🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Runtime Security Guard (English)

by @nanlinsec-sys

Enterprise-grade AI runtime security protection v2.1. Provides 410+ security rules with cross-platform detection (Windows/macOS/Linux), detecting 10 categori...

Versionv2.1.0
Downloads208
TERMINAL
clawhub install runtime-security-guard-en

πŸ“– About This Skill


name: runtime-security-guard version: 2.1.0 description: Enterprise-grade AI runtime security protection v2.1. Provides 410+ security rules with cross-platform detection (Windows/macOS/Linux), detecting 10 categories of threats. Fully local execution, no cloud API, no quota limits. Includes modern web monitoring interface and automated testing system. keywords: - security - runtime-protection - prompt-injection - data-exfiltration - threat-detection - enterprise-security - ai-safety - web-monitor - automated-testing - openclaw author: nanlin@outlook.com license: MIT homepage: https://github.com/nanlin300624/runtime-security-guard repository: https://github.com/nanlin300624/runtime-security-guard

Runtime Security Guard - Enterprise AI Runtime Protection

πŸ›‘οΈ 410+ Security Rules | 10 Threat Categories + OpenClaw-Specific + IM Bot Security | Web Dashboard | Automated Testing | Fully Local

What's New in v2.1.0 (2026-03-26):

  • 14 new OpenClaw configuration-level security detection rules (openclaw-100 to openclaw-113)
  • Enhanced OpenClaw 2026.3.x version-specific threat detection
  • New critical configuration checks: Control UI auth, rate limiting, multi-user isolation
  • Improved monitoring for ACP runtime, Canvas A2UI, model overrides
  • From v2.0.0:

  • 32 OpenClaw-specific threat detection rules (based on MITRE ATLAS framework)
  • 33 IM bot plugin security rules (QQBot/Telegram/WhatsApp/Discord)

  • 🎯 Features

    Core Security Capabilities

  • βœ… Prompt Injection Detection - 26 rules, identifies jailbreaks, hidden instructions, system prompt theft
  • βœ… Data Exfiltration Protection - 22 rules, prevents sensitive data transmission, memory access
  • βœ… Malicious Command Interception - 24 rules, detects deletion, download-exec, reverse shells
  • βœ… Sensitive Data Protection - 24 rules, identifies API keys, passwords, personal information
  • βœ… Social Engineering Defense - 23 rules, identifies urgency manipulation, authority impersonation
  • βœ… Supply Chain Attack Detection - 25 rules, detects malicious dependencies, build script injection
  • βœ… Zero-Day Vulnerability Identification - 20 rules, identifies memory corruption, code execution
  • βœ… APT Attack Detection - 30 rules, detects reconnaissance, persistence, lateral movement
  • βœ… Insider Threat Identification - 27 rules, identifies abnormal access, privilege abuse
  • βœ… OpenClaw Configuration Security - 14 rules, detects dangerous config flags (NEW in v2.1.0)
  • Technical Advantages

  • βœ… Fully Local Execution - No cloud API required, data stays local
  • βœ… Zero Quota Limits - Unlimited detection usage
  • βœ… High Performance - Average detection latency < 20ms, cache hit < 1ms
  • βœ… Web Monitoring Dashboard - Real-time alerts, performance metrics, config management
  • βœ… Automated Testing - 35+ test cases, 100% pass rate
  • βœ… Easy Integration - OpenClaw native skill, out-of-the-box

  • πŸ“¦ Installation

    Method 1: Install from ClawHub (Recommended)

    # Search for the skill
    clawhub search runtime-security-guard

    Install the skill

    clawhub install runtime-security-guard

    Verify installation

    openclaw skills list | grep runtime-security

    Method 2: Quick Install without sudo (Recommended)

    # Download and run installation script
    curl -fsSL https://raw.githubusercontent.com/nanlin300624/runtime-security-guard/main/install-no-sudo.sh | bash

    Or manually download

    wget https://raw.githubusercontent.com/nanlin300624/runtime-security-guard/main/install-no-sudo.sh chmod +x install-no-sudo.sh ./install-no-sudo.sh

    Features:

  • βœ… No sudo privileges required
  • βœ… User-level installation
  • βœ… Automatic environment detection
  • βœ… Multiple download methods (Git/curl/wget)
  • βœ… Automatic environment variable configuration
  • Method 3: Install from Source

    # Clone the repository
    git clone https://github.com/nanlin300624/runtime-security-guard.git
    cd runtime-security-guard

