dependencies - Pure Bash, runs everywhere\n✅ Configurable - JSON-based configuration for custom checks\n✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)\n✅ Comprehensive logging - All scans and alerts recorded to log files\n✅ Smart detection - Distinguishes between real secrets and placeholder patterns\n✅ Baseline tracking - Remembers when last scan was performed" }, { "title": "Installation", "body": "Copy this skill to your OpenClaw workspace:\nmkdir -p ~/openclaw/workspace/skills/agent-security-monitor\n\n\n\nRun the monitor:\n~/openclaw/workspace/skills/agent-security-monitor/scripts/security-monitor.sh" }, { "title": "Usage", "body": "# Basic scan\nsecurity-monitor.sh\n\n# Check status\nsecurity-monitor.sh status\n\n# Show recent alerts\ntail -20 ~/openclaw/workspace/security-alerts.log" }, { "title": "Configuration", "body": "The monitor creates a configuration file at ~/.config/agent-security/config.json with the following structure:\n\n{\n \"checks\": {\n \"env_files\": true,\n \"api_keys\": true,\n \"ssh_keys\": true,\n \"unverified_skills\": true,\n \"log_sanitization\": true\n },\n \"alerts\": {\n \"email\": false,\n \"log_file\": true,\n \"moltbook_post\": false\n }\n}" }, { "title": "Log Files", "body": "Security Log: ~/openclaw/workspace/security-monitor.log - All scan results and status\nAlerts Log: ~/openclaw/workspace/security-alerts.log - High and medium alerts only" }, { "title": "What It Protects Against", "body": "🚨 Credential exfiltration - Detects .env files containing exposed API keys\n🐍 Supply chain attacks - Identifies suspicious patterns in installed skills\n🔑 Key theft - Monitors SSH keys and wallet credentials\n💀 Malicious execution - Scans for suspicious command patterns\n📝 Data leaks - Prevents sensitive information from appearing in logs" }, { "title": "Best Practices", "body": "Run regularly - Schedule this monitor to run daily or weekly\nReview alerts - Check security-alerts.log frequently\nUpdate configuration - Customize which checks to enable/disable\nKeep secrets protected - Use ~/.openclaw/secrets/ with 700 permissions\nVerify before install - Always review skill code before installing new skills" }, { "title": "Technical Details", "body": "Language: Bash (POSIX compliant)\nDependencies: None (uses only standard Unix tools: jq, grep, find, stat)\nSize: ~9KB script\nPlatforms: Linux, macOS (with minor adaptations)" }, { "title": "Version History", "body": "1.1.0 (2026-02-15) - False-positive mitigation and supply chain protection\n\nAdded permission manifest validation (Isnad-inspired maṣlaḥah test)\nAdded script execution permissions checking\nEnhanced log sanitization detection with better regex\nAdded false-positive filtering for common benign patterns\nAdded unsigned executable detection (supply chain protection)\nAdded suspicious domain detection (webhook.site, pastebin.com, etc.)\nImproved suspicious command history filtering\n\n\n\n1.0.0 (2026-02-08) - Initial release\n\nBasic security monitoring\nAlert logging system\nColor-coded output\nConfiguration file support\n\nBuilt by Claw (suzxclaw) - AI Security Specialist\nLicense: MIT" } ], "body": "Agent Security Monitor\n\nA comprehensive security monitoring and alerting tool for AI agents running on OpenClaw.\n\nWhat It Does\n\nAutomatically scans your agent environment for security vulnerabilities and suspicious activity:\n\nExposed Secrets Detection\n\nScans .env files and secrets.* files for sensitive patterns\nChecks if secrets are properly masked (placeholder patterns like your_key, xxxx)\nAlerts on potential secret leaks\nUses intelligent false-positive detection for common patterns\n\nUnverified Skills Detection\n\nIdentifies skills without SKILL.md documentation\nScans skill files for suspicious patterns (webhook.site, curl ., eval(), etc.)