ClawHub

Agent Security Monitor

v1.1.0

Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal...

1· 1.6k·11 current·12 all-time
by@suzxclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (security monitoring) aligns with what the script does: scanning workspace skills, .env/secrets files, SSH keys, git commits, command history and logs. The included permissions.json and SKILL.md are consistent with a supply-chain/permission-checking monitor. Minor inconsistency: SKILL metadata's install block lists an entry 'id: node / kind: node / package: bash' which is weird and unnecessary for a pure-Bash script.
!
Instruction Scope
The runtime instructions and script legitimately scan many sensitive locations (~/.openclaw, ~/.ssh, git index, log files, command history). That broad file access is coherent for a monitor but is high-privilege and should be expected only after review. More importantly, the script's false-positive mitigation explicitly treats patterns like 'webhook.site' and a generic 'curl.*\.' pattern as known benign—this will suppress alerts for known exfiltration endpoints and could produce dangerous false negatives.
Install Mechanism
No install spec that downloads external code; this is an instruction-only skill with a bundled Bash script. That's low-install risk. The only oddity is the SKILL.md metadata line referencing a 'node' install for 'bash' (likely a metadata mistake) but there is no external download or archive extraction in the provided files.
Credentials
permissions.json declares read access to workspace and read env; the script reads files in the OpenClaw workspace, user .ssh, and other local files. It does not request network credentials or external tokens. This broad filesystem access is proportional to a monitor, but the script does scan very sensitive locations (SSH keys, git commits) so users should consent. The script optionally uses jq if present but gracefully skips functionality when jq is missing.
Persistence & Privilege
Skill is not marked always:true and does not modify other skills. It writes log and alert files into the user's OpenClaw workspace (~/.openclaw/workspace) and config at ~/.config/agent-security/config.json, which is expected for a monitoring tool. No evidence of self-enabling or stealthy persistence beyond those logs.
What to consider before installing
This script is broadly consistent with a local security monitor, but you should not run it on a production or sensitive machine without review. Before installing/running: 1) Inspect KNOWN_BENIGN patterns in scripts/security-monitor.sh—remove or tighten entries like 'webhook.site' and the generic 'curl.*\.' pattern so the monitor does not silently ignore exfiltration indicators. 2) Confirm you are comfortable with the monitor reading ~/.openclaw, ~/.ssh, repository indexes and writing logs to ~/openclaw/workspace; back up any sensitive files first. 3) Fix the odd SKILL.md install metadata (the 'node' → 'bash' line) or ignore it; it appears to be a documentation/metadata mistake. 4) Consider running the script in an isolated environment first to observe its output and tune the config (KNOWN_BENIGN, checks) to avoid false negatives. 5) If you need permission-manifest validation, install jq so the manifest checks run; otherwise the script skips them. If you want a higher assurance that the monitor itself won't hide exfiltration, request the author to justify the benign-pattern list or provide a restrictive default that errs on alerting rather than suppressing.

Like a lobster shell, security has layers — review code before you run it.

agentvk97bmpxnmqtqpn5smmwj66mx6n81694xcybersecurityvk97bmpxnmqtqpn5smmwj66mx6n81694xisnadvk97bmpxnmqtqpn5smmwj66mx6n81694xlatestvk97bmpxnmqtqpn5smmwj66mx6n81694xmonitoringvk97bmpxnmqtqpn5smmwj66mx6n81694xsafetyvk97bmpxnmqtqpn5smmwj66mx6n81694xsecurityvk97bmpxnmqtqpn5smmwj66mx6n81694xsupply-chainvk97bmpxnmqtqpn5smmwj66mx6n81694x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments