Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Communication & Collaboration
Threat Radar
Continuously scans Docker images, dependencies, network ports, SSL/TLS, and OpenClaw config for CVEs; alerts via WhatsApp, Telegram, or Discord.
skill openclawclawhub Free
Continuously scans Docker images, dependencies, network ports, SSL/TLS, and OpenClaw config for CVEs; alerts via WhatsApp, Telegram, or Discord.
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md, threat_radar.py
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.0
Provenance
- Publisher
- mariusfit
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
threat-radar โ Continuous Security Scanning & CVE Alerting
Version: 1.0.0 Category: Security Type: Monitoring + Alerting Published: February 24, 2026
What It Does
Continuous security posture monitoring that scans your running services, Docker images, and software dependencies for known CVEs. Alerts you via WhatsApp/Telegram/Discord when new vulnerabilities affect your stack. No external services required โ runs entirely within OpenClaw using public CVE feeds.
Security Scanning
Docker image vulnerability scanning โ trivy-style CVE detection for your container images Dependency auditing โ npm, pip, cargo lockfile analysis for known vulnerabilities Port discovery โ identifies exposed services on your local network SSL/TLS grading โ evaluates certificate validity and security config OpenClaw config security โ checks your OpenClaw setup against best practices Exposed service detection โ flags accidentally public services
CVE Monitoring
Automatic CVE feeds โ pulls from NVD (National Vulnerability Database) and GitHub Advisories Track your versions โ matches CVEs to YOUR installed software versions Severity-based alerting โ CRITICAL immediately, HIGH in daily digest, LOW weekly summary Recovery tracking โ knows when you patch and closes alerts
Reporting
Weekly security digest โ Canvas dashboard or markdown report Trend tracking โ is your security posture improving? Remediation suggestions โ actionable fixes per finding CWE references โ understand the vulnerability class
Scanning
threat-radar scan # Full security scan now threat-radar scan --docker # Docker images only threat-radar scan --deps <path> # Dependency audit (npm/pip/cargo) threat-radar scan --ports # Port scan (local network) threat-radar scan --ssl <domain> # SSL certificate check threat-radar scan --openclaw # OpenClaw config check threat-radar scan --exposed # Check for accidentally public services
CVE Tracking
threat-radar cves # Show CVEs affecting your stack threat-radar cves --critical # Only CRITICAL severity threat-radar cves --since <days> # New CVEs in last N days threat-radar watch <software> <v> # Track specific software version threat-radar unwatch <software> # Stop tracking threat-radar watches # List all watched software
Reporting
threat-radar report # Generate full security report threat-radar report --period=week # Weekly summary threat-radar report --period=month # Monthly summary threat-radar status # Quick security status threat-radar history # View past scans threat-radar trends # Posture improvement tracking
Management
threat-radar init # Initialize threat-radar threat-radar config show # Show current configuration threat-radar config update # Update scan settings threat-radar cron-install # Set up scheduled daily scans + CVE checks threat-radar cron-remove # Remove scheduled scans threat-radar data-refresh # Force CVE database refresh
Output
All commands support: --json โ machine-readable JSON output --csv โ comma-separated for spreadsheet import --md โ markdown for reports --no-color โ plain text (useful for logs)
Initial Setup
$ threat-radar init โ Initialized threat-radar โ Created ~/.openclaw/workspace/monitoring/threat-radar/ โ Pulled CVE databases (NVD: 245,891 entries, GitHub: 14,329 advisories) โ Scanned Docker images: 3 images, 0 vulnerabilities found โ Scanned dependencies: npm 487 packages, pip 89 packages โ 2 warnings โ Security score: 87/100 Ready to scan. Try: threat-radar scan --docker
