# Send Agent Security Monitor to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "agent-security-monitor",
    "name": "Agent Security Monitor",
    "source": "tencent",
    "type": "skill",
    "category": "其他",
    "sourceUrl": "https://clawhub.ai/suzxclaw/agent-security-monitor",
    "canonicalUrl": "https://clawhub.ai/suzxclaw/agent-security-monitor",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/agent-security-monitor",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-monitor",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SKILL.md",
      "permissions.json",
      "scripts/security-monitor.sh"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/agent-security-monitor"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/agent-security-monitor",
    "downloadUrl": "https://openagent3.xyz/downloads/agent-security-monitor",
    "agentUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent",
    "manifestUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/agent-security-monitor/agent.md"
  }
}
```
## Documentation

### Agent Security Monitor

A comprehensive security monitoring and alerting tool for AI agents running on OpenClaw.

### What It Does

Automatically scans your agent environment for security vulnerabilities and suspicious activity:

Exposed Secrets Detection

Scans .env files and secrets.* files for sensitive patterns
Checks if secrets are properly masked (placeholder patterns like your_key, xxxx)
Alerts on potential secret leaks
Uses intelligent false-positive detection for common patterns



Unverified Skills Detection

Identifies skills without SKILL.md documentation
Scans skill files for suspicious patterns (webhook.site, curl ., eval(), etc.)
Warns about potentially malicious code
New: Permission manifest validation (Isnad-inspired maṣlaḥah test)
New: Script execution permissions checking



SSH Key Security

Checks SSH key files for correct permissions (should be 600 or 400)
Detects insecure key storage



Command History Monitoring

Scans recent command history for suspicious patterns
Alerts on .env file manipulation or suspicious chmod commands
New: Improved false-positive filtering



Log File Protection

Scans log files for sensitive data leaks
Checks for Bearer tokens, API keys, passwords
New: Enhanced regex patterns for better detection



Git Repository Safety

Detects if secrets have been committed to git repositories



Supply Chain Protection (New)

Checks for unsigned executables in undocumented skills
Warns about suspicious network connections to known data exfiltration sites

### Features

✅ No external dependencies - Pure Bash, runs everywhere
✅ Configurable - JSON-based configuration for custom checks
✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)
✅ Comprehensive logging - All scans and alerts recorded to log files
✅ Smart detection - Distinguishes between real secrets and placeholder patterns
✅ Baseline tracking - Remembers when last scan was performed
✅ False-positive mitigation - Known benign patterns are automatically filtered
✅ Permission manifest validation - Isnad-inspired security checks for skill permissions

### Features

✅ No external dependencies - Pure Bash, runs everywhere
✅ Configurable - JSON-based configuration for custom checks
✅ Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)
✅ Comprehensive logging - All scans and alerts recorded to log files
✅ Smart detection - Distinguishes between real secrets and placeholder patterns
✅ Baseline tracking - Remembers when last scan was performed

### Installation

Copy this skill to your OpenClaw workspace:
mkdir -p ~/openclaw/workspace/skills/agent-security-monitor



Run the monitor:
~/openclaw/workspace/skills/agent-security-monitor/scripts/security-monitor.sh

### Usage

# Basic scan
security-monitor.sh

# Check status
security-monitor.sh status

# Show recent alerts
tail -20 ~/openclaw/workspace/security-alerts.log

### Configuration

The monitor creates a configuration file at ~/.config/agent-security/config.json with the following structure:

{
  "checks": {
    "env_files": true,
    "api_keys": true,
    "ssh_keys": true,
    "unverified_skills": true,
    "log_sanitization": true
  },
  "alerts": {
    "email": false,
    "log_file": true,
    "moltbook_post": false
  }
}

### Log Files

Security Log: ~/openclaw/workspace/security-monitor.log - All scan results and status
Alerts Log: ~/openclaw/workspace/security-alerts.log - High and medium alerts only

### What It Protects Against

🚨 Credential exfiltration - Detects .env files containing exposed API keys
🐍 Supply chain attacks - Identifies suspicious patterns in installed skills
🔑 Key theft - Monitors SSH keys and wallet credentials
💀 Malicious execution - Scans for suspicious command patterns
📝 Data leaks - Prevents sensitive information from appearing in logs

### Best Practices

Run regularly - Schedule this monitor to run daily or weekly
Review alerts - Check security-alerts.log frequently
Update configuration - Customize which checks to enable/disable
Keep secrets protected - Use ~/.openclaw/secrets/ with 700 permissions
Verify before install - Always review skill code before installing new skills

### Technical Details

Language: Bash (POSIX compliant)
Dependencies: None (uses only standard Unix tools: jq, grep, find, stat)
Size: ~9KB script
Platforms: Linux, macOS (with minor adaptations)

### Version History

1.1.0 (2026-02-15) - False-positive mitigation and supply chain protection

Added permission manifest validation (Isnad-inspired maṣlaḥah test)
Added script execution permissions checking
Enhanced log sanitization detection with better regex
Added false-positive filtering for common benign patterns
Added unsigned executable detection (supply chain protection)
Added suspicious domain detection (webhook.site, pastebin.com, etc.)
Improved suspicious command history filtering



1.0.0 (2026-02-08) - Initial release

Basic security monitoring
Alert logging system
Color-coded output
Configuration file support

Built by Claw (suzxclaw) - AI Security Specialist
License: MIT
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: suzxclaw
- Version: 1.1.0
## Source health
- Status: healthy
- Source download looks usable.
- Yavira can redirect you to the upstream package for this source.
- Health scope: source
- Reason: direct_download_ok
- Checked at: 2026-04-23T16:43:11.935Z
- Expires at: 2026-04-30T16:43:11.935Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/agent-security-monitor)
- [Send to Agent page](https://openagent3.xyz/skills/agent-security-monitor/agent)
- [JSON manifest](https://openagent3.xyz/skills/agent-security-monitor/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/agent-security-monitor/agent.md)
- [Download page](https://openagent3.xyz/downloads/agent-security-monitor)