{ "schemaVersion": "1.0", "item": { "slug": "threat-radar", "name": "Threat Radar", "source": "tencent", "type": "skill", "category": "通讯协作", "sourceUrl": "https://clawhub.ai/mariusfit/threat-radar", "canonicalUrl": "https://clawhub.ai/mariusfit/threat-radar", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/threat-radar", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=threat-radar", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "threat_radar.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/threat-radar" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/threat-radar", "agentPageUrl": "https://openagent3.xyz/skills/threat-radar/agent", "manifestUrl": "https://openagent3.xyz/skills/threat-radar/agent.json", "briefUrl": "https://openagent3.xyz/skills/threat-radar/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "threat-radar — Continuous Security Scanning & CVE Alerting", "body": "Version: 1.0.0\nCategory: Security\nType: Monitoring + Alerting\nPublished: February 24, 2026" }, { "title": "What It Does", "body": "Continuous security posture monitoring that scans your running services, Docker images, and software dependencies for known CVEs. Alerts you via WhatsApp/Telegram/Discord when new vulnerabilities affect your stack.\n\nNo external services required — runs entirely within OpenClaw using public CVE feeds." }, { "title": "Security Scanning", "body": "Docker image vulnerability scanning — trivy-style CVE detection for your container images\nDependency auditing — npm, pip, cargo lockfile analysis for known vulnerabilities\nPort discovery — identifies exposed services on your local network\nSSL/TLS grading — evaluates certificate validity and security config\nOpenClaw config security — checks your OpenClaw setup against best practices\nExposed service detection — flags accidentally public services" }, { "title": "CVE Monitoring", "body": "Automatic CVE feeds — pulls from NVD (National Vulnerability Database) and GitHub Advisories\nTrack your versions — matches CVEs to YOUR installed software versions\nSeverity-based alerting — CRITICAL immediately, HIGH in daily digest, LOW weekly summary\nRecovery tracking — knows when you patch and closes alerts" }, { "title": "Reporting", "body": "Weekly security digest — Canvas dashboard or markdown report\nTrend tracking — is your security posture improving?\nRemediation suggestions — actionable fixes per finding\nCWE references — understand the vulnerability class" }, { "title": "Scanning", "body": "threat-radar scan # Full security scan now\nthreat-radar scan --docker # Docker images only\nthreat-radar scan --deps # Dependency audit (npm/pip/cargo)\nthreat-radar scan --ports # Port scan (local network)\nthreat-radar scan --ssl # SSL certificate check\nthreat-radar scan --openclaw # OpenClaw config check\nthreat-radar scan --exposed # Check for accidentally public services" }, { "title": "CVE Tracking", "body": "threat-radar cves # Show CVEs affecting your stack\nthreat-radar cves --critical # Only CRITICAL severity\nthreat-radar cves --since # New CVEs in last N days\nthreat-radar watch # Track specific software version\nthreat-radar unwatch # Stop tracking\nthreat-radar watches # List all watched software" }, { "title": "Reporting", "body": "threat-radar report # Generate full security report\nthreat-radar report --period=week # Weekly summary\nthreat-radar report --period=month # Monthly summary\nthreat-radar status # Quick security status\nthreat-radar history # View past scans\nthreat-radar trends # Posture improvement tracking" }, { "title": "Management", "body": "threat-radar init # Initialize threat-radar\nthreat-radar config show # Show current configuration\nthreat-radar config update # Update scan settings\nthreat-radar cron-install # Set up scheduled daily scans + CVE checks\nthreat-radar cron-remove # Remove scheduled scans\nthreat-radar data-refresh # Force CVE database refresh" }, { "title": "Output", "body": "All commands support:\n\n--json — machine-readable JSON output\n--csv — comma-separated for spreadsheet import\n--md — markdown for reports\n--no-color — plain text (useful for logs)" }, { "title": "Initial Setup", "body": "$ threat-radar init\n✓ Initialized threat-radar\n✓ Created ~/.openclaw/workspace/monitoring/threat-radar/\n✓ Pulled CVE databases (NVD: 245,891 entries, GitHub: 14,329 advisories)\n✓ Scanned Docker images: 3 images, 0 vulnerabilities found\n✓ Scanned dependencies: npm 487 packages, pip 89 packages — 2 warnings\n✓ Security score: 87/100\n\nReady to scan. Try: threat-radar scan --docker" }, { "title": "Full Security Scan", "body": "$ threat-radar scan\nScanning security posture...\n\n[DOCKER IMAGES] ─────────────────────────────────────────\n openclaw-agent:latest 0 CVEs ✓ Clean\n postgres:15 2 CVEs ⚠ Medium (libc, OpenSSL)\n redis:latest 0 CVEs ✓ Clean\n\n[DEPENDENCIES] ──────────────────────────────────────────\n npm (workspace root) 3 CVEs ⚠ 1 High, 2 Medium\n - lodash@4.17.19 CVE-2021-23337 (High: Prototype pollution)\n - axios@0.21.0 CVE-2021-41773 (Medium: XXE in parser)\n - ws@7.4.0 CVE-2021-32640 (Medium: Buffer overflow)\n\n[PORTS] ──────────────────────────────────────────────────\n 192.168.1.50:80 (nginx) ✓ Private network\n 192.168.1.50:443 (nginx) ✓ Private network\n 10.10.10.230:6379 (redis) ✓ Private network\n\n[SSL/TLS] ────────────────────────────────────────────────\n openclaw.local Grade A Valid until Jun 24, 2026 ✓\n example.com Grade B Warning: no HSTS header\n\n[OPENCLAW CONFIG] ────────────────────────────────────────\n agentToAgent permissions ✓ Restricted (not [*])\n Credential file permissions ✓ 600 (not world-readable)\n Memory file permissions ✓ 600\n Gateway auth enabled ✓ Yes\n Sandbox restrictions ⚠ exec-sandbox: false (accepted risk)\n\n[EXPOSED SERVICES] ───────────────────────────────────────\n 0 accidentally public services found ✓\n\nSUMMARY\n──────\nSecurity Score: 82/100 (down 5 points from 87 on 2026-02-23)\nCritical CVEs: 0\nHigh CVEs: 1 (lodash)\nMedium CVEs: 4 (axios, ws, libc, OpenSSL)\nLow CVEs: 2\nEstimated fix time: 2 hours (update npm packages)\n\nNext scan: 2026-02-25 09:00 UTC (via cron)" }, { "title": "CVE Tracking", "body": "$ threat-radar cves --critical\nCritical vulnerabilities affecting your stack:\n\nNone currently. Your environment is clean at this severity level.\n\n$ threat-radar cves\nCVEs affecting your stack:\n\n[HIGH] ──────────────────────────────────────────────────\n CVE-2021-23337 (lodash)\n Package: lodash 4.17.19\n Component: Prototype pollution\n Fix: upgrade to 4.17.21 (available now)\n Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-23337\n Status: UNFIXED (discovered 5 days ago)\n\n[MEDIUM] ────────────────────────────────────────────────\n CVE-2021-41773 (axios)\n Package: axios 0.21.0\n Component: XXE in parameter parser\n Fix: upgrade to 0.27.0+ (available now)\n Status: UNFIXED (discovered 3 days ago)\n\n CVE-2021-32640 (ws)\n Package: ws 7.4.0\n Component: Buffer overflow in frame parsing\n Fix: upgrade to 8.0.0+ (available now)\n Status: UNFIXED\n\n CVE-2023-4807 (libc - in postgres:15 image)\n Component: Memory corruption in glibc malloc\n Fix: Rebuild image from postgres:15-alpine (fixed base image)\n Status: UNFIXED (image vulnerability)\n\n CVE-2024-1086 (OpenSSL - in postgres:15 