AgentSkillsCN

security-monitor

针对Clawdbot的实时安全监控。检测入侵、异常API调用、凭据使用模式,并对泄露事件发出警报。

SKILL.md
--- frontmatter
name: security-monitor
description: Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.

Security Monitor Skill

When to use

Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment.

Setup

No external dependencies required. Runs as a background process.

How to

Start real-time monitoring

bash
node skills/security-monitor/scripts/monitor.cjs --interval 60

Run in daemon mode (background)

bash
node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60

Monitor for specific threats

bash
node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls

What It Monitors

ThreatDetectionResponse
Brute force attacksFailed login detectionAlert + IP tracking
Port scanningRapid connection attemptsAlert
Process anomaliesUnexpected processesAlert
File changesUnauthorized modificationsAlert
Container healthDocker issuesAlert

Output

  • Console output (stdout)
  • JSON logs at /root/clawd/clawdbot-security/logs/alerts.log
  • Telegram alerts (configurable)

Daemon Mode

Use systemd or PM2 to keep monitoring active:

bash
# With PM2
pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60

Combined with Security Audit

Run audit first, then monitor continuously:

bash
# One-time audit
node skills/security-audit/scripts/audit.cjs --full

# Continuous monitoring
node skills/security-monitor/scripts/monitor.cjs --daemon

Related skills

  • security-audit - One-time security scan (install separately)