Security Monitor
Real-time security monitoring with threat intelligence from ClawHavoc research, daily automated scans, web dashboard, and Telegram alerting for OpenClaw.
Commands
/security-scan
Run a comprehensive 32-point security scan:
- •Known C2 IPs (ClawHavoc: 91.92.242.x, 95.92.242.x, 54.91.154.110)
- •AMOS stealer / AuthTool markers
- •Reverse shells & backdoors (bash, python, perl, ruby, php, lua)
- •Credential exfiltration endpoints (webhook.site, pipedream, ngrok, etc.)
- •Crypto wallet targeting (seed phrases, private keys, exchange APIs)
- •Curl-pipe / download attacks
- •Sensitive file permission audit
- •Skill integrity hash verification
- •SKILL.md shell injection patterns (Prerequisites-based attacks)
- •Memory poisoning detection (SOUL.md, MEMORY.md, IDENTITY.md)
- •Base64 obfuscation detection (glot.io-style payloads)
- •External binary downloads (.exe, .dmg, .pkg, password-protected ZIPs)
- •Gateway security configuration audit
- •WebSocket origin validation (CVE-2026-25253)
- •Known malicious publisher detection (hightower6eu, etc.)
- •Sensitive environment/credential file leakage
- •DM policy audit (open/wildcard channel access)
- •Tool policy / elevated tools audit
- •Sandbox configuration check
- •mDNS/Bonjour exposure detection
- •Session & credential file permissions
- •Persistence mechanism scan (LaunchAgents, crontabs, systemd)
- •Plugin/extension security audit
- •Log redaction settings audit
- •Reverse proxy localhost trust bypass detection
- •Exec-approvals configuration audit (CVE-2026-25253 exploit chain)
- •Docker container security (root, socket mount, privileged mode)
- •Node.js version / CVE-2026-21636 permission model bypass
- •Plaintext credential detection in config files
- •VS Code extension trojan detection (fake ClawdBot extensions)
- •Internet exposure detection (non-loopback gateway binding)
- •MCP server security audit (tool poisoning, prompt injection)
bash ~/.openclaw/workspace/skills/security-monitor/scripts/scan.sh
Exit codes: 0=SECURE, 1=WARNINGS, 2=COMPROMISED
/security-dashboard
Display a security overview with process trees via witr.
bash ~/.openclaw/workspace/skills/security-monitor/scripts/dashboard.sh
/security-network
Monitor network connections and check against IOC database.
bash ~/.openclaw/workspace/skills/security-monitor/scripts/network-check.sh
/security-remediate
Scan-driven remediation: runs scan.sh, skips CLEAN checks, and executes per-check remediation scripts for each WARNING/CRITICAL finding. Includes 32 individual scripts covering file permissions, exfiltration domain blocking, tool deny lists, gateway hardening, sandbox configuration, credential auditing, and more.
# Full scan + remediate (interactive) bash ~/.openclaw/workspace/skills/security-monitor/scripts/remediate.sh # Auto-approve all fixes bash ~/.openclaw/workspace/skills/security-monitor/scripts/remediate.sh --yes # Dry run (preview) bash ~/.openclaw/workspace/skills/security-monitor/scripts/remediate.sh --dry-run # Remediate a single check bash ~/.openclaw/workspace/skills/security-monitor/scripts/remediate.sh --check 7 --dry-run # Run all 32 remediation scripts (skip scan) bash ~/.openclaw/workspace/skills/security-monitor/scripts/remediate.sh --all
Flags:
- •
--yes/-y— Skip confirmation prompts (auto-approve all fixes) - •
--dry-run— Show what would be fixed without making changes - •
--check N— Run remediation for check N only (skip scan) - •
--all— Run all 32 remediation scripts without scanning first
Exit codes: 0=fixes applied, 1=some fixes failed, 2=nothing to fix
/security-setup-telegram
Register a Telegram chat for daily security alerts.
bash ~/.openclaw/workspace/skills/security-monitor/scripts/telegram-setup.sh [chat_id]
Web Dashboard
URL: http://<vm-ip>:18800
Dark-themed browser dashboard with auto-refresh, on-demand scanning, donut charts, process tree visualization, network monitoring, and scan history timeline.
Service Management
launchctl list | grep security-dashboard launchctl unload ~/Library/LaunchAgents/com.openclaw.security-dashboard.plist launchctl load ~/Library/LaunchAgents/com.openclaw.security-dashboard.plist
IOC Database
Threat intelligence files in ioc/:
- •
c2-ips.txt- Known command & control IP addresses - •
malicious-domains.txt- Payload hosting and exfiltration domains - •
file-hashes.txt- Known malicious file SHA-256 hashes - •
malicious-publishers.txt- Known malicious ClawHub publishers - •
malicious-skill-patterns.txt- Malicious skill naming patterns
Daily Automated Scan
Cron job at 06:00 UTC with Telegram alerts. Install:
crontab -l | { cat; echo "0 6 * * * $HOME/.openclaw/workspace/skills/security-monitor/scripts/daily-scan-cron.sh"; } | crontab -
Threat Coverage
Based on research from 40+ security sources including:
- •ClawHavoc: 341 Malicious Skills (Koi Security)
- •CVE-2026-25253: 1-Click RCE
- •From SKILL.md to Shell Access (Snyk)
- •VirusTotal: From Automation to Infection
- •OpenClaw Official Security Docs
- •DefectDojo Hardening Checklist
- •Vectra: Automation as Backdoor
- •Cisco: AI Agents Security Nightmare
- •Bloom Security/JFrog: 37 Malicious Skills
- •OpenSourceMalware: Skills Ganked Your Crypto
- •Snyk: clawdhub Campaign Deep-Dive
- •OWASP Top 10 for Agentic Applications 2026
- •CrowdStrike: OpenClaw AI Super Agent
- •Argus Security Audit (512 findings)
- •ToxSec: OpenClaw Security Checklist
- •Aikido.dev: Fake ClawdBot VS Code Extension
- •Prompt Security: Top 10 MCP Risks
Installation
# From GitHub git clone https://github.com/adibirzu/openclaw-security-monitor.git \ ~/.openclaw/workspace/skills/security-monitor chmod +x ~/.openclaw/workspace/skills/security-monitor/scripts/*.sh
The OpenClaw agent auto-discovers skills from ~/.openclaw/workspace/skills/ via SKILL.md frontmatter. After cloning, the /security-scan, /security-remediate, /security-dashboard, /security-network, and /security-setup-telegram commands will be available in the agent.