🤖

Openclaw Security Monitor

Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments

下载2.0k

星标3

版本3.4.0

安全合规

安全通过

💬Prompt

在 App 中使用在 ClawHub 查看 ↗

技能说明

name: openclaw-security-monitor description: Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments tags: [security, scan, remediation, monitoring, threat-detection, hardening] version: 3.4.0 author: Adrian Birzu user-invocable: true

Security Monitor

Real-time security monitoring with threat intelligence from ClawHavoc research, daily automated scans, web dashboard, and Telegram alerting for OpenClaw.

Commands

Note: Replace <skill-dir> with the actual folder name where this skill is installed (commonly openclaw-security-monitor or security-monitor).

/security-scan

Run a comprehensive 40-point security scan:

Known C2 IPs (ClawHavoc: 91.92.242.x, 95.92.242.x, 54.91.154.110)
AMOS stealer / AuthTool markers
Reverse shells & backdoors (bash, python, perl, ruby, php, lua)
Credential exfiltration endpoints (webhook.site, pipedream, ngrok, etc.)
Crypto wallet targeting (seed phrases, private keys, exchange APIs)
Curl-pipe / download attacks
Sensitive file permission audit
Skill integrity hash verification
SKILL.md shell injection patterns (Prerequisites-based attacks)
Memory poisoning detection (SOUL.md, MEMORY.md, IDENTITY.md)
Base64 obfuscation detection (glot.io-style payloads)
External binary downloads (.exe, .dmg, .pkg, password-protected ZIPs)
Gateway security configuration audit
WebSocket origin validation (CVE-2026-25253)
Known malicious publisher detection (hightower6eu, etc.)
Sensitive environment/credential file leakage
DM policy audit (open/wildcard channel access)
Tool policy / elevated tools audit
Sandbox configuration check
mDNS/Bonjour exposure detection
Session & credential file permissions
Persistence mechanism scan (LaunchAgents, crontabs, systemd)
Plugin/extension security audit
Log redaction settings audit
Reverse proxy localhost trust bypass detection
Exec-approvals configuration audit (CVE-2026-25253 exploit chain)
Docker container security (root, socket mount, privileged mode)
Node.js version / CVE-2026-21636 permission model bypass
Plaintext credential detection in config files
VS Code extension trojan detection (fake ClawdBot extensions)
Internet exposure detection (non-loopback gateway binding)
MCP server security audit (tool poisoning, prompt injection)
ClawJacked WebSocket brute-force protection (v2026.2.25+)
SSRF protection audit (CVE-2026-26322, CVE-2026-27488)
Exec safeBins validation bypass (CVE-2026-28363, CVSS 9.9)
ACP permission auto-approval audit (GHSA-7jx5)
PATH hijacking / command hijacking (GHSA-jqpq-mgvm-f9r6)
Skill env override host injection (GHSA-82g8-464f-2mv7)
macOS deep link truncation (CVE-2026-26320)
Log poisoning / WebSocket header injection

bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/scan.sh

Exit codes: 0=SECURE, 1=WARNINGS, 2=COMPROMISED

/security-dashboard

Display a security overview with process trees via witr.

bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/dashboard.sh

/security-network

Monitor network connections and check against IOC database.

bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/network-check.sh

/security-remediate

Scan-driven remediation: runs scan.sh, skips CLEAN checks, and executes per-check remediation scripts for each WARNING/CRITICAL finding. Includes 40 individual scripts covering file permissions, exfiltration domain blocking, tool deny lists, gateway hardening, sandbox configuration, credential auditing, ClawJacked protection, SSRF hardening, PATH hijacking cleanup, log poisoning remediation, and more.

