Back to Details

openclaw-security-watchdog

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

OpenClaw Security Watchdog

OpenClaw安全守护工具

Skill by ara.so — Security Skills collection.
OpenClaw Security Watchdog is an automated security scanning tool that performs comprehensive system security audits across 14 critical security dimensions. It generates human-readable reports with clear risk indicators (✅/⚠️/🚨) and can integrate with threat intelligence databases.
ara.so开发的Skill — 安全技能合集。
OpenClaw安全守护工具是一款自动化安全扫描工具,可针对14个关键安全维度执行全面的系统安全审计。它会生成带有清晰风险标识(✅/⚠️/🚨)的易读报告,还能与威胁情报数据库集成。

Installation

安装

Prerequisites:
  • Node.js v18 or higher
  • OpenClaw CLI installed
Install via OpenClaw (Recommended):
bash
undefined
前置要求:
  • Node.js v18或更高版本
  • 已安装OpenClaw CLI
通过OpenClaw安装(推荐):
bash
undefined

In OpenClaw chat, say:

在OpenClaw对话中输入:

"Install the security watchdog skill from https://github.com/CTCT-CT2/openclaw-security-watchdog"

"Install the security watchdog skill from https://github.com/CTCT-CT2/openclaw-security-watchdog"


**Manual Installation:**
```bash
git clone https://github.com/CTCT-CT2/openclaw-security-watchdog.git
cd openclaw-security-watchdog
npm install

**手动安装:**
```bash
git clone https://github.com/CTCT-CT2/openclaw-security-watchdog.git
cd openclaw-security-watchdog
npm install

Triggering the Scan

触发扫描

Once installed as an OpenClaw skill, trigger it conversationally:
Execute security inspection
Help me check system security
Run a security audit
OpenClaw will automatically recognize and execute the security watchdog skill.
作为OpenClaw Skill安装完成后,可通过对话触发:
执行安全检查
帮我检查系统安全
运行安全审计
OpenClaw会自动识别并执行安全守护工具Skill。

Scan Modes

扫描模式

Full Scan (Recommended)

全面扫描(推荐)

  • Runs all 14 security checks
  • Queries threat intelligence databases (optional)
  • Sends anonymized metadata for analysis
  • Provides comprehensive risk scoring
  • 运行全部14项安全检查
  • 查询威胁情报数据库(可选)
  • 发送匿名元数据用于分析
  • 提供全面风险评分

Local-Only Mode

仅本地模式

  • Zero network traffic
  • All data stays on local machine
  • No threat intelligence lookups
  • Privacy-first approach
  • 无网络流量
  • 所有数据保留在本地机器
  • 不查询威胁情报
  • 隐私优先的方案

Security Check Coverage

安全检查覆盖范围

The tool scans 14 critical areas:
  1. Core Runtime Environment Health - Checks Node.js/system integrity
  2. Sensitive Directory Tamper Detection - Monitors critical system paths
  3. Gateway Process Memory Isolation - Validates credential isolation
  4. Configuration Integrity & Permission Baseline - Audits config file permissions
  5. Component Supply Chain Integrity - Validates package checksums
  6. Remote Access & Brute Force Monitoring - SSH/RDP attack detection
  7. Network Exposure & Anomalous Processes - Open ports and suspicious processes
  8. Automated Tasks & Backdoor Detection - Cron/scheduled task analysis
  9. Privilege Escalation & Unauthorized Commands - Sudo abuse detection
  10. Outbound Connections & Data Exfiltration - Network traffic analysis
  11. System Credentials & Sensitive File Access - Access log auditing
  12. Hardcoded Secrets & Mnemonic Leak Scanning - Secret detection in code
  13. Sudo Privilege Audit - Privilege escalation tracking
  14. Malicious Component Threat Intelligence - Known malware detection
该工具扫描14个关键领域:
  1. 核心运行时环境健康检查 - 检查Node.js/系统完整性
  2. 敏感目录篡改检测 - 监控关键系统路径
  3. 网关进程内存隔离验证 - 验证凭证隔离情况
  4. 配置完整性与权限基线审计 - 审核配置文件权限
  5. 组件供应链完整性验证 - 验证包校验和
  6. 远程访问与暴力破解监控 - SSH/RDP攻击检测
  7. 网络暴露与异常进程检测 - 开放端口与可疑进程
  8. 自动化任务与后门检测 - Cron/定时任务分析
  9. 权限提升与未授权命令检测 - Sudo滥用检测
  10. 出站连接与数据泄露分析 - 网络流量分析
  11. 系统凭证与敏感文件访问审计 - 访问日志审核
  12. 硬编码密钥与助记词泄露扫描 - 代码中的密钥检测
  13. Sudo权限审计 - 权限提升追踪
  14. 恶意组件威胁情报检测 - 已知恶意软件检测

Code Examples

代码示例

Basic Scan Execution (JavaScript)

基础扫描执行(JavaScript)

javascript
const SecurityWatchdog = require('openclaw-security-watchdog');

// Initialize scanner
const scanner = new SecurityWatchdog({
  mode: 'full', // or 'local'
  reportPath: '~/.openclaw/security-reports/',
  enableThreatIntel: true
});

// Run scan
async function runSecurityScan() {
  try {
    const results = await scanner.scan();
    
    console.log(`Security Score: ${results.score}/100`);
    console.log(`Passed: ${results.passed}/${results.total}`);
    console.log(`Warnings: ${results.warnings}`);
    console.log(`Critical: ${results.critical}`);
    
    // Access individual check results
    results.checks.forEach(check => {
      console.log(`${check.icon} ${check.name}: ${check.status}`);
      if (check.findings.length > 0) {
        console.log(`  Findings: ${check.findings.join(', ')}`);
      }
    });
    
    // Generate report
    await scanner.generateReport(results);
    
  } catch (error) {
    console.error('Scan failed:', error);
  }
}

runSecurityScan();
javascript
const SecurityWatchdog = require('openclaw-security-watchdog');

// Initialize scanner
const scanner = new SecurityWatchdog({
  mode: 'full', // or 'local'
  reportPath: '~/.openclaw/security-reports/',
  enableThreatIntel: true
});

// Run scan
async function runSecurityScan() {
  try {
    const results = await scanner.scan();
    
    console.log(`Security Score: ${results.score}/100`);
    console.log(`Passed: ${results.passed}/${results.total}`);
    console.log(`Warnings: ${results.warnings}`);
    console.log(`Critical: ${results.critical}`);
    
    // Access individual check results
    results.checks.forEach(check => {
      console.log(`${check.icon} ${check.name}: ${check.status}`);
      if (check.findings.length > 0) {
        console.log(`  Findings: ${check.findings.join(', ')}`);
      }
    });
    
    // Generate report
    await scanner.generateReport(results);
    
  } catch (error) {
    console.error('Scan failed:', error);
  }
}

runSecurityScan();

Scheduled Scanning

定时扫描

javascript
const cron = require('node-cron');
const SecurityWatchdog = require('openclaw-security-watchdog');

// Schedule daily scan at 2 AM
cron.schedule('0 2 * * *', async () => {
  const scanner = new SecurityWatchdog({ mode: 'full' });
  const results = await scanner.scan();
  
  // Send alerts on critical findings
  if (results.critical > 0) {
    await scanner.sendAlert(results, {
      channel: 'email',
      recipients: [process.env.SECURITY_ALERT_EMAIL]
    });
  }
});
javascript
const cron = require('node-cron');
const SecurityWatchdog = require('openclaw-security-watchdog');

// Schedule daily scan at 2 AM
cron.schedule('0 2 * * *', async () => {
  const scanner = new SecurityWatchdog({ mode: 'full' });
  const results = await scanner.scan();
  
  // Send alerts on critical findings
  if (results.critical > 0) {
    await scanner.sendAlert(results, {
      channel: 'email',
      recipients: [process.env.SECURITY_ALERT_EMAIL]
    });
  }
});

Custom Check Integration

自定义检查集成

javascript
const SecurityWatchdog = require('openclaw-security-watchdog');

const scanner = new SecurityWatchdog();

