ClawHub

Lightweight Host Intrusion Detection and Log Analysis System (Mini-HIDS)

v1.0.5

Real-time Linux log monitoring and AI-assisted detection of brute force attacks, web attacks, and webshells with automated IP blocking and whitelist support.

0· 24·0 current·0 all-time
bynetkrxn@netkr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implementation: provided Python daemon (mini_hids.py) and CLI (hids_cli.py) perform log tailing, SSH/web attack detection, webroot scanning, state persistence (SQLite), and call iptables/nft/fail2ban to block IPs — all expected for a HIDS.
Instruction Scope
SKILL.md and README instruct running the daemon with sudo, reading /var/log/* and web directories, and optionally wiring an LLM API key. That stays within the stated purpose. One point to watch: the instructions recommend sending the project link to an agent and asking it to 'package into a skill' — allowing an agent to fetch and install code remotely increases operational risk unless you trust the source.
Install Mechanism
There is no external installer or downloads: the skill is instruction+code only. No remote URLs or archive extract/install steps are present in SKILL.md. This lowers supply‑chain risk, provided the included code is the code you expect.
Credentials
No required environment variables or credentials are declared. LLM API key support is optional and explained; recommending environment variables for an API key is reasonable. There are no unrelated credential requests.
Persistence & Privilege
The daemon is designed to run continuously and the README/SKILL.md explicitly require root to manage firewall rules and read protected logs. 'always' is false. Running as root and modifying firewall rules are expected for this functionality, but grant significant power — verify intended behavior and whitelists before granting those privileges.
Assessment
This skill appears to implement what it claims (a local Linux HIDS), but it operates with high privilege and accesses sensitive files. Before installing or running it on production systems: 1) Review the full source (mini_hids.py and hids_cli.py) yourself or have a trusted engineer do so, paying attention to any network/webhook/LLM code paths; 2) Test in an isolated environment or container with representative logs, not on a critical server; 3) Backup current firewall rules and test unban behavior to avoid accidental lockout; 4) Ensure TRUSTED_IPS/whitelist is correctly configured before enabling automatic blocking; 5) If you enable the optional LLM/webhook features, use least‑privilege API keys and verify external endpoints; 6) Do not allow an agent to auto‑fetch and run this code on your infrastructure without manual review.

Like a lobster shell, security has layers — review code before you run it.

hidsvk970za6mttfsgbqcyz51k2ab0d84qsqnlatestvk97e10w5ax8x6r9s7c6rby2vh584pa93

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments