# Send Threat Radar to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "threat-radar", "name": "Threat Radar", "source": "tencent", "type": "skill", "category": "通讯协作", "sourceUrl": "https://clawhub.ai/mariusfit/threat-radar", "canonicalUrl": "https://clawhub.ai/mariusfit/threat-radar", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/threat-radar", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=threat-radar", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "threat_radar.py" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "threat-radar", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-01T14:44:28.640Z", "expiresAt": "2026-05-08T14:44:28.640Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=threat-radar", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=threat-radar", "contentDisposition": "attachment; filename=\"threat-radar-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "threat-radar" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/threat-radar" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/threat-radar", "downloadUrl": "https://openagent3.xyz/downloads/threat-radar", "agentUrl": "https://openagent3.xyz/skills/threat-radar/agent", "manifestUrl": "https://openagent3.xyz/skills/threat-radar/agent.json", "briefUrl": "https://openagent3.xyz/skills/threat-radar/agent.md" } } ``` ## Documentation ### threat-radar — Continuous Security Scanning & CVE Alerting Version: 1.0.0 Category: Security Type: Monitoring + Alerting Published: February 24, 2026 ### What It Does Continuous security posture monitoring that scans your running services, Docker images, and software dependencies for known CVEs. Alerts you via WhatsApp/Telegram/Discord when new vulnerabilities affect your stack. No external services required — runs entirely within OpenClaw using public CVE feeds. ### Security Scanning Docker image vulnerability scanning — trivy-style CVE detection for your container images Dependency auditing — npm, pip, cargo lockfile analysis for known vulnerabilities Port discovery — identifies exposed services on your local network SSL/TLS grading — evaluates certificate validity and security config OpenClaw config security — checks your OpenClaw setup against best practices Exposed service detection — flags accidentally public services ### CVE Monitoring Automatic CVE feeds — pulls from NVD (National Vulnerability Database) and GitHub Advisories Track your versions — matches CVEs to YOUR installed software versions Severity-based alerting — CRITICAL immediately, HIGH in daily digest, LOW weekly summary Recovery tracking — knows when you patch and closes alerts ### Reporting Weekly security digest — Canvas dashboard or markdown report Trend tracking — is your security posture improving? Remediation suggestions — actionable fixes per finding CWE references — understand the vulnerability class ### Scanning threat-radar scan # Full security scan now threat-radar scan --docker # Docker images only threat-radar scan --deps # Dependency audit (npm/pip/cargo) threat-radar scan --ports # Port scan (local network) threat-radar scan --ssl # SSL certificate check threat-radar scan --openclaw # OpenClaw config check threat-radar scan --exposed # Check for accidentally public services ### CVE Tracking threat-radar cves # Show CVEs affecting your stack threat-radar cves --critical # Only CRITICAL severity threat-radar cves --since # New CVEs in last N days threat-radar watch # Track specific software version threat-radar unwatch # Stop tracking threat-radar watches # List all watched software ### Reporting threat-radar report # Generate full security report threat-radar report --period=week # Weekly summary threat-radar report --period=month # Monthly summary threat-radar status # Quick security status threat-radar history # View past scans threat-radar trends # Posture improvement tracking ### Management threat-radar init # Initialize threat-radar threat-radar config show # Show current configuration threat-radar config update # Update scan settings threat-radar cron-install # Set up scheduled daily scans + CVE checks threat-radar cron-remove # Remove scheduled scans threat-radar data-refresh # Force CVE database refresh ### Output All commands support: --json — machine-readable JSON output --csv — comma-separated for spreadsheet import --md — markdown for reports --no-color — plain text (useful for logs) ### Initial Setup $ threat-radar init ✓ Initialized threat-radar ✓ Created ~/.openclaw/workspace/monitoring/threat-radar/ ✓ Pulled CVE databases (NVD: 245,891 entries, GitHub: 14,329 advisories) ✓ Scanned Docker images: 3 images, 0 vulnerabilities found ✓ Scanned dependencies: npm 487 packages, pip 89 packages — 2 warnings ✓ Security score: 87/100 Ready to scan. Try: threat-radar scan --docker ### Full Security Scan $ threat-radar scan Scanning security posture... [DOCKER IMAGES] ───────────────────────────────────────── openclaw-agent:latest 0 CVEs ✓ Clean postgres:15 2 CVEs ⚠ Medium (libc, OpenSSL) redis:latest 0 CVEs ✓ Clean [DEPENDENCIES] ────────────────────────────────────────── npm (workspace root) 3 CVEs ⚠ 1 High, 2 Medium - lodash@4.17.19 CVE-2021-23337 (High: Prototype pollution) - axios@0.21.0 CVE-2021-41773 (Medium: XXE in parser) - ws@7.4.0 CVE-2021-32640 (Medium: Buffer overflow) [PORTS] ────────────────────────────────────────────────── 192.168.1.50:80 (nginx) ✓ Private network 192.168.1.50:443 (nginx) ✓ Private network 10.10.10.230:6379 (redis) ✓ Private network [SSL/TLS] ──────────────────────────────────────────────── openclaw.local Grade A Valid until Jun 24, 2026 ✓ example.com Grade B Warning: no HSTS header [OPENCLAW CONFIG] ──────────────────────────────────────── agentToAgent permissions ✓ Restricted (not [*]) Credential file permissions ✓ 600 (not world-readable) Memory file permissions ✓ 600 Gateway auth enabled ✓ Yes Sandbox restrictions ⚠ exec-sandbox: false (accepted risk) [EXPOSED SERVICES] ─────────────────────────────────────── 0 accidentally public services found ✓ SUMMARY ────── Security Score: 82/100 (down 5 points from 87 on 2026-02-23) Critical CVEs: 0 High CVEs: 1 (lodash) Medium CVEs: 4 (axios, ws, libc, OpenSSL) Low CVEs: 2 Estimated fix time: 2 hours (update npm packages) Next scan: 2026-02-25 09:00 UTC (via cron) ### CVE Tracking $ threat-radar cves --critical Critical vulnerabilities affecting your stack: None currently. Your environment is clean at this severity level. $ threat-radar cves CVEs affecting your stack: [HIGH] ────────────────────────────────────────────────── CVE-2021-23337 (lodash) Package: lodash 4.17.19 Component: Prototype pollution Fix: upgrade to 4.17.21 (available now) Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-23337 Status: UNFIXED (discovered 5 days ago) [MEDIUM] ──────────────────────────────────────────────── CVE-2021-41773 (axios) Package: axios 0.21.0 Component: XXE in parameter parser Fix: upgrade to 0.27.0+ (available now) Status: UNFIXED (discovered 3 days ago) CVE-2021-32640 (ws) Package: ws 7.4.0 Component: Buffer overflow in frame parsing Fix: upgrade to 8.0.0+ (available now) Status: UNFIXED CVE-2023-4807 (libc - in postgres:15 image) Component: Memory corruption in glibc malloc Fix: Rebuild image from postgres:15-alpine (fixed base image) Status: UNFIXED (image vulnerability) CVE-2024-1086 (OpenSSL - in postgres:15 image) Component: Key recovery in RSA operations Fix: Update Dockerfile to postgres:16 (has patch) Status: UNFIXED (image vulnerability) View details: threat-radar cves Set alert threshold: threat-radar config update --alert-level=medium ### Weekly Report $ threat-radar report --period=week ┌─ SECURITY POSTURE REPORT (Feb 18 - Feb 24, 2026) ─────────────────────┐ │ │ │ Overall Score: 82/100 (was 85/100 on Feb 17) │ │ │ │ Metrics ──────────────────────────────────────────────────────────── │ │ Critical CVEs: 0 (↓ 0) │ │ High CVEs: 1 (↑ 1, new: lodash) │ │ Medium CVEs: 4 (↔ 4) │ │ Low CVEs: 2 (↓ 1, patched: urllib3) │ │ Unfixed vulnerabilities: 7 (↑ 2) │ │ Average fix time: 1.8 hours (was 1.2) │ │ │ │ Trend Analysis ───────────────────────────────────────────────────── │ │ Feb 17 (85/100) ↓ Feb 18 (83/100) ↓ Feb 19 (82/100) ↔ Feb 24 │ │ ⚠ Declining trend: +2 new CVEs found, zero patches applied │ │ │ │ Action Items ──────────────────────────────────────────────────────── │ │ 1. npm audit fix — 3 packages, 15 min │ │ 2. Update postgres:15 — rebuild from latest, 10 min │ │ 3. Review HSTS config — grade B on example.com │ │ │ │ Docker Images (3 scanned) ────────────────────────────────────────── │ │ openclaw-agent:latest ✓ 0 CVEs │ │ postgres:15 ⚠ 2 CVEs (libc, OpenSSL) │ │ redis:latest ✓ 0 CVEs │ │ │ │ Dependencies (npm + pip) ──────────────────────────────────────────── │ │ npm (workspace root) ⚠ 3 High + Medium CVEs │ │ lodash, axios, ws │ │ pip (python deps) ✓ 0 CVEs │ │ │ │ Port Security (7 