Agent Skills
› NeverSight/learn-skills.dev
› security-monitor
security-monitor
GitHub用于Clawdbot部署的实时安全监控工具,持续检测入侵、异常API调用及凭证使用模式。支持后台守护进程运行,可识别暴力破解、端口扫描等威胁并发送警报。
Trigger Scenarios
需要实时监控Clawdbot环境安全时
检测异常登录或未经授权的文件修改时
配置后台持续安全警报服务时
Install
npx skills add NeverSight/learn-skills.dev --skill security-monitor -g -y
SKILL.md
Frontmatter
{
"name": "security-monitor",
"description": "Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches."
}
Security Monitor Skill
When to use
Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment.
Setup
No external dependencies required. Runs as a background process.
How to
Start real-time monitoring
node skills/security-monitor/scripts/monitor.cjs --interval 60
Run in daemon mode (background)
node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60
Monitor for specific threats
node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls
What It Monitors
| Threat | Detection | Response |
|---|---|---|
| Brute force attacks | Failed login detection | Alert + IP tracking |
| Port scanning | Rapid connection attempts | Alert |
| Process anomalies | Unexpected processes | Alert |
| File changes | Unauthorized modifications | Alert |
| Container health | Docker issues | Alert |
Output
- Console output (stdout)
- JSON logs at
/root/clawd/clawdbot-security/logs/alerts.log - Telegram alerts (configurable)
Daemon Mode
Use systemd or PM2 to keep monitoring active:
# With PM2
pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60
Combined with Security Audit
Run audit first, then monitor continuously:
# One-time audit
node skills/security-audit/scripts/audit.cjs --full
# Continuous monitoring
node skills/security-monitor/scripts/monitor.cjs --daemon
Related skills
security-audit- One-time security scan (install separately)
Version History
- e0220ca Current 2026-07-05 21:46


