On-host security monitoring for OpenClaw AI agents. Scans files and skills for malware. Monitors agent behavior for compromise indicators. Audits host security posture.
AI agents download files, install skills, and execute code β all with your system privileges. A single prompt injection can lead to:
- π¦ Malware execution via downloaded files or malicious skill scripts
- π Data exfiltration through hidden webhook calls or reverse shells
- 𧬠Supply chain attacks from compromised ClawHub skills
- π Credential theft from exposed
.envfiles and API keys - π§ Agent hijacking via modified SOUL.md, AGENTS.md, or MEMORY.md
Crusty Security is the first security skill built specifically for the OpenClaw agent threat model.
| Feature | Description |
|---|---|
| File Scanning | ClamAV local scan with up-to-date signatures |
| Skill Auditing | Static analysis for reverse shells, crypto miners, data exfiltration, obfuscation |
| Host Audit | Cron jobs, open ports, SSH keys, file permissions, posture scoring (0-100) |
| Agent Monitoring | Detects modified config files, suspicious processes, unexpected outbound connections |
| ClawHub Sync | Tracks installed skill versions against ClawHub catalog, blocklist checking |
| Quarantine | Isolate threats with manifest tracking, never auto-deletes |
| Reports | Markdown security posture reports with recommendations |
clawhub install crusty-securityThat's it. ClamAV is auto-installed on first scan if it's not already present. No separate setup step needed.
# Scan a file
bash scripts/scan_file.sh /path/to/suspicious-file.pdf
# Scan your entire workspace
bash scripts/scan_file.sh -r /data/workspace
# Audit a skill before installing
bash scripts/audit_skill.sh /path/to/skill/
# Full host security audit
bash scripts/host_audit.shThat's it. Crusty Security works immediately with ClamAV β no API keys required.
Crusty Security has two parts that work together β but the skill works great on its own too.
βββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββ
β YOUR OPENCLAW AGENT β β CRUSTY SECURITY DASHBOARD β
β (your machine / VPS) β β (crustysecurity.com) β
β β HTTPS β β
β Crusty Security Skill β βββββββΊ β Web Dashboard β
β β Scans files locally β POST β β View all scan results β
β β Audits skills β β β Manage alerts & threats β
β β Monitors agent behavior β β β Track agent health β
β β Checks host security β β β Multi-agent fleet view β
β β β β Email/Slack notifications β
βββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββ
runs on YOUR machine runs at crustysecurity.com
Key concepts:
- The skill does all the actual security work β scanning, auditing, monitoring. It runs on your OpenClaw agent's machine.
- The dashboard is a web app where you view results, manage alerts, and monitor multiple agents from one place.
- Data flows one way only: skill β dashboard. The dashboard never connects to your agent. Works behind firewalls, NATs, VPNs β no port forwarding needed.
- The skill is fully functional without the dashboard. The dashboard is optional for users who want centralized visibility.
Step 1: Sign up at crustysecurity.com, go to Agents β + Add Agent. Your API key is generated automatically β copy it.
Step 2: The Agents page shows a full copy-pasteable instruction block. Paste it to your OpenClaw agent, or manually set:
export CRUSTY_API_KEY="cg_live_xxxxxxxxxxxxxxxxxxxx"
export CRUSTY_DASHBOARD_URL="https://crustysecurity.com"Step 3: Restart your OpenClaw agent. It appears in the dashboard within 5 minutes.
| Feature | Without Dashboard | With Dashboard |
|---|---|---|
| File scanning (ClamAV) | β | β + history |
| Skill auditing | β | β + tracking |
| Host security audit | β | β + trends |
| Agent monitoring | β | β + alerts |
| Quarantine | β | β + remote view |
| Email/Slack alerts | β | β |
| Multi-agent fleet view | β | β |
| Scan scheduling from web | β | β |
| Security posture score | Local only | β aggregated |
If you're an OpenClaw agent and your human has configured CRUSTY_API_KEY, you should:
- Include
--pushwhen running scans to send results to the dashboard - The heartbeat runs automatically every 5 minutes when the key is set
- Use
python3 scripts/clawhub_sync.py --pushto sync skill inventory to dashboard
| Command | Description |
|---|---|
bash scripts/install_clamav.sh |
Install and configure ClamAV |
bash scripts/scan_file.sh <path> |
Scan a file with ClamAV |
bash scripts/scan_file.sh -r <dir> |
Recursive directory scan |
bash scripts/scan_file.sh --incremental -r <dir> |
Skip unchanged files |
bash scripts/scan_file.sh --quarantine <path> |
Quarantine a file |
bash scripts/audit_skill.sh <dir> |
Audit a skill for threats |
bash scripts/host_audit.sh |
Host security audit |
bash scripts/host_audit.sh --deep |
Deep host audit (includes file modifications) |
bash scripts/monitor_agent.sh |
Agent behavior integrity check |
bash scripts/generate_report.sh |
Generate security posture report |
python3 scripts/clawhub_sync.py |
Sync installed skills against ClawHub catalog |
All commands output JSON. All support --help.
ββββββββββββββββββββ
File arrives β β ClamAV (local) β β Free, instant, signature-based detection
ββββββββββββββββββββ
ClamAV handles zip, rar, 7z, tar, gz archives natively. Encrypted archives are flagged as "unscanned."
Static analysis specifically tuned for the OpenClaw threat model:
| Severity | Pattern |
|---|---|
| π΄ Critical | curl | sh, reverse shell patterns, crypto mining indicators |
| π High | eval/exec with dynamic input, base64 decode chains, webhook.site/ngrok exfil, credential harvesting, binaries in skill dirs |
| π‘ Medium | Hidden files, system file access, hardcoded IPs, obfuscated code, persistence mechanisms (cron, systemd) |
| π΅ Info | Large skill size, credential references in docs |
The host audit produces a posture score from 0-100:
| Score | Rating | Meaning |
|---|---|---|
| 90-100 | π’ Excellent | Minimal risk |
| 70-89 | π‘ Good | Minor issues to address |
| 50-69 | π Fair | Several findings, take action |
| 0-49 | π΄ Poor | Significant security issues |
Deductions: Critical (-25), High (-15), Medium (-10), Low (-5).
Detects indicators of agent compromise:
- Modified
AGENTS.md,SOUL.md,MEMORY.md,TOOLS.md(config tampering) - Unexpected cron jobs or scheduled tasks
- Suspicious outbound connections (IRC, Tor, backdoor ports)
- Files created outside workspace (
/tmpexecutables, home directory changes) - Suspicious processes (crypto miners, netcat listeners, tunneling tools)
- Exposed credentials (world-readable
.envfiles, SSH keys)
The clawhub_sync.py script protects against malicious or compromised skills:
- Fetches the full ClawHub catalog (400+ skills)
- Compares installed skill versions against latest
- Checks against a blocklist of known-bad skills
- Flags skills not found on ClawHub (potential forks or custom builds)
- Detects version drift across multiple agents
- Pushes results to the dashboard (if configured)
# One-time sync
python3 scripts/clawhub_sync.py
# JSON output (for automation)
python3 scripts/clawhub_sync.py --json
# With dashboard push
python3 scripts/clawhub_sync.py --pushCrusty Security automatically configures recurring scans when your OpenClaw agent first uses the skill. No manual setup needed. The agent sets up:
| Frequency | What runs | Requires Dashboard? |
|---|---|---|
| Every 5 min | Dashboard heartbeat (agent status) | β |
| Daily 3am | Incremental workspace scan + agent integrity check | β |
| Weekly Sunday 3am | Full workspace scan + host audit + all skills audit + security report | β |
| Every 12 hours | ClawHub skill inventory sync | β |
| Monthly 1st | Deep host security audit | β |
You can adjust schedules by asking your agent to modify the cron jobs.
- OS: Linux (tested on Debian/Ubuntu, works in Docker)
- Python: 3.8+
- ClamAV: Installed via
install_clamav.shor manually - Disk: ~300MB for ClamAV signatures
<2GB RAM: Runs in on-demand mode (no ClamAV daemon)<1GB RAM: Use skill auditing + agent monitoring (lightweight shell/Python scripts)
| Variable | Default | Required | Description |
|---|---|---|---|
CRUSTY_API_KEY |
β | No | Dashboard API key (from crustysecurity.com) |
CRUSTY_DASHBOARD_URL |
β | No | Dashboard URL |
CLAWGUARD_QUARANTINE |
/tmp/clawguard_quarantine |
No | Quarantine directory |
CLAWGUARD_LOG_DIR |
/tmp/clawguard_logs |
No | Scan log directory |
CLAWGUARD_MAX_FILE_SIZE |
200M |
No | Max file size for scanning |
CLAWGUARD_WORKSPACE |
/data/workspace |
No | Agent workspace path |
clawguard/
βββ SKILL.md # Agent instructions (OpenClaw reads this)
βββ README.md # Human documentation (you're reading it)
βββ LICENSE.txt # MIT License
βββ CHANGELOG.md # Version history
βββ scripts/
β βββ install_clamav.sh # ClamAV installer
β βββ scan_file.sh # File/directory scanner
β βββ audit_skill.sh # Skill static analysis
β βββ host_audit.sh # Host security audit
β βββ monitor_agent.sh # Agent behavior monitoring
β βββ generate_report.sh # Security report generator
β βββ clawhub_sync.py # ClawHub catalog sync
β βββ dashboard.sh # Dashboard integration library
βββ references/
βββ setup.md # Detailed setup guide
βββ threat-patterns.md # Threat pattern database
βββ remediation.md # Incident response procedures
Crusty Security works fully offline with reduced capability:
| Feature | Offline | Online |
|---|---|---|
| ClamAV file scanning | β (local signatures) | β (fresh signatures) |
| Skill auditing | β (static analysis) | β |
| Host auditing | β | β |
| Agent monitoring | β | β |
| ClawHub sync | β | β |
Issues and PRs welcome at github.com/silentcool/crusty-security.
MIT β see LICENSE.txt.
- π Dashboard: crustysecurity.com
- π¦ ClawHub: clawhub.com (search "crusty-security")
- π GitHub: github.com/silentcool/crusty-security
- π¦ Built by: Black Matter VC