Full Security Scan
$ threat-radar scan Scanning security posture... [DOCKER IMAGES] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ openclaw-agent:latest 0 CVEs โ Clean postgres:15 2 CVEs โ Medium (libc, OpenSSL) redis:latest 0 CVEs โ Clean [DEPENDENCIES] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ npm (workspace root) 3 CVEs โ 1 High, 2 Medium - lodash@4.17.19 CVE-2021-23337 (High: Prototype pollution) - axios@0.21.0 CVE-2021-41773 (Medium: XXE in parser) - ws@7.4.0 CVE-2021-32640 (Medium: Buffer overflow) [PORTS] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ 192.168.1.50:80 (nginx) โ Private network 192.168.1.50:443 (nginx) โ Private network 10.10.10.230:6379 (redis) โ Private network [SSL/TLS] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ openclaw.local Grade A Valid until Jun 24, 2026 โ example.com Grade B Warning: no HSTS header [OPENCLAW CONFIG] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ agentToAgent permissions โ Restricted (not [*]) Credential file permissions โ 600 (not world-readable) Memory file permissions โ 600 Gateway auth enabled โ Yes Sandbox restrictions โ exec-sandbox: false (accepted risk) [EXPOSED SERVICES] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ 0 accidentally public services found โ SUMMARY โโโโโโ Security Score: 82/100 (down 5 points from 87 on 2026-02-23) Critical CVEs: 0 High CVEs: 1 (lodash) Medium CVEs: 4 (axios, ws, libc, OpenSSL) Low CVEs: 2 Estimated fix time: 2 hours (update npm packages) Next scan: 2026-02-25 09:00 UTC (via cron)
CVE Tracking
$ threat-radar cves --critical Critical vulnerabilities affecting your stack: None currently. Your environment is clean at this severity level. $ threat-radar cves CVEs affecting your stack: [HIGH] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ CVE-2021-23337 (lodash) Package: lodash 4.17.19 Component: Prototype pollution Fix: upgrade to 4.17.21 (available now) Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-23337 Status: UNFIXED (discovered 5 days ago) [MEDIUM] โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ CVE-2021-41773 (axios) Package: axios 0.21.0 Component: XXE in parameter parser Fix: upgrade to 0.27.0+ (available now) Status: UNFIXED (discovered 3 days ago) CVE-2021-32640 (ws) Package: ws 7.4.0 Component: Buffer overflow in frame parsing Fix: upgrade to 8.0.0+ (available now) Status: UNFIXED CVE-2023-4807 (libc - in postgres:15 image) Component: Memory corruption in glibc malloc Fix: Rebuild image from postgres:15-alpine (fixed base image) Status: UNFIXED (image vulnerability) CVE-2024-1086 (OpenSSL - in postgres:15 image) Component: Key recovery in RSA operations Fix: Update Dockerfile to postgres:16 (has patch) Status: UNFIXED (image vulnerability) View details: threat-radar cves <CVE-ID> Set alert threshold: threat-radar config update --alert-level=medium
Weekly Report
$ threat-radar report --period=week โโ SECURITY POSTURE REPORT (Feb 18 - Feb 24, 2026) โโโโโโโโโโโโโโโโโโโโโโ โ โ โ Overall Score: 82/100 (was 85/100 on Feb 17) โ โ โ โ Metrics โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ Critical CVEs: 0 (โ 0) โ โ High CVEs: 1 (โ 1, new: lodash) โ โ Medium CVEs: 4 (โ 4) โ โ Low CVEs: 2 (โ 1, patched: urllib3) โ โ Unfixed vulnerabilities: 7 (โ 2) โ โ Average fix time: 1.8 hours (was 1.2) โ โ โ โ Trend Analysis โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ Feb 17 (85/100) โ Feb 18 (83/100) โ Feb 19 (82/100) โ Feb 24 โ โ โ Declining trend: +2 new CVEs found, zero patches applied โ โ โ โ Action Items โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ 1. npm audit fix โ 3 packages, 15 min โ โ 2. Update postgres:15 โ rebuild from latest, 10 min โ โ 3. Review HSTS config โ grade B on example.com โ โ โ โ Docker Images (3 scanned) โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ openclaw-agent:latest โ 0 CVEs โ โ postgres:15 โ 2 CVEs (libc, OpenSSL) โ โ redis:latest โ 0 CVEs โ โ โ โ Dependencies (npm + pip) โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ npm (workspace root) โ 3 High + Medium CVEs โ โ lodash, axios, ws โ โ pip (python deps) โ 0 CVEs โ โ โ โ Port Security (7 ports) โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ All ports on private network (10.0.0.0/8, 192.168.0.0/16) โ โ โ โ โ Next Actions โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โก Run: npm audit fix โ โ โก Update base images: postgres:16 or postgres:15-alpine โ โ โก Run: threat-radar scan (verify fixes) โ โ โ โ Alert Settings โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ Critical: Alert immediately via WhatsApp โ โ High: Daily digest (at 09:00 UTC) โ โ Medium: Weekly report โ โ Low: Suppress (monthly audit only) โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ To apply remediations: threat-radar remediate --auto-npm To stop alerts: threat-radar config update --alert-level=critical
Scheduled Scanning
$ threat-radar cron-install โ Installed daily security scan (09:00 UTC) โ Installed CVE feed refresh (every 6 hours) โ Installed weekly report (Monday 08:00 UTC) โ WhatsApp alerts: CRITICAL (immediate), HIGH (daily digest) Cron schedule: - threat-radar scan โ daily 09:00 UTC - threat-radar data-refresh โ every 6h (00:00, 06:00, 12:00, 18:00 UTC) - threat-radar report โ Monday 08:00 UTC View logs: threat-radar logs [--tail=50]
Installation
clawhub install threat-radar
Configuration
Threat-radar stores config in ~/.openclaw/workspace/monitoring/threat-radar/config.json: { "scan_paths": { "docker_images": true, "dependencies": ["npm", "pip"], "ports": true, "ssl_domains": ["example.com", "openclaw.local"], "openclaw_check": true, "exposed_scan": true }, "alerts": { "critical": "immediate", "high": "daily_digest", "medium": "weekly", "low": "suppress" }, "cve_feeds": ["nvd", "github"], "max_age_days": 30, "local_network_cidrs": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"], "ignored_cves": [], "watched_software": {} } Edit with: threat-radar config update
How It Works
Initialization โ Downloads latest CVE databases from NVD + GitHub Advisories (~500KB) Scanning โ Runs 7 security checks in parallel: Docker image analysis (hashes vs CVE DB) Dependency file parsing (npm/pip/cargo) โ version extraction Port scan (local network only, non-invasive) SSL cert validation Service exposure check (looks for :80, :443, :8080, etc. on public IPs) OpenClaw config audit CVE Matching โ Compares detected versions against CVE database Alerting โ Dispatches alerts based on severity + cooldown History โ Stores scan results in SQLite (trend analysis) Performance: Full scan ~30 seconds. CVE refresh ~10 seconds. Optimized for homelab scale.
Integration with Other Skills
With infra-watchdog โ threat-radar feeds security events into watchdog alerts With ops-journal โ CVE findings auto-logged for incident correlation With daily-maintenance.sh โ integrated as Phase 8 (security scanning)
Security Notes
Offline mode โ scans work without internet after initial CVE download No credential exposure โ never scans credentials (security-hardener handles that) Local network only โ port scanning stays within your private networks Privacy โ no data sent external except NVD API calls (CVE checking)
Troubleshooting
Q: "CVE database outdated" warning A: Run threat-radar data-refresh to pull latest feeds Q: Scan is slow A: Disable slow checks: threat-radar config update --skip-ports Q: Too many alerts A: Adjust severity: threat-radar config update --alert-level=high Q: False positive CVE A: Mark as accepted risk: threat-radar ignore CVE-XXXX-XXXXX
What's Next
Real-time CVE feed (when a new vulnerability drops affecting you, know in minutes) Remediation automation (auto-file PRs to update dependencies) Integration with vulnerability scanners (nessus, qualys API)
Support
For issues: Check ~/.openclaw/workspace/monitoring/threat-radar/threat-radar.log threat-radar logs --tail=100 threat-radar logs --follow # Real-time logging Built for OpenClaw agents running homelab infrastructure.
Category context
Messaging, meetings, inboxes, CRM, and teammate communication surfaces.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
1 Docs1 Scripts
- SKILL.md
- threat_radar.py