DevOps & CloudDocumentedScanned
agentguard
**Category:** Security & Monitoring
Share:
Installation
npx clawhub@latest install agentguardView the full skill documentation and source below.
Documentation
AgentGuard - Security Monitoring Skill
Version: 1.0.0
Category: Security & Monitoring
Overview
AgentGuard is a comprehensive security monitoring skill that watches over agent operations, detecting suspicious behavior, logging communications, and providing actionable security reports.
Configuration
Config File: config/agentguard.yaml
monitoring:
enabled: true
file_watch_dirs:
- ~/clawd
- ~/.clawdbot
exclude_patterns:
- "*.log"
- "node_modules/**"
- ".git/**"
alerts:
sensitivity: medium # low, medium, high
channels:
- telegram
alert_on:
- credential_access
- bulk_file_read
- unknown_api_endpoint
- data_exfiltration
cooldown_minutes: 15
api_monitoring:
trusted_domains:
- api.anthropic.com
- api.openai.com
- api.telegram.org
- api.elevenlabs.io
block_on_suspicious: false # true = prevent call, false = alert only
logging:
retention_days: 30
log_dir: ~/.agentguard/logs
hash_sensitive_data: true
reporting:
auto_daily_report: true
report_time: "09:00"
report_channel: telegramUsage Examples
Start Full Monitoring
agentguard startCheck Current Security Status
agentguard statusInvestigate Specific Activity
agentguard investigate --timerange "last 2 hours" --type file_accessGenerate Immediate Report
agentguard report --nowReview Alert History
agentguard alerts --last 24h --severity highWhitelist a Domain
agentguard trust add api.newservice.com --reason "Required for X integration"Alert Severity Levels
| Level | Color | Meaning | Example |
| INFO | π΅ | Normal logged activity | File read in workspace |
| LOW | π’ | Minor deviation | Slightly elevated API calls |
| MEDIUM | π‘ | Notable anomaly | Access to .env file |
| HIGH | π | Potential threat | Bulk credential access |
| CRITICAL | π΄ | Immediate action needed | Data exfiltration pattern |
Integration Points
With Clawdbot
- Receives file/API operation hooks
- Sends alerts via configured channels
- Integrates with heartbeat for periodic checks
With Other Skills
- Shares threat data with other security skills
- Can block operations (if configured)
- Provides audit logs for compliance skills
Data Storage
~/.agentguard/
βββ logs/
β βββ file_access/
β βββ api_calls/
β βββ communications/
βββ baselines/
β βββ behavior_model.json
βββ alerts/
β βββ YYYY-MM-DD.json
βββ reports/
βββ YYYY-MM-DD_report.mdPrivacy & Security
- No external data transmission - All processing is local
- Sensitive data hashing - Credentials are never logged in plain text
- Configurable retention - Auto-delete old logs
- Encrypted storage - Optional AES encryption for logs
Troubleshooting
High false positive rate
β Increase baseline learning period or reduce sensitivityMissing file events
β Checkfile_watch_dirs config covers target directories
Reports not generating
β Verifyreport_time format and timezone settings
Execution Scripts
| Script | Purpose |
execution/monitor.py | Core monitoring daemon |
execution/detector.py | Anomaly detection engine |
execution/logger.py | Structured logging handler |
execution/alerter.py | Alert dispatch system |
execution/reporter.py | Report generation |
Author Notes
AgentGuard is designed with defense-in-depth principles. It assumes agents can be compromised or manipulated, and provides visibility into their operations.
For maximum security, run AgentGuard in a separate process with limited write access to prevent a compromised agent from disabling monitoring.