    Install dependencies

    npm install

    Build the project

    npm run build

    Copy to OpenClaw skills directory

    cp -r . ~/.openclaw/workspace/skills/runtime-security-guard/

    Method 4: Direct Package Installation

    # Download the skill package
    wget https://github.com/nanlin300624/runtime-security-guard/releases/latest/download/runtime-security-guard.zip

    Extract to skills directory

    unzip runtime-security-guard.zip -d ~/.openclaw/workspace/skills/


    πŸš€ Quick Start

    Basic Usage

    The skill runs automatically after installation, no additional configuration required:

    // In OpenClaw, all file reads, tool results, and user inputs are automatically detected
    

    Start Web Monitoring

    # Start web server (default port 3000)
    npm run web

    Access monitoring dashboard

    http://localhost:3000

    Run Tests

    # Run quick functional tests
    npm run test:quick

    Run unit tests

    npm test

    Run all tests

    npm run test:all


    πŸ“Š Monitoring Dashboard Features

    Real-time Dashboard

  • πŸ“Š Total alerts
  • 🚨 CRITICAL level alerts
  • ⚠️ HIGH level alerts
  • ⏱️ Average detection latency
  • πŸ’Ύ Cache hit rate
  • βœ… Health status
  • Alert Visualization

  • Alert type distribution (10 categories)
  • Severity distribution (CRITICAL/HIGH/MEDIUM/LOW)
  • Recent alerts list (time, event, type, severity, action)
  • Performance Metrics

  • P95 latency
  • P99 latency
  • Max latency
  • Memory usage
  • Configuration Management

  • Detection threshold (0.0-1.0)
  • Cache TTL (seconds)
  • Save configuration online

  • πŸ”Œ API Endpoints

    Get Statistics

    curl http://localhost:3000/api/stats
    

    Response Example:

    {
      "total": 156,
      "byType": {
        "PROMPT_INJECTION": 45,
        "DATA_EXFILTRATION": 32
      },
      "bySeverity": {
        "CRITICAL": 12,
        "HIGH": 54,
        "MEDIUM": 67,
        "LOW": 23
      },
      "timeRange": {
        "start": "2026-03-07T12:00:00.000Z",
        "end": "2026-03-07T13:30:00.000Z"
      }
    }
    

    Get Alert List

    curl http://localhost:3000/api/alerts?limit=50
    

    Get Performance Metrics

    curl http://localhost:3000/api/performance
    

    Health Check

    curl http://localhost:3000/api/health
    


    βš™οΈ Configuration Options

    Detection Threshold

    // Risk threshold (0.0-1.0)
    // Default: 0.6
    // Content below this value won't be marked as risky
    

    Cache Configuration

    // Cache TTL (milliseconds)
    // Default: 60000 (60 seconds)
    // Cached content expires after this duration

    // Maximum cache entries // Default: 1000 entries

    Performance Optimization

    // Pre-compiled regex - automatically compiled at startup
    // Dual-layer cache - RuleEngine + DetectorManager
    // Priority execution - CRITICAL β†’ HIGH β†’ MEDIUM β†’ LOW
    // Fast-fail - CRITICAL rules return immediately on match
    


    πŸ§ͺ Testing System

    Test Types

    | Test Type | Tests | Pass Rate | |-----------|-------|-----------| | Unit Tests | 29 | 100% βœ… | | Functional Tests | 6 | 100% βœ… | | Stress Tests | 4 scenarios | Excellent βœ… | | Coverage Tests | 21 | 100% βœ… |

    Running Tests

    # Quick functional tests
    npm run test:quick

    Unit tests

    npm test

    Stress tests

    npm run test:stress

    Coverage tests

    npm run test:coverage

    All tests

    npm run test:all


    πŸ“ˆ Performance Benchmarks

    Detection Latency

    | Scenario | Target | Actual | |----------|--------|--------| | Single Detection | < 50ms | 0.01ms βœ… | | Cache Hit | < 5ms | < 1ms βœ… | | CRITICAL Rules | < 20ms | ~10ms βœ… | | Batch Detection (100x) | < 5000ms | ~1500ms βœ… |

    Concurrency Performance

    | Load | Concurrent | QPS | Avg Latency | |------|------------|-----|-------------| | Low | 1 | ~65 | ~15ms | | Medium | 5 | ~145 | ~7ms | | High | 10 | ~200 | ~5ms | | Ultra High | 20 | ~250 | ~4ms |

