2.6k
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill openclaw-security-monitor- _meta.json658 B
- README.md55.7 KB
- SKILL.md10.6 KB
Overview
This skill provides proactive security monitoring, daily threat scanning, and automated remediation tailored for OpenClaw deployments. It combines a 32-point scanner, threat intelligence feeds, a web dashboard, and Telegram alerting to surface and fix risky configurations and indicators of compromise. The goal is reduce exposure from malicious skills, exfiltration channels, and risky runtime settings.
How this skill works
The monitor runs a comprehensive set of checks across networking, file permissions, running processes, extension/plugin hygiene, container settings, and credential exposure. It uses curated IOC lists (C2 IPs, malicious domains, file hashes, publisher patterns) and heuristics for obfuscation, reverse shells, and persistence mechanisms. Results are viewable in a dark-themed dashboard, sent to Telegram, and can be remediated automatically via per-check scripts with dry-run and auto-approve options.
When to use it
- Before exposing an OpenClaw instance to public networks or clients
- After installing new skills, plugins, or VS Code extensions
- When unexpected network connections or suspicious processes appear
- As a daily automated safety check for production agents
- During incident response to quickly locate and neutralize compromises
Best practices
- Enable the daily automated scan and Telegram alerts to catch issues early
- Run remediation in dry-run mode first, then auto-approve only trusted fixes
- Keep the IOC files updated from your threat intelligence sources
- Limit privileged mounts (Docker socket, root) and enforce least privilege
- Review remediation scripts before auto-applying in sensitive environments
Example use cases
- Detect and block outgoing connections to known C2 IP addresses discovered by threat intel
- Identify skills or extensions that exfiltrate credentials to public payload hosts
- Audit container configurations to ensure no privileged socket mounts or root access
- Scan for persistence artifacts (cron, LaunchAgents, systemd) added by malicious skills
- Automate nightly scans with Telegram summaries for on-call teams
FAQ
Exit codes indicate overall status: 0 = secure, 1 = warnings found, 2 = compromised; use the dashboard or logs for details.
Can I preview fixes before applying them?
Yes — the remediation supports --dry-run to show planned changes, and --yes to auto-approve fixes when you’re ready.