// Add custom security check
scanner.addCheck({
  name: 'Custom API Key Validation',
  category: 'secrets',
  async execute() {
    const apiKeys = await this.scanForPattern(/api[_-]?key\s*[:=]\s*['"][^'"]{20,}['"]/gi);
    
    return {
      status: apiKeys.length === 0 ? 'pass' : 'fail',
      findings: apiKeys,
      severity: 'high',
      recommendation: 'Move API keys to environment variables'
    };
  }
});

scanner.scan();
javascript
const SecurityWatchdog = require('openclaw-security-watchdog');

const scanner = new SecurityWatchdog();

// Add custom security check
scanner.addCheck({
  name: 'Custom API Key Validation',
  category: 'secrets',
  async execute() {
    const apiKeys = await this.scanForPattern(/api[_-]?key\s*[:=]\s*['"][^'"]{20,}['"]/gi);
    
    return {
      status: apiKeys.length === 0 ? 'pass' : 'fail',
      findings: apiKeys,
      severity: 'high',
      recommendation: 'Move API keys to environment variables'
    };
  }
});

scanner.scan();

Filtering Scan Results

扫描结果过滤

javascript
const scanner = new SecurityWatchdog();

const results = await scanner.scan();

// Get only critical findings
const criticalIssues = results.checks.filter(
  check => check.severity === 'critical' && check.status === 'fail'
);

// Get all permission-related issues
const permissionIssues = results.checks.filter(
  check => check.category === 'permissions'
);

// Generate filtered report
await scanner.generateReport(results, {
  filter: check => check.severity === 'high' || check.severity === 'critical'
});
javascript
const scanner = new SecurityWatchdog();

const results = await scanner.scan();

// Get only critical findings
const criticalIssues = results.checks.filter(
  check => check.severity === 'critical' && check.status === 'fail'
);

// Get all permission-related issues
const permissionIssues = results.checks.filter(
  check => check.category === 'permissions'
);

// Generate filtered report
await scanner.generateReport(results, {
  filter: check => check.severity === 'high' || check.severity === 'critical'
});

Configuration

配置

Create 
~/.openclaw/security-watchdog.json
:
json
{
  "mode": "full",
  "reportPath": "~/.openclaw/security-reports/",
  "enableThreatIntel": true,
  "excludePaths": [
    "/tmp",
    "/var/cache"
  ],
  "checksToRun": [
    "runtime-health",
    "directory-tamper",
    "memory-isolation",
    "config-integrity",
    "supply-chain",
    "remote-access",
    "network-exposure",
    "scheduled-tasks",
    "privilege-escalation",
    "outbound-connections",
    "credential-access",
    "secret-scanning",
    "sudo-audit",
    "threat-intel"
  ],
  "alerting": {
    "enabled": true,
    "thresholds": {
      "critical": 1,
      "high": 3
    },
    "channels": ["email", "slack"]
  },
  "threatIntelSources": [
    "https://threat-intel.openclaw.io/api/v1/lookup"
  ]
}
创建
~/.openclaw/security-watchdog.json
json
{
  "mode": "full",
  "reportPath": "~/.openclaw/security-reports/",
  "enableThreatIntel": true,
  "excludePaths": [
    "/tmp",
    "/var/cache"
  ],
  "checksToRun": [
    "runtime-health",
    "directory-tamper",
    "memory-isolation",
    "config-integrity",
    "supply-chain",
    "remote-access",
    "network-exposure",
    "scheduled-tasks",
    "privilege-escalation",
    "outbound-connections",
    "credential-access",
    "secret-scanning",
    "sudo-audit",
    "threat-intel"
  ],
  "alerting": {
    "enabled": true,
    "thresholds": {
      "critical": 1,
      "high": 3
    },
    "channels": ["email", "slack"]
  },
  "threatIntelSources": [
    "https://threat-intel.openclaw.io/api/v1/lookup"
  ]
}

Environment Variables

环境变量

bash
undefined
bash
undefined

Threat intelligence API key (if using external sources)

