skills$openclaw/security-monitor

9.5k★

security-monitor – OpenClaw Skill

Name: security-monitor
Author: chandrasekar-r

security-monitor is an OpenClaw Skills integration for devops workflows. Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.

9.5k stars6.5k forksSecurity L1

Updated Feb 7, 2026Created Feb 7, 2026devops

Skill Snapshot

name	security-monitor
description	Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches. OpenClaw Skills integration.
owner	chandrasekar-r
repository	chandrasekar-r/security-monitor
language	Markdown
license	MIT
topics
security	L1
install	openclaw add @chandrasekar-r/security-monitor
last updated	Feb 7, 2026

Maintainer

chandrasekar-r

Maintains security-monitor in the OpenClaw Skills directory.

View GitHub profile

File Explorer

4 files

scripts

monitor.cjs

8.5 KB

_meta.json

292 B

SKILL.md

1.8 KB

SKILL.md

name: security-monitor description: Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.

Security Monitor Skill

When to use

Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment.

Setup

No external dependencies required. Runs as a background process.

How to

Start real-time monitoring

node skills/security-monitor/scripts/monitor.cjs --interval 60

Run in daemon mode (background)

node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60

Monitor for specific threats

node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls

What It Monitors

Threat	Detection	Response
Brute force attacks	Failed login detection	Alert + IP tracking
Port scanning	Rapid connection attempts	Alert
Process anomalies	Unexpected processes	Alert
File changes	Unauthorized modifications	Alert
Container health	Docker issues	Alert

Output

Console output (stdout)
JSON logs at /root/clawd/clawdbot-security/logs/alerts.log
Telegram alerts (configurable)

Daemon Mode

Use systemd or PM2 to keep monitoring active:

# With PM2
pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60

Run audit first, then monitor continuously:

# One-time audit
node skills/security-audit/scripts/audit.cjs --full

# Continuous monitoring
node skills/security-monitor/scripts/monitor.cjs --daemon

security-audit - One-time security scan (install separately)

README.md

No README available.

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

## When to use Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment. ## Setup No external dependencies required. Runs as a background process. ## How to ### Start real-time monitoring ```bash node skills/security-monitor/scripts/monitor.cjs --interval 60 ``` ### Run in daemon mode (background) ```bash node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60 ``` ### Monitor for specific threats ```bash node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls ``` ## What It Monitors | Threat | Detection | Response | |--------|-----------|----------| | **Brute force attacks** | Failed login detection | Alert + IP tracking | | **Port scanning** | Rapid connection attempts | Alert | | **Process anomalies** | Unexpected processes | Alert | | **File changes** | Unauthorized modifications | Alert | | **Container health** | Docker issues | Alert | ## Output - Console output (stdout) - JSON logs at `/root/clawd/clawdbot-security/logs/alerts.log` - Telegram alerts (configurable) ## Daemon Mode Use systemd or PM2 to keep monitoring active: ```bash

Requirements

OpenClaw CLI installed and configured.
Language: Markdown
License: MIT
Topics:

FAQ

How do I install security-monitor?

Run openclaw add @chandrasekar-r/security-monitor in your terminal. This installs security-monitor into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/chandrasekar-r/security-monitor. Review commits and README documentation before installing.