    Memory Usage

    | Metric | Target | Actual | |--------|--------|--------| | Peak Memory | < 150MB | ~100MB βœ… | | Average Memory | < 100MB | ~80MB βœ… |


    πŸ› οΈ Development Guide

    Adding New Rules

    1. Create or edit rule files in src/rules/patterns/ 2. Import new rules in src/rules/rule-engine.ts 3. Run tests to verify 4. Update coverage tests

    Custom Alerts

    import { plugin } from './runtime-security-guard';

    // Get alert statistics const stats = await plugin.getStats();

    // Health check const health = plugin.healthCheck();

    // Performance report const report = plugin.getPerformanceReport();

    Integration with Monitoring Systems

    import { RuntimeSecurityGuard } from './runtime-security-guard';

    const guard = new RuntimeSecurityGuard();

    // Start web monitoring await guard.startWebServer(3000);

    // Real-time alert monitoring guard.alerter.startMonitoring((alert) => { console.log('New alert:', alert); });


    πŸ“š Documentation

    | Document | Description | |----------|-------------| | SKILL.md | Skill description | | README.md | Usage guide | | RELEASE.md | Release notes | | PUBLISH-GUIDE.md | Publishing guide | | WEB-MONITOR.md | Web monitoring usage | | AUTO-TEST.md | Automated testing | | ALERT-VIEWER.md | Alert viewer | | PERFORMANCE-OPTIMIZATION.md | Performance optimization |


    🀝 Support

    Issue Reporting

  • GitHub Issues: https://github.com/nanlin300624/runtime-security-guard/issues
  • Email: nanlin@outlook.com
  • Community

  • Discord: https://discord.gg/clawd
  • OpenClaw Forum: https://forum.openclaw.ai

  • πŸ“ Changelog

    v2.1.0 (2026-03-26)

    Added:

  • βœ… 14 OpenClaw configuration-level security detection rules (openclaw-100 to openclaw-113)
  • βœ… Enhanced OpenClaw 2026.3.x version-specific threat detection
  • βœ… New critical configuration checks: Control UI auth, rate limiting, multi-user isolation
  • βœ… Improved monitoring for ACP runtime, Canvas A2UI, model overrides
  • Security:

  • βœ… Enhanced Control UI security configuration detection
  • βœ… Enhanced multi-user environment trust boundary detection
  • βœ… Enhanced ACP runtime privilege escalation detection
  • v2.0.0 (2026-03-09)

    Added:

  • βœ… Cross-platform support (Windows/Linux/macOS)
  • βœ… 110 platform-specific rules
  • - Windows: 60 rules (PowerShell, Batch, Registry) - Linux: 50 rules (Shell, Cron, Systemd) - macOS: 28 rules (AppleScript, LaunchAgents, Permissions)
  • βœ… File integrity monitoring module
  • βœ… Network connection monitoring module
  • βœ… Process behavior monitoring module
  • βœ… Cross-platform compatibility tests
  • Changed:

  • βœ… Optimized rule engine with dynamic platform loading
  • βœ… Improved initialization performance (20ms β†’ 18ms)
  • βœ… Updated attack detection rate (70% β†’ 75%)
  • βœ… Refactored TypeScript strict mode
  • Fixed:

  • βœ… Fixed rule type compatibility issues
  • βœ… Fixed partial platform detection failures
  • Security:

  • βœ… Enhanced C2 server detection capability
  • βœ… Enhanced port scan detection capability
  • v1.1.0 (2026-03-07)

    Added:

  • βœ… Web real-time monitoring interface
  • βœ… SSE real-time data push
  • βœ… Automated testing system
  • βœ… Performance monitoring and health checks
  • βœ… 35+ test cases
  • Performance:

  • βœ… Pre-compiled regex cache (221 rules)
  • βœ… Grouped execution by severity
  • βœ… Dual-layer cache mechanism
  • βœ… Fast-fail mechanism
  • v1.0.0 (2026-03-07)

    Initial Release:

  • βœ… 221 security rules
  • βœ… 9 threat categories
  • βœ… Fully local execution
  • βœ… Zero quota limits

  • πŸ“„ License

    MIT License - See LICENSE file


    πŸŽ‰ Acknowledgments

    Thanks to the following projects for inspiration:

  • OpenClaw - AI assistant framework
  • OpenGuardrails - Security monitoring concepts
  • MITRE ATT&CK - Threat classification reference

  • Made with ❀️ by nanlin@outlook.com

    Secure AI usage starts with Runtime Security Guard! πŸ¦žπŸ›‘οΈ