Threat intelligence API key (if using external sources)

export OPENCLAW_THREAT_INTEL_API_KEY=your_api_key_here
export OPENCLAW_THREAT_INTEL_API_KEY=your_api_key_here

Alert notification endpoints

Alert notification endpoints

export SECURITY_ALERT_EMAIL=security@example.com export SECURITY_ALERT_SLACK_WEBHOOK=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
export SECURITY_ALERT_EMAIL=security@example.com export SECURITY_ALERT_SLACK_WEBHOOK=https://hooks.slack.com/services/YOUR/WEBHOOK/URL

Report encryption key (optional)

Report encryption key (optional)

export OPENCLAW_REPORT_ENCRYPTION_KEY=your_encryption_key_here
undefined
export OPENCLAW_REPORT_ENCRYPTION_KEY=your_encryption_key_here
undefined

Report Output

报告输出

Reports are saved to 
~/.openclaw/security-reports/
with timestamp:
security-report-2026-05-06-14-30-00.json
security-report-2026-05-06-14-30-00.html
security-report-2026-05-06-14-30-00.txt
报告会保存到
~/.openclaw/security-reports/
目录,文件名包含时间戳:
security-report-2026-05-06-14-30-00.json
security-report-2026-05-06-14-30-00.html
security-report-2026-05-06-14-30-00.txt

Accessing Report Programmatically

以编程方式访问报告

javascript
const fs = require('fs');
const path = require('path');

const reportPath = path.join(
  process.env.HOME,
  '.openclaw/security-reports/security-report-latest.json'
);

const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));

console.log(`Overall Security Score: ${report.score}/100`);
console.log(`Risk Level: ${report.riskLevel}`); // low, medium, high, critical
javascript
const fs = require('fs');
const path = require('path');

const reportPath = path.join(
  process.env.HOME,
  '.openclaw/security-reports/security-report-latest.json'
);

const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));

console.log(`Overall Security Score: ${report.score}/100`);
console.log(`Risk Level: ${report.riskLevel}`); // low, medium, high, critical

Common Patterns

常见应用场景

Pre-Deployment Security Gate

部署前安全网关

javascript
// In CI/CD pipeline
const SecurityWatchdog = require('openclaw-security-watchdog');

async function securityGate() {
  const scanner = new SecurityWatchdog({ mode: 'local' });
  const results = await scanner.scan();
  
  if (results.critical > 0) {
    console.error('❌ Critical security issues found. Deployment blocked.');
    process.exit(1);
  }
  
  if (results.score < 80) {
    console.warn('⚠️  Security score below threshold. Review required.');
    process.exit(1);
  }
  
  console.log('✅ Security scan passed. Proceeding with deployment.');
}

securityGate();
javascript
// In CI/CD pipeline
const SecurityWatchdog = require('openclaw-security-watchdog');

async function securityGate() {
  const scanner = new SecurityWatchdog({ mode: 'local' });
  const results = await scanner.scan();
  
  if (results.critical > 0) {
    console.error('❌ Critical security issues found. Deployment blocked.');
    process.exit(1);
  }
  
  if (results.score < 80) {
    console.warn('⚠️  Security score below threshold. Review required.');
    process.exit(1);
  }
  
  console.log('✅ Security scan passed. Proceeding with deployment.');
}

securityGate();

Continuous Monitoring

持续监控

javascript
const SecurityWatchdog = require('openclaw-security-watchdog');
const EventEmitter = require('events');

class SecurityMonitor extends EventEmitter {
  constructor() {
    super();
    this.scanner = new SecurityWatchdog({ mode: 'full' });
  }
  
  startMonitoring(intervalMinutes = 60) {
    setInterval(async () => {
      const results = await this.scanner.scan();
      
      if (results.critical > 0) {
        this.emit('criticalThreat', results);
      }
      
      if (results.score < this.lastScore - 10) {
        this.emit('scoreDropped', results);
      }
      
      this.lastScore = results.score;
    }, intervalMinutes * 60 * 1000);
  }
}

const monitor = new SecurityMonitor();
monitor.on('criticalThreat', results => {
  console.error('🚨 Critical threat detected!', results);
});
monitor.startMonitoring();
javascript
const SecurityWatchdog = require('openclaw-security-watchdog');
const EventEmitter = require('events');

class SecurityMonitor extends EventEmitter {
  constructor() {
    super();
    this.scanner = new SecurityWatchdog({ mode: 'full' });
  }
  
  startMonitoring(intervalMinutes = 60) {
    setInterval(async () => {
      const results = await this.scanner.scan();
      
      if (results.critical > 0) {
        this.emit('criticalThreat', results);
      }
      
      if (results.score < this.lastScore - 10) {
        this.emit('scoreDropped', results);
      }
      
      this.lastScore = results.score;
    }, intervalMinutes * 60 * 1000);
  }
}

const monitor = new SecurityMonitor();
monitor.on('criticalThreat', results => {
  console.error('🚨 Critical threat detected!', results);
});
monitor.startMonitoring();

Troubleshooting

故障排除

Permission Errors

权限错误

bash
undefined
bash
undefined

Ensure proper permissions for scanning system directories

Ensure proper permissions for scanning system directories

sudo chmod +r /var/log/auth.log sudo chmod +r /etc/ssh/sshd_config
sudo chmod +r /var/log/auth.log sudo chmod +r /etc/ssh/sshd_config

Or run with elevated privileges (not recommended for regular use)

Or run with elevated privileges (not recommended for regular use)

sudo openclaw scan
undefined
sudo openclaw scan
undefined

Missing Dependencies

依赖缺失

bash
undefined
bash
undefined

Reinstall dependencies

Reinstall dependencies

npm install
npm install

Check Node.js version

Check Node.js version

node --version # Should be v18+
undefined
node --version # Should be v18+
undefined

Threat Intelligence Timeout

威胁情报超时

javascript
// Increase timeout in configuration
const scanner = new SecurityWatchdog({
  threatIntel: {
    timeout: 30000, // 30 seconds
    retries: 3
  }
});
javascript
// Increase timeout in configuration
const scanner = new SecurityWatchdog({
  threatIntel: {
    timeout: 30000, // 30 seconds
    retries: 3
  }
});

Report Generation Fails

报告生成失败

javascript
// Ensure report directory exists and is writable
const fs = require('fs');
const reportDir = path.join(process.env.HOME, '.openclaw/security-reports');

if (!fs.existsSync(reportDir)) {
  fs.mkdirSync(reportDir, { recursive: true });
}
javascript
// Ensure report directory exists and is writable
const fs = require('fs');
const reportDir = path.join(process.env.HOME, '.openclaw/security-reports');

if (!fs.existsSync(reportDir)) {
  fs.mkdirSync(reportDir, { recursive: true });
}

Large Codebases (Slow Scanning)

大型代码库(扫描缓慢)

javascript
// Optimize for large projects
const scanner = new SecurityWatchdog({
  excludePaths: [
    'node_modules',
    '.git',
    'dist',
    'build',
    'coverage'
  ],
  maxFileSize: 1048576, // 1MB
  parallelScans: 4
});
javascript
// Optimize for large projects
const scanner = new SecurityWatchdog({
  excludePaths: [
    'node_modules',
    '.git',
    'dist',
    'build',
    'coverage'
  ],
  maxFileSize: 1048576, // 1MB
  parallelScans: 4
});

Privacy Considerations

隐私说明

Full Mode sends:
  • Check names and results (pass/fail)
  • Anonymized device identifier (SHA-256 hash)
  • Summary statistics only
Full Mode does NOT send:
  • File contents
  • Passwords or API keys
  • Log file contents
  • IP addresses
  • Usernames
Local Mode:
  • Zero network requests
  • All data remains on device
  • No telemetry or analytics
全面模式会发送:
  • 检查名称和结果(通过/失败)
  • 匿名设备标识符(SHA-256哈希)
  • 仅汇总统计数据
全面模式不会发送:
  • 文件内容
  • 密码或API密钥
  • 日志文件内容
  • IP地址
  • 用户名
仅本地模式:
  • 无网络请求
  • 所有数据保留在设备本地
  • 无遥测或分析数据