ports) ──────────────────────────────────────────── │ │ All ports on private network (10.0.0.0/8, 192.168.0.0/16) ✓ │ │ │ │ Next Actions ──────────────────────────────────────────────────────── │ │ □ Run: npm audit fix │ │ □ Update base images: postgres:16 or postgres:15-alpine │ │ □ Run: threat-radar scan (verify fixes) │ │ │ │ Alert Settings ────────────────────────────────────────────────────── │ │ Critical: Alert immediately via WhatsApp │ │ High: Daily digest (at 09:00 UTC) │ │ Medium: Weekly report │ │ Low: Suppress (monthly audit only) │ │ │ └─────────────────────────────────────────────────────────────────────────┘ To apply remediations: threat-radar remediate --auto-npm To stop alerts: threat-radar config update --alert-level=critical ### Scheduled Scanning $ threat-radar cron-install ✓ Installed daily security scan (09:00 UTC) ✓ Installed CVE feed refresh (every 6 hours) ✓ Installed weekly report (Monday 08:00 UTC) ✓ WhatsApp alerts: CRITICAL (immediate), HIGH (daily digest) Cron schedule: - threat-radar scan → daily 09:00 UTC - threat-radar data-refresh → every 6h (00:00, 06:00, 12:00, 18:00 UTC) - threat-radar report → Monday 08:00 UTC View logs: threat-radar logs [--tail=50] ### Installation clawhub install threat-radar ### Configuration Threat-radar stores config in ~/.openclaw/workspace/monitoring/threat-radar/config.json: { "scan_paths": { "docker_images": true, "dependencies": ["npm", "pip"], "ports": true, "ssl_domains": ["example.com", "openclaw.local"], "openclaw_check": true, "exposed_scan": true }, "alerts": { "critical": "immediate", "high": "daily_digest", "medium": "weekly", "low": "suppress" }, "cve_feeds": ["nvd", "github"], "max_age_days": 30, "local_network_cidrs": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"], "ignored_cves": [], "watched_software": {} } Edit with: threat-radar config update ### How It Works Initialization — Downloads latest CVE databases from NVD + GitHub Advisories (~500KB) Scanning — Runs 7 security checks in parallel: Docker image analysis (hashes vs CVE DB) Dependency file parsing (npm/pip/cargo) → version extraction Port scan (local network only, non-invasive) SSL cert validation Service exposure check (looks for :80, :443, :8080, etc. on public IPs) OpenClaw config audit CVE Matching — Compares detected versions against CVE database Alerting — Dispatches alerts based on severity + cooldown History — Stores scan results in SQLite (trend analysis) Performance: Full scan ~30 seconds. CVE refresh ~10 seconds. Optimized for homelab scale. ### Integration with Other Skills With infra-watchdog — threat-radar feeds security events into watchdog alerts With ops-journal — CVE findings auto-logged for incident correlation With daily-maintenance.sh — integrated as Phase 8 (security scanning) ### Security Notes Offline mode — scans work without internet after initial CVE download No credential exposure — never scans credentials (security-hardener handles that) Local network only — port scanning stays within your private networks Privacy — no data sent external except NVD API calls (CVE checking) ### Troubleshooting Q: "CVE database outdated" warning A: Run threat-radar data-refresh to pull latest feeds Q: Scan is slow A: Disable slow checks: threat-radar config update --skip-ports Q: Too many alerts A: Adjust severity: threat-radar config update --alert-level=high Q: False positive CVE A: Mark as accepted risk: threat-radar ignore CVE-XXXX-XXXXX ### What's Next Real-time CVE feed (when a new vulnerability drops affecting you, know in minutes) Remediation automation (auto-file PRs to update dependencies) Integration with vulnerability scanners (nessus, qualys API) ### Support For issues: Check ~/.openclaw/workspace/monitoring/threat-radar/threat-radar.log threat-radar logs --tail=100 threat-radar logs --follow # Real-time logging Built for OpenClaw agents running homelab infrastructure. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: mariusfit - Version: 1.0.0 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-01T14:44:28.640Z - Expires at: 2026-05-08T14:44:28.640Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/threat-radar) - [Send to Agent page](https://openagent3.xyz/skills/threat-radar/agent) - [JSON manifest](https://openagent3.xyz/skills/threat-radar/agent.json) - [Markdown brief](https://openagent3.xyz/skills/threat-radar/agent.md) - [Download page](https://openagent3.xyz/downloads/threat-radar)