ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Security Monitor

v1.0.0

Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.

5· 6.4k·52 current·54 all-time
by@chandrasekar-r
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (real-time security monitoring) matches the code's activities (auth log checks, port/process/docker checks, file-change detection). The capability set (tail logs, ss/netstat, ps, docker) is consistent with monitoring.
!
Instruction Scope
SKILL.md simply instructs running the provided monitor script but does not disclose that the script will read /var/log/auth.log, /root/clawd/skills/.env, /root/clawd/.env and other root-owned paths, nor that it writes state and logs to /root/clawd/clawdbot-security. The code will therefore access sensitive system files and potential credentials even though the documentation doesn't call this out.
Install Mechanism
No install spec; this is instruction + included script. No network downloads or external package installs are performed by the skill itself (only Node built-ins and exec calls).
!
Credentials
Registry metadata declares no required env vars or credentials, but the script reads .env files under /root/clawd (potentially containing service credentials) and inspects auth/system logs. That is a mismatch: the skill will access sensitive configuration/credentials without declaring them or explaining why.
Persistence & Privilege
Skill does not request always:true and does not autonomously modify other skills. However, it writes state and log files under /root/clawd/clawdbot-security and will likely require elevated privileges (or access to root-owned paths) to function fully; the documentation doesn't mention run-as requirements.
What to consider before installing
This skill's code aligns with a monitoring purpose, but it reads system auth logs and project .env files under /root without declaring that access. Before installing: 1) Inspect the script yourself (the repository includes scripts/monitor.cjs) to confirm there are no network exfiltration calls — the current file logs locally and has no implemented external alerts, but it will expose contents of .env if present. 2) Understand that it writes logs/state to /root/clawd/clawdbot-security and may need to be run as root to access /var/log/auth.log and /root paths; run it in a sandbox or container if you cannot grant that access. 3) If you expect Telegram alerts, note the Telegram send is a TODO — no remote alerting is implemented. 4) If you want to proceed, consider limiting what .env files contain (remove high-value secrets), adjust watched paths to less-sensitive locations, or modify the script to require explicit credentials/configuration for any credential checks. 5) Prefer running only after code review or on a test instance; ask the publisher for an explanation of why the skill must read /root/clawd/skills/.env and for a threat model that justifies reading root-owned logs. If the author provides a version that only reads declared, documented paths (or documents required permissions), the assessment could move to benign.

Like a lobster shell, security has layers — review code before you run it.

intrusion-detectionvk9793v7yg686k742k2rkz1strx7zypejlatestvk9793v7yg686k742k2rkz1strx7zypejmonitoringvk9793v7yg686k742k2rkz1strx7zypejrealtimevk9793v7yg686k742k2rkz1strx7zypejsecurityvk9793v7yg686k742k2rkz1strx7zypej

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments