Security Monitor Skill
When to use
Run continuous security monitoring to detect breaches, intrusions, and unusual activity on your Clawdbot deployment.
Setup
No external dependencies required. Runs as a background process.
How to
Start real-time monitoring
CODEBLOCK0
Run in daemon mode (background)
CODEBLOCK1
Monitor for specific threats
CODEBLOCK2
What It Monitors
| Threat | Detection | Response |
|---|
| Brute force attacks | Failed login detection | Alert + IP tracking |
| Port scanning |
Rapid connection attempts | Alert |
|
Process anomalies | Unexpected processes | Alert |
|
File changes | Unauthorized modifications | Alert |
|
Container health | Docker issues | Alert |
Output
- - Console output (stdout)
- JSON logs at �INLINECODE0
- Telegram alerts (configurable)
Daemon Mode
Use systemd or PM2 to keep monitoring active:
CODEBLOCK3
Combined with Security Audit
Run audit first, then monitor continuously:
CODEBLOCK4
Related skills
- -
security-audit - One-time security scan (install separately)
安全监控技能
使用时机
运行持续安全监控,检测Clawdbot部署中的入侵、入侵和异常活动。
配置
无需外部依赖。作为后台进程运行。
使用方法
启动实时监控
bash
node skills/security-monitor/scripts/monitor.cjs --interval 60
以守护进程模式运行(后台)
bash
node skills/security-monitor/scripts/monitor.cjs --daemon --interval 60
监控特定威胁
bash
node skills/security-monitor/scripts/monitor.cjs --threats=credentials,ports,api-calls
监控内容
| 威胁类型 | 检测方式 | 响应措施 |
|---|
| 暴力破解攻击 | 登录失败检测 | 告警 + IP追踪 |
| 端口扫描 |
快速连接尝试 | 告警 |
|
进程异常 | 意外进程 | 告警 |
|
文件变更 | 未授权修改 | 告警 |
|
容器健康 | Docker问题 | 告警 |
输出
- - 控制台输出(stdout)
- JSON日志文件:/root/clawd/clawdbot-security/logs/alerts.log
- Telegram告警(可配置)
守护进程模式
使用systemd或PM2保持监控持续运行:
bash
使用PM2
pm2 start monitor.cjs --name clawdbot-security -- --daemon --interval 60
结合安全审计使用
先运行审计,再持续监控:
bash
一次性审计
node skills/security-audit/scripts/audit.cjs --full
持续监控
node skills/security-monitor/scripts/monitor.cjs --daemon
相关技能
- - security-audit - 一次性安全扫描(需单独安装)