image)\n Component: Key recovery in RSA operations\n Fix: Update Dockerfile to postgres:16 (has patch)\n Status: UNFIXED (image vulnerability)\n\nView details: threat-radar cves \nSet alert threshold: threat-radar config update --alert-level=medium" }, { "title": "Weekly Report", "body": "$ threat-radar report --period=week\n┌─ SECURITY POSTURE REPORT (Feb 18 - Feb 24, 2026) ─────────────────────┐\n│ │\n│ Overall Score: 82/100 (was 85/100 on Feb 17) │\n│ │\n│ Metrics ──────────────────────────────────────────────────────────── │\n│ Critical CVEs: 0 (↓ 0) │\n│ High CVEs: 1 (↑ 1, new: lodash) │\n│ Medium CVEs: 4 (↔ 4) │\n│ Low CVEs: 2 (↓ 1, patched: urllib3) │\n│ Unfixed vulnerabilities: 7 (↑ 2) │\n│ Average fix time: 1.8 hours (was 1.2) │\n│ │\n│ Trend Analysis ───────────────────────────────────────────────────── │\n│ Feb 17 (85/100) ↓ Feb 18 (83/100) ↓ Feb 19 (82/100) ↔ Feb 24 │\n│ ⚠ Declining trend: +2 new CVEs found, zero patches applied │\n│ │\n│ Action Items ──────────────────────────────────────────────────────── │\n│ 1. npm audit fix — 3 packages, 15 min │\n│ 2. Update postgres:15 — rebuild from latest, 10 min │\n│ 3. Review HSTS config — grade B on example.com │\n│ │\n│ Docker Images (3 scanned) ────────────────────────────────────────── │\n│ openclaw-agent:latest ✓ 0 CVEs │\n│ postgres:15 ⚠ 2 CVEs (libc, OpenSSL) │\n│ redis:latest ✓ 0 CVEs │\n│ │\n│ Dependencies (npm + pip) ──────────────────────────────────────────── │\n│ npm (workspace root) ⚠ 3 High + Medium CVEs │\n│ lodash, axios, ws │\n│ pip (python deps) ✓ 0 CVEs │\n│ │\n│ Port Security (7 ports) ──────────────────────────────────────────── │\n│ All ports on private network (10.0.0.0/8, 192.168.0.0/16) ✓ │\n│ │\n│ Next Actions ──────────────────────────────────────────────────────── │\n│ □ Run: npm audit fix │\n│ □ Update base images: postgres:16 or postgres:15-alpine │\n│ □ Run: threat-radar scan (verify fixes) │\n│ │\n│ Alert Settings ────────────────────────────────────────────────────── │\n│ Critical: Alert immediately via WhatsApp │\n│ High: Daily digest (at 09:00 UTC) │\n│ Medium: Weekly report │\n│ Low: Suppress (monthly audit only) │\n│ │\n└─────────────────────────────────────────────────────────────────────────┘\n\nTo apply remediations: threat-radar remediate --auto-npm\nTo stop alerts: threat-radar config update --alert-level=critical" }, { "title": "Scheduled Scanning", "body": "$ threat-radar cron-install\n✓ Installed daily security scan (09:00 UTC)\n✓ Installed CVE feed refresh (every 6 hours)\n✓ Installed weekly report (Monday 08:00 UTC)\n✓ WhatsApp alerts: CRITICAL (immediate), HIGH (daily digest)\n\nCron schedule:\n - threat-radar scan → daily 09:00 UTC\n - threat-radar data-refresh → every 6h (00:00, 06:00, 12:00, 18:00 UTC)\n - threat-radar report → Monday 08:00 UTC\n\nView logs: threat-radar logs [--tail=50]" }, { "title": "Installation", "body": "clawhub install threat-radar" }, { "title": "Configuration", "body": "Threat-radar stores config in ~/.openclaw/workspace/monitoring/threat-radar/config.json:\n\n{\n \"scan_paths\": {\n \"docker_images\": true,\n \"dependencies\": [\"npm\", \"pip\"],\n \"ports\": true,\n \"ssl_domains\": [\"example.com\", \"openclaw.local\"],\n \"openclaw_check\": true,\n \"exposed_scan\": true\n },\n \"alerts\": {\n \"critical\": \"immediate\",\n \"high\": \"daily_digest\",\n \"medium\": \"weekly\",\n \"low\": \"suppress\"\n },\n \"cve_feeds\": [\"nvd\", \"github\"],\n \"max_age_days\": 30,\n \"local_network_cidrs\": [\"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"],\n \"ignored_cves\": [],\n \"watched_software\": {}\n}\n\nEdit with: threat-radar config