# Full scan + remediate (interactive)
bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh

# Auto-approve all fixes
bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --yes

# Dry run (preview)
bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --dry-run

# Remediate a single check
bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --check 7 --dry-run

# Run all 40 remediation scripts (skip scan)
bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/remediate.sh --all

Flags:

--yes / -y — Skip confirmation prompts (auto-approve all fixes)
--dry-run — Show what would be fixed without making changes
--check N — Run remediation for check N only (skip scan)
--all — Run all 40 remediation scripts without scanning first

Exit codes: 0=fixes applied, 1=some fixes failed, 2=nothing to fix

/security-setup-telegram

bash ~/.openclaw/workspace/skills/<skill-dir>/scripts/telegram-setup.sh [chat_id]

Web Dashboard

URL: http://<vm-ip>:18800

Dark-themed browser dashboard with auto-refresh, on-demand scanning, donut charts, process tree visualization, network monitoring, and scan history timeline.

Service Management

launchctl list | grep security-dashboard
launchctl unload ~/Library/LaunchAgents/com.openclaw.security-dashboard.plist
launchctl load ~/Library/LaunchAgents/com.openclaw.security-dashboard.plist

IOC Database

Threat intelligence files in ioc/:

c2-ips.txt - Known command & control IP addresses
malicious-domains.txt - Payload hosting and exfiltration domains
file-hashes.txt - Known malicious file SHA-256 hashes
malicious-publishers.txt - Known malicious ClawHub publishers
malicious-skill-patterns.txt - Malicious skill naming patterns

Daily Automated Scan

Cron job at 06:00 UTC with Telegram alerts. Install:

crontab -l | { cat; echo "0 6 * * * $HOME/.openclaw/workspace/skills/<skill-dir>/scripts/daily-scan-cron.sh"; } | crontab -

Threat Coverage

Based on research from 40+ security sources including:

Security & Transparency

Why the scanner flags itself: The ClawHub review scanner may report a [ignore-previous-instructions] finding for this skill. This is a false positive — the strings "ignore previous", "override instruction", etc. exist only within our detection patterns (grep regexes in scan.sh and remediation scripts). These patterns are how we detect prompt injection in other skills; they are not instructions to the agent.

Environment variables: This skill optionally uses OPENCLAW_TELEGRAM_TOKEN for daily scan alerts and OPENCLAW_HOME to override the default ~/.openclaw directory. These are declared in the metadata above.

Required binaries: bash, curl, node (for dashboard), lsof (for network checks). Optional: witr (process trees), docker (container audits), openclaw CLI (config checks).

What the scanner reads: The scan inspects files within ~/.openclaw/ (configs, skills, credentials, logs) to detect threats. It reads .env, .ssh, and keychain paths only as detection patterns — it never exfiltrates or transmits this data.

What remediation does: Remediation scripts can modify file permissions, block domains in /etc/hosts, adjust OpenClaw config, and remove malicious skills. Always run --dry-run first to preview changes. The --yes flag auto-approves all fixes — use only after reviewing dry-run output.

Persistence: The daily cron job and LaunchAgent (dashboard) are both optional and manually installed by the user. The skill does not auto-install persistence.

IOC updates: update-ioc.sh fetches threat intelligence from this project's GitHub repository. Pin the upstream URL if you want to control the source.

Dashboard binding: The web dashboard defaults to 127.0.0.1:18800 (localhost only). Set DASHBOARD_HOST=127.0.0.1 explicitly if concerned about LAN exposure.

Installation

# From GitHub
git clone https://github.com/adibirzu/openclaw-security-monitor.git \
  ~/.openclaw/workspace/skills/<skill-dir>
chmod +x ~/.openclaw/workspace/skills/<skill-dir>/scripts/*.sh

The OpenClaw agent auto-discovers skills from ~/.openclaw/workspace/skills/ via SKILL.md frontmatter. After cloning, the /security-scan, /security-remediate, /security-dashboard, /security-network, and /security-setup-telegram commands will be available in the agent.

如何使用「Openclaw Security Monitor」？

打开小龙虾AI（Web 或 iOS App）
点击上方「立即使用」按钮，或在对话框中输入任务描述
小龙虾AI 会自动匹配并调用「Openclaw Security Monitor」技能完成任务
结果即时呈现，支持继续对话优化