ClawHub

AgentGuard

v1.0.0

Monitors agent file access, API calls, and communications to detect suspicious behavior, log events, and generate actionable security reports.

3· 3.5k·26 current·29 all-time
by@manas-io-ai
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files and SKILL.md implement a file/API/communication monitor, anomaly detector, logger, alerter and reporter — these capabilities align with the implied purpose (security monitoring). However the skill has no public homepage/source and the skill metadata provides no description or provenance, which reduces trustworthiness.
!
Instruction Scope
SKILL.md instructs continuous, broad monitoring of file reads/writes and all external communications (including scanning for credentials). It asserts 'No external data transmission' but the code/config expose channels (telegram, discord, webhook, email) that can dispatch alerts externally when configured. The monitoring covers sensitive paths (e.g. ~/.ssh, .aws, .netrc) which is coherent for a monitor but is high-sensitivity data; the skill's instructions allow wide discretion to collect and log this data.
Install Mechanism
There is no install spec (instruction-only install), so nothing is downloaded or executed automatically by an installer. Code is included in the package, which will create ~/.agentguard and write logs at runtime. No external install URLs or unexpected installers were present.
Credentials
The skill declares no required environment variables (and none are necessary to run locally). However alert dispatching supports external channels and expects configuration (webhook_url, chat IDs, etc.) which if supplied would enable data to leave the host. The SKILL.md does not require any credentials but the effective behavior can be changed by the user-supplied config — this mismatch should be considered.
Persistence & Privilege
The skill does not request force-inclusion (always: false) and does not modify other skills. It writes to a local directory (~/.agentguard) for logs, baselines, alerts and reports which is expected for monitoring software. Running as a separate process (recommended in SKILL.md) is appropriate to limit risk.
What to consider before installing
What to consider before installing AgentGuard: - Provenance: the skill has no homepage/source URL in the metadata. Prefer skills with a public repository, release notes or verified publisher. Ask for the upstream repo or a signed release before trusting it. - External channels: SKILL.md claims "No external data transmission" but the code supports Telegram/Discord/webhook/email alerts. If you enable those channels (or add webhook URLs/chat IDs) sensitive information from logs/alerts can be sent off-host. Only enable external channels you fully control and inspect the alert contents first. - Scope of monitoring: AgentGuard watches broad paths (including ~/.ssh, .aws, .netrc, .env). That is expected for a security monitor but means the tool will see highly sensitive secrets. Only grant it access to directories you intend to monitor, and exclude secret stores if you do not want them monitored. - Run isolation: Follow the SKILL.md suggestion — run AgentGuard in a separate process/container with limited privileges (read-only where possible). That reduces the risk that a compromised agent can disable or tamper with monitoring. - Configuration review: Before enabling automated dispatching, review ~/.agentguard/config.yaml and ensure 'channels' and webhook URLs are set to trusted endpoints. Enable log encryption and retention as needed. - Code review / provenance check: If you cannot verify the upstream repository or author, inspect the included scripts (monitor, logger, detector, alerter, reporter) for unexpected network calls or obfuscated code. The visible code prints and simulates sends rather than performing direct network POSTs, but the presence of dispatch functions means network sending can be enabled by configuration or by future changes. - What would change this assessment: a public, verifiable source repository, signed releases, or a maintainer statement that alerts are only local unless explicit external channels are configured would increase confidence. Conversely, finding hardcoded remote endpoints, obscured network calls, or automatic remote installation would increase severity to malicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dk179bwr48sz0jk62b3jczh80by4j
3.5kdownloads
3stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@manas-io-ai
latest
Download

AgentGuard - Security Monitoring Skill

Version: 1.0.0
Author: Manas AI
Category: Security & Monitoring

Overview

AgentGuard is a comprehensive security monitoring skill that watches over agent operations, detecting suspicious behavior, logging communications, and providing actionable security reports.

Capabilities

1. File Access Monitoring

Track all file read/write operations with pattern analysis.

Trigger: Continuous background monitoring
Command: agentguard monitor files [--watch-dir <path>]

What it detects:

  • Unusual file access patterns (bulk reads, sensitive directories)
  • Access to credential files (.env, .secrets, keys)
  • Unexpected write operations to system directories
  • File exfiltration attempts (large reads followed by network calls)

2. API Call Detection

Monitor outbound API calls for suspicious activity.

