{ "schemaVersion": "1.0", "item": { "slug": "agentguard", "name": "AgentGuard", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/manas-io-ai/agentguard", "canonicalUrl": "https://clawhub.ai/manas-io-ai/agentguard", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agentguard", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agentguard", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "config/agentguard.yaml", "execution/alerter.py", "execution/detector.py", "execution/logger.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agentguard" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agentguard", "agentPageUrl": "https://openagent3.xyz/skills/agentguard/agent", "manifestUrl": "https://openagent3.xyz/skills/agentguard/agent.json", "briefUrl": "https://openagent3.xyz/skills/agentguard/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "AgentGuard - Security Monitoring Skill", "body": "Version: 1.0.0\nAuthor: Manas AI\nCategory: Security & Monitoring" }, { "title": "Overview", "body": "AgentGuard is a comprehensive security monitoring skill that watches over agent operations, detecting suspicious behavior, logging communications, and providing actionable security reports." }, { "title": "1. File Access Monitoring", "body": "Track all file read/write operations with pattern analysis.\n\nTrigger: Continuous background monitoring\nCommand: agentguard monitor files [--watch-dir ]\n\nWhat it detects:\n\nUnusual file access patterns (bulk reads, sensitive directories)\nAccess to credential files (.env, .secrets, keys)\nUnexpected write operations to system directories\nFile exfiltration attempts (large reads followed by network calls)" }, { "title": "2. API Call Detection", "body": "Monitor outbound API calls for suspicious activity.\n\nCommand: agentguard monitor api\n\nWhat it detects:\n\nCalls to unknown/untrusted endpoints\nUnusual API call frequency (rate anomalies)\nSensitive data in request payloads\nAuthentication token exposure\nCalls to known malicious domains" }, { "title": "3. Communication Logging", "body": "Log all external communications for audit trails.\n\nCommand: agentguard log comms [--output ]\n\nLogs include:\n\nHTTP/HTTPS requests (sanitized)\nWebSocket connections\nEmail sends\nMessage platform outputs (Telegram, Discord, etc.)\nTimestamp, destination, payload hash" }, { "title": "4. Anomaly Detection", "body": "ML-lite pattern analysis for behavioral anomalies.\n\nCommand: agentguard detect anomalies [--sensitivity ]\n\nDetection methods:\n\nBaseline deviation (learns normal patterns)\nTime-of-day anomalies\nSequence analysis (unusual operation chains)\nVolume spikes\nNew destination detection" }, { "title": "5. Security Reports", "body": "Generate comprehensive daily security reports.\n\nCommand: agentguard report [--period ]\n\nReport includes:\n\nActivity summary\nAlert breakdown by severity\nTop accessed resources\nCommunication destinations\nAnomaly timeline\nRecommendations" }, { "title": "Config File: config/agentguard.yaml", "body": "monitoring:\n enabled: true\n file_watch_dirs:\n - ~/clawd\n - ~/.clawdbot\n exclude_patterns:\n - \"*.log\"\n - \"node_modules/**\"\n - \".git/**\"\n\nalerts:\n sensitivity: medium # low, medium, high\n channels:\n - telegram\n alert_on:\n - credential_access\n - bulk_file_read\n - unknown_api_endpoint\n - data_exfiltration\n cooldown_minutes: 15\n\napi_monitoring:\n trusted_domains:\n - api.anthropic.com\n - api.openai.com\n - api.telegram.org\n - api.elevenlabs.io\n block_on_suspicious: false # true = prevent call, false = alert only\n\nlogging:\n retention_days: 30\n log_dir: ~/.agentguard/logs\n hash_sensitive_data: true\n\nreporting:\n auto_daily_report: true\n report_time: \"09:00\"\n report_channel: telegram" }, { "title": "Start Full Monitoring", "body": "agentguard start\n\nEnables all monitoring features with default config." }, { "title": "Check Current Security Status", "body": "agentguard status\n\nReturns current threat level, active monitors, recent alerts." }, { "title": "Investigate Specific Activity", "body": "agentguard investigate --timerange \"last 2 hours\" --type file_access" }, { "title": "Generate Immediate Report", "body": "agentguard report --now" }, { "title": "Review Alert History", "body": "agentguard alerts --last 24h --severity high" }, { "title": "Whitelist a Domain", "body": "agentguard trust add api.newservice.com --reason \"Required for X integration\"" }, { "title": "Alert Severity Levels", "body": "LevelColorMeaningExampleINFO🔵Normal logged activityFile read in workspaceLOW🟢Minor deviationSlightly elevated API callsMEDIUM🟡Notable anomalyAccess to .env fileHIGH🟠Potential threatBulk credential accessCRITICAL🔴Immediate action neededData exfiltration pattern" }, { "title": "With Clawdbot", "body": "Receives file/API operation hooks\nSends alerts via configured channels\nIntegrates with heartbeat for periodic checks" }, { "title": "With Other Skills", "body": "Shares threat data with other security skills\nCan block operations (if configured)\nProvides audit logs for compliance skills" }, { "title": "Data Storage", "body": "~/.agentguard/\n├── logs/\n│ ├── file_access/\n│ ├── api_calls/\n│ └── communications/\n├── baselines/\n│ └── behavior_model.json\n├── alerts/\n│ └── YYYY-MM-DD.json\n└── reports/\n └── YYYY-MM-DD_report.md" }, { "title": "Privacy & Security", "body": "No external data transmission - All processing is local\nSensitive data hashing - Credentials are never logged in plain text\nConfigurable retention - Auto-delete old logs\nEncrypted storage - Optional AES encryption for logs" }, { "title": "High false positive rate", "body": "→ Increase baseline learning period or reduce sensitivity" }, { "title": "Missing file events", "body": "→ Check file_watch_dirs config covers target directories" }, { "title": "Reports not generating", "body": "→ Verify report_time format and timezone settings" }, { "title": "Execution Scripts", "body": "ScriptPurposeexecution/monitor.pyCore monitoring daemonexecution/detector.pyAnomaly detection engineexecution/logger.pyStructured logging handlerexecution/alerter.pyAlert dispatch systemexecution/reporter.pyReport generation" }, { "title": "Author Notes", "body": "AgentGuard is designed with defense-in-depth principles. It assumes agents can be compromised or manipulated, and provides visibility into their operations.\n\nFor maximum security, run AgentGuard in a separate process with limited write access to prevent a compromised agent from disabling monitoring." } ], "body": "AgentGuard - Security Monitoring Skill\n\nVersion: 1.0.0\nAuthor: Manas AI\nCategory: Security & Monitoring\n\nOverview\n\nAgentGuard is a comprehensive security monitoring skill that watches over agent operations, detecting suspicious behavior, logging communications, and providing actionable security reports.\n\nCapabilities\n1. File Access Monitoring\n\nTrack all file read/write operations with pattern analysis.\n\nTrigger: Continuous background monitoring\nCommand: agentguard monitor files [--watch-dir ]\n\nWhat it detects:\n\nUnusual file access patterns (bulk reads, sensitive directories)\nAccess to credential files (.env, .secrets, keys)\nUnexpected write operations to system directories\nFile exfiltration attempts (large reads followed by network calls)\n2. API Call Detection\n\nMonitor outbound API calls for suspicious activity.\n\nCommand: agentguard monitor api\n\nWhat it detects:\n\nCalls to unknown/untrusted endpoints\nUnusual API call frequency (rate anomalies)\nSensitive data in request payloads\nAuthentication token exposure\nCalls to known malicious domains\n3. Communication Logging\n\nLog all external communications for audit trails.\n\nCommand: agentguard log comms [--output ]\n\nLogs include:\n\nHTTP/HTTPS requests (sanitized)\nWebSocket connections\nEmail sends\nMessage platform outputs (Telegram, Discord, etc.)\nTimestamp, destination, payload hash\n4. Anomaly Detection\n\nML-lite pattern analysis for behavioral anomalies.\n\nCommand: agentguard detect anomalies [--sensitivity ]\n\nDetection methods:\n\nBaseline deviation (learns normal patterns)\nTime-of-day anomalies\nSequence analysis (unusual operation chains)\nVolume spikes\nNew destination detection\n5. Security Reports\n\nGenerate comprehensive daily security reports.