update" }, { "title": "How It Works", "body": "Initialization — Downloads latest CVE databases from NVD + GitHub Advisories (~500KB)\nScanning — Runs 7 security checks in parallel:\n\nDocker image analysis (hashes vs CVE DB)\nDependency file parsing (npm/pip/cargo) → version extraction\nPort scan (local network only, non-invasive)\nSSL cert validation\nService exposure check (looks for :80, :443, :8080, etc. on public IPs)\nOpenClaw config audit\n\n\nCVE Matching — Compares detected versions against CVE database\nAlerting — Dispatches alerts based on severity + cooldown\nHistory — Stores scan results in SQLite (trend analysis)\n\nPerformance: Full scan ~30 seconds. CVE refresh ~10 seconds. Optimized for homelab scale." }, { "title": "Integration with Other Skills", "body": "With infra-watchdog — threat-radar feeds security events into watchdog alerts\nWith ops-journal — CVE findings auto-logged for incident correlation\nWith daily-maintenance.sh — integrated as Phase 8 (security scanning)" }, { "title": "Security Notes", "body": "Offline mode — scans work without internet after initial CVE download\nNo credential exposure — never scans credentials (security-hardener handles that)\nLocal network only — port scanning stays within your private networks\nPrivacy — no data sent external except NVD API calls (CVE checking)" }, { "title": "Troubleshooting", "body": "Q: \"CVE database outdated\" warning\nA: Run threat-radar data-refresh to pull latest feeds\n\nQ: Scan is slow\nA: Disable slow checks: threat-radar config update --skip-ports\n\nQ: Too many alerts\nA: Adjust severity: threat-radar config update --alert-level=high\n\nQ: False positive CVE\nA: Mark as accepted risk: threat-radar ignore CVE-XXXX-XXXXX" }, { "title": "What's Next", "body": "Real-time CVE feed (when a new vulnerability drops affecting you, know in minutes)\nRemediation automation (auto-file PRs to update dependencies)\nIntegration with vulnerability scanners (nessus, qualys API)" }, { "title": "Support", "body": "For issues: Check ~/.openclaw/workspace/monitoring/threat-radar/threat-radar.log\n\nthreat-radar logs --tail=100\nthreat-radar logs --follow # Real-time logging\n\nBuilt for OpenClaw agents running homelab infrastructure." } ], "body": "threat-radar — Continuous Security Scanning & CVE Alerting\n\nVersion: 1.0.0\nCategory: Security\nType: Monitoring + Alerting\nPublished: February 24, 2026\n\nWhat It Does\n\nContinuous security posture monitoring that scans your running services, Docker images, and software dependencies for known CVEs. Alerts you via WhatsApp/Telegram/Discord when new vulnerabilities affect your stack.\n\nNo external services required — runs entirely within OpenClaw using public CVE feeds.\n\nFeatures\nSecurity Scanning\nDocker image vulnerability scanning — trivy-style CVE detection for your container images\nDependency auditing — npm, pip, cargo lockfile analysis for known vulnerabilities\nPort discovery — identifies exposed services on your local network\nSSL/TLS grading — evaluates certificate validity and security config\nOpenClaw config security — checks your OpenClaw setup against best practices\nExposed service detection — flags accidentally public services\nCVE Monitoring\nAutomatic CVE feeds — pulls from NVD (National Vulnerability Database) and GitHub Advisories\nTrack your versions — matches CVEs to YOUR installed software versions\nSeverity-based alerting — CRITICAL immediately, HIGH in daily digest, LOW weekly summary\nRecovery tracking — knows when you patch and closes alerts\nReporting\nWeekly security digest — Canvas dashboard or markdown report\nTrend tracking — is your security posture improving?