Agent Skills
› NeverSight/learn-skills.dev
› security-monitor
security-monitor
GitHubClawdbot实时安全监控技能,后台运行以检测入侵、异常API调用及凭证使用模式。支持暴力破解、端口扫描等威胁检测,提供控制台、日志及Telegram告警,可与安全审计配合使用。
Trigger Scenarios
需要持续监控Clawdbot部署安全状态
检测入侵或异常活动
配置后台守护进程进行实时安全防护
Install
npx skills add NeverSight/learn-skills.dev --skill security-monitor -g -y
SKILL.md
Frontmatter
{
"name": "security-monitor",
"description": "Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches."
}
Security Monitor Skill
When to use
Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment.
Setup
No external dependencies required. Runs as a background process.
How to
Start real-time monitoring
node skills/security-monitor/scripts/monitor.cjs --interval 60
Run in daemon mode (background)
node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60
Monitor for specific threats
node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls
What It Monitors
| Threat | Detection | Response |
|---|---|---|
| Brute force attacks | Failed login detection | Alert + IP tracking |
| Port scanning | Rapid connection attempts | Alert |
| Process anomalies | Unexpected processes | Alert |
| File changes | Unauthorized modifications | Alert |
| Container health | Docker issues | Alert |
Output
- Console output (stdout)
- JSON logs at
/root/clawd/clawdbot-security/logs/alerts.log - Telegram alerts (configurable)
Daemon Mode
Use systemd or PM2 to keep monitoring active:
# With PM2
pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60
Combined with Security Audit
Run audit first, then monitor continuously:
# One-time audit
node skills/security-audit/scripts/audit.cjs --full
# Continuous monitoring
node skills/security-monitor/scripts/monitor.cjs --daemon
Related skills
security-audit- One-time security scan (install separately)
Version History
- e0220ca Current 2026-07-05 21:58