\n\nCommand: agentguard report [--period ]\n\nReport includes:\n\nActivity summary\nAlert breakdown by severity\nTop accessed resources\nCommunication destinations\nAnomaly timeline\nRecommendations\nConfiguration\nConfig File: config/agentguard.yaml\nmonitoring:\n enabled: true\n file_watch_dirs:\n - ~/clawd\n - ~/.clawdbot\n exclude_patterns:\n - \"*.log\"\n - \"node_modules/**\"\n - \".git/**\"\n\nalerts:\n sensitivity: medium # low, medium, high\n channels:\n - telegram\n alert_on:\n - credential_access\n - bulk_file_read\n - unknown_api_endpoint\n - data_exfiltration\n cooldown_minutes: 15\n\napi_monitoring:\n trusted_domains:\n - api.anthropic.com\n - api.openai.com\n - api.telegram.org\n - api.elevenlabs.io\n block_on_suspicious: false # true = prevent call, false = alert only\n\nlogging:\n retention_days: 30\n log_dir: ~/.agentguard/logs\n hash_sensitive_data: true\n\nreporting:\n auto_daily_report: true\n report_time: \"09:00\"\n report_channel: telegram\n\nUsage Examples\nStart Full Monitoring\nagentguard start\n\n\nEnables all monitoring features with default config.\n\nCheck Current Security Status\nagentguard status\n\n\nReturns current threat level, active monitors, recent alerts.\n\nInvestigate Specific Activity\nagentguard investigate --timerange \"last 2 hours\" --type file_access\n\nGenerate Immediate Report\nagentguard report --now\n\nReview Alert History\nagentguard alerts --last 24h --severity high\n\nWhitelist a Domain\nagentguard trust add api.newservice.com --reason \"Required for X integration\"\n\nAlert Severity Levels\nLevel\tColor\tMeaning\tExample\nINFO\t🔵\tNormal logged activity\tFile read in workspace\nLOW\t🟢\tMinor deviation\tSlightly elevated API calls\nMEDIUM\t🟡\tNotable anomaly\tAccess to .env file\nHIGH\t🟠\tPotential threat\tBulk credential access\nCRITICAL\t🔴\tImmediate action needed\tData exfiltration pattern\nIntegration Points\nWith Clawdbot\nReceives file/API operation hooks\nSends alerts via configured channels\nIntegrates with heartbeat for periodic checks\nWith Other Skills\nShares threat data with other security skills\nCan block operations (if configured)\nProvides audit logs for compliance skills\nData Storage\n~/.agentguard/\n├── logs/\n│ ├── file_access/\n│ ├── api_calls/\n│ └── communications/\n├── baselines/\n│ └── behavior_model.json\n├── alerts/\n│ └── YYYY-MM-DD.json\n└── reports/\n └── YYYY-MM-DD_report.md\n\nPrivacy & Security\nNo external data transmission - All processing is local\nSensitive data hashing - Credentials are never logged in plain text\nConfigurable retention - Auto-delete old logs\nEncrypted storage - Optional AES encryption for logs\nTroubleshooting\nHigh false positive rate\n\n→ Increase baseline learning period or reduce sensitivity\n\nMissing file events\n\n→ Check file_watch_dirs config covers target directories\n\nReports not generating\n\n→ Verify report_time format and timezone settings\n\nExecution Scripts\nScript\tPurpose\nexecution/monitor.py\tCore monitoring daemon\nexecution/detector.py\tAnomaly detection engine\nexecution/logger.py\tStructured logging handler\nexecution/alerter.py\tAlert dispatch system\nexecution/reporter.py\tReport generation\nAuthor Notes\n\nAgentGuard is designed with defense-in-depth principles. It assumes agents can be compromised or manipulated, and provides visibility into their operations.\n\nFor maximum security, run AgentGuard in a separate process with limited write access to prevent a compromised agent from disabling monitoring." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/manas-io-ai/agentguard", "publisherUrl": "https://clawhub.ai/manas-io-ai/agentguard", "owner": "manas-io-ai", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agentguard", "downloadUrl": "https://openagent3.xyz/downloads/agentguard", "agentUrl": "https://openagent3.xyz/skills/agentguard/agent", "manifestUrl": "https://openagent3.xyz/skills/agentguard/agent.json", "briefUrl": "https://openagent3.xyz/skills/agentguard/agent.md" } }