security-monitor
✓Verified·Scanned 2/17/2026
This skill implements continuous security monitoring for Clawdbot, inspecting system logs, processes, ports, Docker state, and config files. It reads fs.readFileSync('/root/clawd/skills/.env','utf8') and executes fixed shell commands via execSync('tail -100 /var/log/auth.log ...'); no confirmed external exfiltration is present.
from clawhub.ai·va82cf8e·10.2 KB·0 installs
Scanned from 1.0.0 at a82cf8e · Transparency log ↗
$ vett add clawhub.ai/chandrasekar-r/security-monitor
Security Monitor Skill
When to use
Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment.
Setup
No external dependencies required. Runs as a background process.
How to
Start real-time monitoring
node skills/security-monitor/scripts/monitor.cjs --interval 60
Run in daemon mode (background)
node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60
Monitor for specific threats
node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls
What It Monitors
| Threat | Detection | Response |
|---|---|---|
| Brute force attacks | Failed login detection | Alert + IP tracking |
| Port scanning | Rapid connection attempts | Alert |
| Process anomalies | Unexpected processes | Alert |
| File changes | Unauthorized modifications | Alert |
| Container health | Docker issues | Alert |
Output
- Console output (stdout)
- JSON logs at
/root/clawd/clawdbot-security/logs/alerts.log - Telegram alerts (configurable)
Daemon Mode
Use systemd or PM2 to keep monitoring active:
# With PM2
pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60
Combined with Security Audit
Run audit first, then monitor continuously:
# One-time audit
node skills/security-audit/scripts/audit.cjs --full
# Continuous monitoring
node skills/security-monitor/scripts/monitor.cjs --daemon
Related skills
security-audit- One-time security scan (install separately)