ReefWatch

Type: OpenClaw Skill Name: reefwatch Version: 1.3.0 The OpenClaw AgentSkills skill bundle 'reefwatch' is a Host-based Intrusion Detection System (HIDS) designed to monitor for and alert on security threats. Its code and documentation consistently align with this benign purpose. Key indicators supporting this classification include robust SSRF prevention in `alert_manager.py` for webhook communication, secure file handling with `0o600` permissions and `O_NOFOLLOW` flags for sensitive files (e.g., PID, status, history, rule files), and explicit detection mechanisms for prompt injection attacks (Unicode obfuscation, specific phrases) targeting OpenClaw's own configuration in `reefwatch/engines/custom_rules.py`. Furthermore, `setup_rules.py` employs supply chain best practices by pinning Git clones of YARA and Sigma rules to specific tags, mitigating risks from upstream changes. All system interactions (e.g., `subprocess.run` for log collection, `psutil` for system monitoring) are necessary for its stated security function and are implemented with security considerations.