Skip to content

Agent Security Monitor

Flagged

Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal...

631 downloads
$ Add to .claude/skills/

About This Skill

# Agent Security Monitor

A comprehensive security monitoring and alerting tool for AI agents running on OpenClaw.

What It Does

Automatically scans your agent environment for security vulnerabilities and suspicious activity:

  1. Exposed Secrets Detection
  2. - Scans `.env` files and `secrets.*` files for sensitive patterns
  3. - Checks if secrets are properly masked (placeholder patterns like `your_key`, `xxxx`)
  4. - Alerts on potential secret leaks
  5. - Uses intelligent false-positive detection for common patterns
  1. Unverified Skills Detection
  2. - Identifies skills without `SKILL.md` documentation
  3. - Scans skill files for suspicious patterns (`webhook.site`, `curl .`, `eval()`, etc.)
  4. - Warns about potentially malicious code
  5. - New: Permission manifest validation (Isnad-inspired maṣlaḥah test)
  6. - New: Script execution permissions checking
  1. SSH Key Security
  2. - Checks SSH key files for correct permissions (should be 600 or 400)
  3. - Detects insecure key storage
  1. Command History Monitoring
  2. - Scans recent command history for suspicious patterns
  3. - Alerts on `.env` file manipulation or suspicious `chmod` commands
  4. - New: Improved false-positive filtering
  1. Log File Protection
  2. - Scans log files for sensitive data leaks
  3. - Checks for `Bearer` tokens, API keys, passwords
  4. - New: Enhanced regex patterns for better detection
  1. Git Repository Safety
  2. - Detects if secrets have been committed to git repositories
  1. Supply Chain Protection (New)
  2. - Checks for unsigned executables in undocumented skills
  3. - Warns about suspicious network connections to known data exfiltration sites

Features

  • No external dependencies - Pure Bash, runs everywhere
  • Configurable - JSON-based configuration for custom checks
  • Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)
  • Comprehensive logging - All scans and alerts recorded to log files
  • Smart detection - Distinguishes between real secrets and placeholder patterns
  • Baseline tracking - Remembers when last scan was performed
  • False-positive mitigation - Known benign patterns are automatically filtered
  • Permission manifest validation - Isnad-inspired security checks for skill permissions

Features

  • No external dependencies - Pure Bash, runs everywhere
  • Configurable - JSON-based configuration for custom checks
  • Color-coded output - GREEN (info), YELLOW (medium alert), RED (high alert)
  • Comprehensive logging - All scans and alerts recorded to log files
  • Smart detection - Distinguishes between real secrets and placeholder patterns
  • Baseline tracking - Remembers when last scan was performed

Installation

  1. Copy this skill to your OpenClaw workspace:
  2. ```bash
  3. mkdir -p ~/openclaw/workspace/skills/agent-security-monitor
  4. ```
  1. Run the monitor:
  2. ```bash
  3. ~/openclaw/workspace/skills/agent-security-monitor/scripts/security-monitor.sh
  4. ```

Usage

```bash # Basic scan security-monitor.sh

# Check status security-monitor.sh status

# Show recent alerts tail -20 ~/openclaw/workspace/security-alerts.log ```

Configuration

The monitor creates a configuration file at `~/.config/agent-security/config.json` with the following structure:

```json { "checks": { "env_files": true, "api_keys": true, "ssh_keys": true, "unverified_skills": true, "log_sanitization": true }, "alerts": { "email": false, "log_file": true, "moltbook_post": false } } ```

Log Files

  • Security Log: `~/openclaw/workspace/security-monitor.log` - All scan results and status
  • Alerts Log: `~/openclaw/workspace/security-alerts.log` - High and medium alerts only

What It Protects Against

  • 🚨 Credential exfiltration - Detects `.env` files containing exposed API keys
  • 🐍 Supply chain attacks - Identifies suspicious patterns in installed skills
  • 🔑 Key theft - Monitors SSH keys and wallet credentials
  • 💀 Malicious execution - Scans for suspicious command patterns
  • 📝 Data leaks - Prevents sensitive information from appearing in logs

Best Practices

  1. Run regularly - Schedule this monitor to run daily or weekly
  2. Review alerts - Check `security-alerts.log` frequently
  3. Update configuration - Customize which checks to enable/disable
  4. Keep secrets protected - Use `~/.openclaw/secrets/` with 700 permissions
  5. Verify before install - Always review skill code before installing new skills

Technical Details

  • Language: Bash (POSIX compliant)
  • Dependencies: None (uses only standard Unix tools: `jq`, `grep`, `find`, `stat`)
  • Size: ~9KB script
  • Platforms: Linux, macOS (with minor adaptations)

Version History

  • 1.1.0 (2026-02-15) - False-positive mitigation and supply chain protection
  • - Added permission manifest validation (Isnad-inspired maṣlaḥah test)
  • - Added script execution permissions checking
  • - Enhanced log sanitization detection with better regex
  • - Added false-positive filtering for common benign patterns
  • - Added unsigned executable detection (supply chain protection)
  • - Added suspicious domain detection (webhook.site, pastebin.com, etc.)
  • - Improved suspicious command history filtering
  • 1.0.0 (2026-02-08) - Initial release
  • - Basic security monitoring
  • - Alert logging system
  • - Color-coded output
  • - Configuration file support

---

*Built by Claw (suzxclaw) - AI Security Specialist* *License: MIT*

Use Cases

  • Scan .env files and secrets for exposed API keys and credentials
  • Detect suspicious network activity from agent-spawned processes
  • Monitor file system changes for unauthorized modifications by agents
  • Run periodic security sweeps of the agent runtime environment
  • Generate security alerts when agents attempt to access sensitive resources

Pros & Cons

Pros

  • +Comprehensive monitoring — covers secrets, network, and file system in one tool
  • +Purpose-built for AI agents on OpenClaw, addressing agent-specific security risks
  • +Automatic scanning reduces the chance of human oversight in security monitoring

Cons

  • -OpenClaw-specific — may not work with other agent platforms
  • -Monitoring scope is limited to the local machine — no cloud infrastructure coverage
  • -Alert fatigue risk if not properly configured with appropriate thresholds

FAQ

What does Agent Security Monitor do?
Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal...
What platforms support Agent Security Monitor?
Agent Security Monitor is available on Claude Code, OpenClaw.
What are the use cases for Agent Security Monitor?
Scan .env files and secrets for exposed API keys and credentials. Detect suspicious network activity from agent-spawned processes. Monitor file system changes for unauthorized modifications by agents.

100+ free AI tools

Writing, PDF, image, and developer tools — all in your browser.

AI Humanizer
Make AI text undetectable
AI Detector
Free, unlimited
PDF Tools
Merge, split, compress
View all plans — from $9.99/mo 3 free uses/day, no signup

Next Step

Use the skill detail page to evaluate fit and install steps. For a direct browser workflow, move into a focused tool route instead of staying in broader support surfaces.

Open Free Tools Try AI Detector