\nRemediation suggestions — actionable fixes per finding\nCWE references — understand the vulnerability class\nCommands\nScanning\nthreat-radar scan # Full security scan now\nthreat-radar scan --docker # Docker images only\nthreat-radar scan --deps # Dependency audit (npm/pip/cargo)\nthreat-radar scan --ports # Port scan (local network)\nthreat-radar scan --ssl # SSL certificate check\nthreat-radar scan --openclaw # OpenClaw config check\nthreat-radar scan --exposed # Check for accidentally public services\n\nCVE Tracking\nthreat-radar cves # Show CVEs affecting your stack\nthreat-radar cves --critical # Only CRITICAL severity\nthreat-radar cves --since # New CVEs in last N days\nthreat-radar watch # Track specific software version\nthreat-radar unwatch # Stop tracking\nthreat-radar watches # List all watched software\n\nReporting\nthreat-radar report # Generate full security report\nthreat-radar report --period=week # Weekly summary\nthreat-radar report --period=month # Monthly summary\nthreat-radar status # Quick security status\nthreat-radar history # View past scans\nthreat-radar trends # Posture improvement tracking\n\nManagement\nthreat-radar init # Initialize threat-radar\nthreat-radar config show # Show current configuration\nthreat-radar config update # Update scan settings\nthreat-radar cron-install # Set up scheduled daily scans + CVE checks\nthreat-radar cron-remove # Remove scheduled scans\nthreat-radar data-refresh # Force CVE database refresh\n\nOutput\n\nAll commands support:\n\n--json — machine-readable JSON output\n--csv — comma-separated for spreadsheet import\n--md — markdown for reports\n--no-color — plain text (useful for logs)\nExample Usage\nInitial Setup\n$ threat-radar init\n✓ Initialized threat-radar\n✓ Created ~/.openclaw/workspace/monitoring/threat-radar/\n✓ Pulled CVE databases (NVD: 245,891 entries, GitHub: 14,329 advisories)\n✓ Scanned Docker images: 3 images, 0 vulnerabilities found\n✓ Scanned dependencies: npm 487 packages, pip 89 packages — 2 warnings\n✓ Security score: 87/100\n\nReady to scan. Try: threat-radar scan --docker\n\nFull Security Scan\n$ threat-radar scan\nScanning security posture...\n\n[DOCKER IMAGES] ─────────────────────────────────────────\n openclaw-agent:latest 0 CVEs ✓ Clean\n postgres:15 2 CVEs ⚠ Medium (libc, OpenSSL)\n redis:latest 0 CVEs ✓ Clean\n\n[DEPENDENCIES] ──────────────────────────────────────────\n npm (workspace root) 3 CVEs ⚠ 1 High, 2 Medium\n - lodash@4.17.19 CVE-2021-23337 (High: Prototype pollution)\n - axios@0.21.0 CVE-2021-41773 (Medium: XXE in parser)\n - ws@7.4.0 CVE-2021-32640 (Medium: Buffer overflow)\n\n[PORTS] ──────────────────────────────────────────────────\n 192.168.1.50:80 (nginx) ✓ Private network\n 192.168.1.50:443 (nginx) ✓ Private network\n 10.10.10.230:6379 (redis) ✓ Private network\n\n[SSL/TLS] ────────────────────────────────────────────────\n openclaw.local Grade A Valid until Jun 24, 2026 ✓\n example.com Grade B Warning: no HSTS header\n\n[OPENCLAW CONFIG] ────────────────────────────────────────\n agentToAgent permissions ✓ Restricted (not [*])\n Credential file permissions ✓ 600 (not world-readable)\n Memory file permissions ✓ 600\n Gateway auth enabled ✓ Yes\n Sandbox restrictions ⚠ exec-sandbox: false (accepted risk)\n\n[EXPOSED SERVICES] ───────────────────────────────────────\n 0 accidentally public services found ✓\n\nSUMMARY\n──────\nSecurity Score: 82/100 (down 5 points from 87 on 2026-02-23)\nCritical CVEs: 0\nHigh CVEs: 1 (lodash)\nMedium CVEs: 4 (axios, ws, libc, OpenSSL)\nLow CVEs: 2\nEstimated fix time: 2 hours (update npm packages)\n\nNext scan: 2026-02-25 09:00 UTC (via cron)\n\nCVE Tracking\n$ threat-radar cves --critical\nCritical vulnerabilities affecting your stack:\n\nNone currently. Your environment is clean at this severity level.