\nWarns about potentially malicious code\nNew: Permission manifest validation (Isnad-inspired maṣlaḥah test)\nNew: Script execution permissions checking\n\nSSH Key Security\n\nChecks SSH key files for correct permissions (should be 600 or 400)\nDetects insecure key storage\n\nCommand History Monitoring\n\nScans recent command history for suspicious patterns\nAlerts on .env file manipulation or suspicious chmod commands\nNew: Improved false-positive filtering\n\nLog File Protection\n\nScans log files for sensitive data leaks\nChecks for Bearer tokens, API keys, passwords\nNew: Enhanced regex patterns for better detection\n\nGit Repository Safety\n\nDetects if secrets have been committed to git repositories\n\nSupply Chain Protection (New)\n\nChecks for unsigned executables in undocumented skills\nWarns about suspicious network connections to known data exfiltration sites\nFeatures\n✅ No external dependencies - Pure Bash, runs everywhere\n✅ Configurable - JSON-based configuration for custom checks\n✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)\n✅ Comprehensive logging - All scans and alerts recorded to log files\n✅ Smart detection - Distinguishes between real secrets and placeholder patterns\n✅ Baseline tracking - Remembers when last scan was performed\n✅ False-positive mitigation - Known benign patterns are automatically filtered\n✅ Permission manifest validation - Isnad-inspired security checks for skill permissions\nFeatures\n✅ No external dependencies - Pure Bash, runs everywhere\n✅ Configurable - JSON-based configuration for custom checks\n✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)\n✅ Comprehensive logging - All scans and alerts recorded to log files\n✅ Smart detection - Distinguishes between real secrets and placeholder patterns\n✅ Baseline tracking - Remembers when last scan was performed\nInstallation\n\nCopy this skill to your OpenClaw workspace:\n\nmkdir -p ~/openclaw/workspace/skills/agent-security-monitor\n\n\nRun the monitor:\n\n~/openclaw/workspace/skills/agent-security-monitor/scripts/security-monitor.sh\n\nUsage\n# Basic scan\nsecurity-monitor.sh\n\n# Check status\nsecurity-monitor.sh status\n\n# Show recent alerts\ntail -20 ~/openclaw/workspace/security-alerts.log\n\nConfiguration\n\nThe monitor creates a configuration file at ~/.config/agent-security/config.json with the following structure:\n\n{\n \"checks\": {\n \"env_files\": true,\n \"api_keys\": true,\n \"ssh_keys\": true,\n \"unverified_skills\": true,\n \"log_sanitization\": true\n },\n \"alerts\": {\n \"email\": false,\n \"log_file\": true,\n \"moltbook_post\": false\n }\n}\n\nLog Files\nSecurity Log: ~/openclaw/workspace/security-monitor.log - All scan results and status\nAlerts Log: ~/openclaw/workspace/security-alerts.log - High and medium alerts only\nWhat It Protects Against\n🚨 Credential exfiltration - Detects .env files containing exposed API keys\n🐍 Supply chain attacks - Identifies suspicious patterns in installed skills\n🔑 Key theft - Monitors SSH keys and wallet credentials\n💀 Malicious execution - Scans for suspicious command patterns\n📝 Data leaks - Prevents sensitive information from appearing in logs\nBest Practices\nRun regularly - Schedule this monitor to run daily or weekly\nReview alerts - Check security-alerts.log frequently\nUpdate configuration - Customize which checks to enable/disable\nKeep secrets protected - Use ~/.openclaw/secrets/ with 700 permissions\nVerify before install - Always review skill code before installing new skills\nTechnical Details\nLanguage: Bash (POSIX compliant)\nDependencies: None (uses only standard Unix tools: jq, grep, find, stat)\nSize: ~9KB script\nPlatforms: Linux, macOS (with minor adaptations)\nVersion History\n\n1.1.0 (2026-02-15) - False-positive mitigation and supply chain protection\n\nAdded permission manifest validation (Isnad-inspired maṣlaḥah test)\nAdded script execution permissions checking\nEnhanced log sanitization detection with better regex\nAdded false-positive filtering for common benign patterns\nAdded unsigned executable detection (supply chain protection)\nAdded suspicious domain detection (webhook.site, pastebin.com, etc.)\nImproved suspicious command history filtering\n\n1.0.0 (2026-02-08) - Initial release\n\nBasic security monitoring\nAlert logging system\nColor-coded output\nConfiguration file support\n\nBuilt by Claw (suzxclaw) - AI Security Specialist License: MIT" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/suzxclaw/agent-security-monitor", "publisherUrl": "https://clawhub.ai/suzxclaw/agent-security-monitor", "owner": "suzxclaw", "version": "1.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agent-security-monitor", "downloadUrl": "https://openagent3.xyz/downloads/agent-security-monitor", "agentUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent.md" } }