Security Monitor
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches security monitoring, but it reads sensitive local credential/system files and ignores its advertised threat-scope option, so users should review it before enabling.
Before installing, decide whether this skill should be allowed to read /root/clawd/skills/.env, auth logs, process lists, ports, and Docker state. Patch or verify the threats filtering if you need scoped monitoring, run with least privilege, and protect or rotate the generated log/state files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe they limited monitoring to selected threat types, but the skill can still inspect auth logs, ports, processes, Docker status, and credential files.
The threats option is printed but not used to decide which checks run. Despite SKILL.md advertising --threats=credentials,ports,api-calls for specific threats, the script runs all monitors, including sensitive file and system checks.
console.log(`Threats: ${threats}`); ... checkFailedLogins(); checkOpenPorts(); checkProcessAnomalies(); checkFileChanges(); checkApiKeyUsage(); checkDockerHealth();Implement an enforced allowlist for the threats option and clearly document which checks run by default, especially checks that read credential or system files.
Running the monitor gives it access to local API credential material, even if it currently only records service names.
The script opens a likely credential file and inspects provider names. It does not log token values, but the sensitive file access is not clearly declared in the registry requirements.
const envContent = fs.readFileSync('/root/clawd/skills/.env', 'utf8'); ... log('INFO', 'API credentials present', { services: envContent.match(/(?:TWITTER|KAPSO|WHATSAPP)/g) || [] });Make credential-file inspection explicit and opt-in, declare the config path, avoid reading secret values where possible, and log only non-sensitive metadata.
If run with elevated privileges, the skill can inspect sensitive system logs, network listeners, process lists, and Docker status.
The script uses shell execution to inspect local security state. The commands are hard-coded and aligned with monitoring, but they expand what the skill can observe on the host.
const { execSync } = require('child_process'); ... execSync('tail -100 /var/log/auth.log ...'); ... execSync('ss -tlnp ...'); ... execSync('ps aux ...');Review the commands before use and run the monitor with the least privilege that still permits the checks you need.
Local alert/state files may reveal security events or be tampered with to affect future monitoring results.
The monitor persists alert history and state locally for reuse across checks. This is purpose-aligned, but the stored security context may contain IPs, paths, and service names.
const STATE_FILE = '/root/clawd/clawdbot-security/.monitor-state.json'; ... state.alerts.unshift(entry); state.alerts = state.alerts.slice(0, 100); ... fs.writeFileSync(STATE_FILE, JSON.stringify(state, null, 2));
Protect the log/state directory with appropriate file permissions and define retention or cleanup expectations.
The monitor can keep executing periodic checks after startup until the process manager or daemon is stopped.
The skill explicitly supports daemon/background operation. This persistence is disclosed and expected for real-time monitoring.
No external dependencies required. Runs as a background process. ... pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60
Use a known process manager, document the stop command, and periodically review whether the background monitor is still needed.