\n\n$ threat-radar cves\nCVEs affecting your stack:\n\n[HIGH] ──────────────────────────────────────────────────\n CVE-2021-23337 (lodash)\n Package: lodash 4.17.19\n Component: Prototype pollution\n Fix: upgrade to 4.17.21 (available now)\n Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-23337\n Status: UNFIXED (discovered 5 days ago)\n\n[MEDIUM] ────────────────────────────────────────────────\n CVE-2021-41773 (axios)\n Package: axios 0.21.0\n Component: XXE in parameter parser\n Fix: upgrade to 0.27.0+ (available now)\n Status: UNFIXED (discovered 3 days ago)\n\n CVE-2021-32640 (ws)\n Package: ws 7.4.0\n Component: Buffer overflow in frame parsing\n Fix: upgrade to 8.0.0+ (available now)\n Status: UNFIXED\n\n CVE-2023-4807 (libc - in postgres:15 image)\n Component: Memory corruption in glibc malloc\n Fix: Rebuild image from postgres:15-alpine (fixed base image)\n Status: UNFIXED (image vulnerability)\n\n CVE-2024-1086 (OpenSSL - in postgres:15 image)\n Component: Key recovery in RSA operations\n Fix: Update Dockerfile to postgres:16 (has patch)\n Status: UNFIXED (image vulnerability)\n\nView details: threat-radar cves \nSet alert threshold: threat-radar config update --alert-level=medium\n\nWeekly Report\n$ threat-radar report --period=week\n┌─ SECURITY POSTURE REPORT (Feb 18 - Feb 24, 2026) ─────────────────────┐\n│ │\n│ Overall Score: 82/100 (was 85/100 on Feb 17) │\n│ │\n│ Metrics ──────────────────────────────────────────────────────────── │\n│ Critical CVEs: 0 (↓ 0) │\n│ High CVEs: 1 (↑ 1, new: lodash) │\n│ Medium CVEs: 4 (↔ 4) │\n│ Low CVEs: 2 (↓ 1, patched: urllib3) │\n│ Unfixed vulnerabilities: 7 (↑ 2) │\n│ Average fix time: 1.8 hours (was 1.2) │\n│ │\n│ Trend Analysis ───────────────────────────────────────────────────── │\n│ Feb 17 (85/100) ↓ Feb 18 (83/100) ↓ Feb 19 (82/100) ↔ Feb 24 │\n│ ⚠ Declining trend: +2 new CVEs found, zero patches applied │\n│ │\n│ Action Items ──────────────────────────────────────────────────────── │\n│ 1. npm audit fix — 3 packages, 15 min │\n│ 2. Update postgres:15 — rebuild from latest, 10 min │\n│ 3. Review HSTS config — grade B on example.com │\n│ │\n│ Docker Images (3 scanned) ────────────────────────────────────────── │\n│ openclaw-agent:latest ✓ 0 CVEs │\n│ postgres:15 ⚠ 2 CVEs (libc, OpenSSL) │\n│ redis:latest ✓ 0 CVEs │\n│ │\n│ Dependencies (npm + pip) ──────────────────────────────────────────── │\n│ npm (workspace root) ⚠ 3 High + Medium CVEs │\n│ lodash, axios, ws │\n│ pip (python deps) ✓ 0 CVEs │\n│ │\n│ Port Security (7 ports) ──────────────────────────────────────────── │\n│ All ports on private network (10.0.0.0/8, 192.168.0.0/16) ✓ │\n│ │\n│ Next Actions ──────────────────────────────────────────────────────── │\n│ □ Run: npm audit fix │\n│ □ Update base images: postgres:16 or postgres:15-alpine │\n│ □ Run: threat-radar scan (verify fixes) │\n│ │\n│ Alert Settings ────────────────────────────────────────────────────── │\n│ Critical: Alert immediately via WhatsApp │\n│ High: Daily digest (at 09:00 UTC) │\n│ Medium: Weekly report │\n│ Low: Suppress (monthly audit only) │\n│ │\n└─────────────────────────────────────────────────────────────────────────┘\n\nTo apply remediations: threat-radar remediate --auto-npm\nTo stop alerts: threat-radar config update --alert-level=critical\n\nScheduled Scanning\n$ threat-radar cron-install\n✓ Installed daily security scan (09:00 UTC)\n✓ Installed CVE feed refresh (every 6 hours)\n✓ Installed weekly report (Monday 08:00 UTC)\n✓ WhatsApp alerts: CRITICAL (immediate), HIGH (daily digest)\n\nCron schedule:\n - threat-radar scan → daily 09:00 UTC\n - threat-radar data-refresh → every 6h (00:00, 06:00, 12:00, 18:00 UTC)\n - threat-radar report → Monday 08:00 UTC\n\nView logs: threat-radar logs [--tail=50]\n\nInstallation\nclawhub install threat-radar\n\nConfiguration\n\nThreat-radar stores config in ~/.openclaw/workspace/monitoring/threat-radar/config.json:\n\n{\n \"scan_paths\": {\n \"docker_images\": true,\n \"dependencies\": [\"npm\", \"pip\"],\n \"ports\": true,\n \"ssl_domains\": [\"example.com\", \"openclaw.local\"],\n \"openclaw_check\": true,\n \"exposed_scan\": true\n },\n \"alerts\": {\n \"critical\": \"immediate\",\n \"high\": \"daily_digest\",\n \"medium\": \"weekly\",\n \"low\": \"suppress\"\n },\n \"cve_feeds\": [\"nvd\", \"github\"],\n \"max_age_days\": 30,\n \"local_network_cidrs\": [\"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"],\n \"ignored_cves\": [],\n \"watched_software\": {}\n}\n\n\nEdit with: threat-radar config update\n\nHow It Works\nInitialization — Downloads latest CVE databases from NVD + GitHub Advisories (~500KB)\nScanning — Runs 7 security checks in parallel:\nDocker image analysis (hashes vs CVE DB)\nDependency file parsing (npm/pip/cargo) → version extraction\nPort scan (local network only, non-invasive)\nSSL cert validation\nService exposure check (looks for :80, :443, :8080, etc. on public IPs)\nOpenClaw config audit\nCVE Matching — Compares detected versions against CVE database\nAlerting — Dispatches alerts based on severity + cooldown\nHistory — Stores scan results in SQLite (trend analysis)\n\nPerformance: Full scan ~30 seconds. CVE refresh ~10 seconds. Optimized for homelab scale.\n\nIntegration with Other Skills\nWith infra-watchdog — threat-radar feeds security events into watchdog alerts\nWith ops-journal — CVE findings auto-logged for incident correlation\nWith daily-maintenance.sh — integrated as Phase 8 (security scanning)\nSecurity Notes\nOffline mode — scans work without internet after initial CVE download\nNo credential exposure — never scans credentials (security-hardener handles that)\nLocal network only — port scanning stays within your private networks\nPrivacy — no data sent external except NVD API calls (CVE checking)\nTroubleshooting\n\nQ: \"CVE database outdated\" warning\nA: Run threat-radar data-refresh to pull latest feeds\n\nQ: Scan is slow\nA: Disable slow checks: threat-radar config update --skip-ports\n\nQ: Too many alerts\nA: Adjust severity: threat-radar config update --alert-level=high\n\nQ: False positive CVE\nA: Mark as accepted risk: threat-radar ignore CVE-XXXX-XXXXX\n\nWhat's Next\nReal-time CVE feed (when a new vulnerability drops affecting you, know in minutes)\nRemediation automation (auto-file PRs to update dependencies)\nIntegration with vulnerability scanners (nessus, qualys API)\nSupport\n\nFor issues: Check ~/.openclaw/workspace/monitoring/threat-radar/threat-radar.log\n\nthreat-radar logs --tail=100\nthreat-radar logs --follow # Real-time logging\n\n\nBuilt for OpenClaw agents running homelab infrastructure." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/mariusfit/threat-radar", "publisherUrl": "https://clawhub.ai/mariusfit/threat-radar", "owner": "mariusfit", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/threat-radar", "downloadUrl": "https://openagent3.xyz/downloads/threat-radar", "agentUrl": "https://openagent3.xyz/skills/threat-radar/agent", "manifestUrl": "https://openagent3.xyz/skills/threat-radar/agent.json", "briefUrl": "https://openagent3.xyz/skills/threat-radar/agent.md" } }