Command: agentguard monitor api

What it detects:

  • Calls to unknown/untrusted endpoints
  • Unusual API call frequency (rate anomalies)
  • Sensitive data in request payloads
  • Authentication token exposure
  • Calls to known malicious domains

3. Communication Logging

Log all external communications for audit trails.

Command: agentguard log comms [--output <path>]

Logs include:

  • HTTP/HTTPS requests (sanitized)
  • WebSocket connections
  • Email sends
  • Message platform outputs (Telegram, Discord, etc.)
  • Timestamp, destination, payload hash

4. Anomaly Detection

ML-lite pattern analysis for behavioral anomalies.

Command: agentguard detect anomalies [--sensitivity <low|medium|high>]

Detection methods:

  • Baseline deviation (learns normal patterns)
  • Time-of-day anomalies
  • Sequence analysis (unusual operation chains)
  • Volume spikes
  • New destination detection

5. Security Reports

Generate comprehensive daily security reports.

Command: agentguard report [--period <daily|weekly|monthly>]

Report includes:

  • Activity summary
  • Alert breakdown by severity
  • Top accessed resources
  • Communication destinations
  • Anomaly timeline
  • Recommendations

Configuration

Config File: config/agentguard.yaml

monitoring:
  enabled: true
  file_watch_dirs:
    - ~/clawd
    - ~/.clawdbot
  exclude_patterns:
    - "*.log"
    - "node_modules/**"
    - ".git/**"

alerts:
  sensitivity: medium  # low, medium, high
  channels:
    - telegram
  alert_on:
    - credential_access
    - bulk_file_read
    - unknown_api_endpoint
    - data_exfiltration
  cooldown_minutes: 15

api_monitoring:
  trusted_domains:
    - api.anthropic.com
    - api.openai.com
    - api.telegram.org
    - api.elevenlabs.io
  block_on_suspicious: false  # true = prevent call, false = alert only

logging:
  retention_days: 30
  log_dir: ~/.agentguard/logs
  hash_sensitive_data: true

reporting:
  auto_daily_report: true
  report_time: "09:00"
  report_channel: telegram

Usage Examples

Start Full Monitoring

agentguard start

Enables all monitoring features with default config.

Check Current Security Status

agentguard status

Returns current threat level, active monitors, recent alerts.

Investigate Specific Activity

agentguard investigate --timerange "last 2 hours" --type file_access

Generate Immediate Report

agentguard report --now

Review Alert History

agentguard alerts --last 24h --severity high

Whitelist a Domain

agentguard trust add api.newservice.com --reason "Required for X integration"

Alert Severity Levels

LevelColorMeaningExample
INFO🔵Normal logged activityFile read in workspace
LOW🟢Minor deviationSlightly elevated API calls
MEDIUM🟡Notable anomalyAccess to .env file
HIGH🟠Potential threatBulk credential access
CRITICAL🔴Immediate action neededData exfiltration pattern

Integration Points

With Clawdbot

  • Receives file/API operation hooks
  • Sends alerts via configured channels
  • Integrates with heartbeat for periodic checks

With Other Skills

  • Shares threat data with other security skills
  • Can block operations (if configured)
  • Provides audit logs for compliance skills

Data Storage

~/.agentguard/
├── logs/
│   ├── file_access/
│   ├── api_calls/
│   └── communications/
├── baselines/
│   └── behavior_model.json
├── alerts/
│   └── YYYY-MM-DD.json
└── reports/
    └── YYYY-MM-DD_report.md

Privacy & Security

  • No external data transmission - All processing is local
  • Sensitive data hashing - Credentials are never logged in plain text
  • Configurable retention - Auto-delete old logs
  • Encrypted storage - Optional AES encryption for logs

Troubleshooting

High false positive rate

→ Increase baseline learning period or reduce sensitivity

Missing file events

→ Check file_watch_dirs config covers target directories

Reports not generating

→ Verify report_time format and timezone settings

Execution Scripts

ScriptPurpose
execution/monitor.pyCore monitoring daemon
execution/detector.pyAnomaly detection engine
execution/logger.pyStructured logging handler
execution/alerter.pyAlert dispatch system
execution/reporter.pyReport generation

Author Notes

AgentGuard is designed with defense-in-depth principles. It assumes agents can be compromised or manipulated, and provides visibility into their operations.

For maximum security, run AgentGuard in a separate process with limited write access to prevent a compromised agent from disabling monitoring.

Comments

Loading comments...