security-monitor
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMNO_CODECOMMAND_EXECUTION
Full Analysis
- [No Code] (MEDIUM): The core logic for this skill resides in
monitor.cjs, which is referenced in the documentation but not included in the provided file set. Its claims of 'Detecting intrusions' and 'credential usage patterns' remain unverifiable. - [Command Execution] (MEDIUM): The documentation instructs users to execute a local JavaScript file using
nodewith various flags. These commands are intended to monitor system processes and file changes, which suggests significant system interaction. - [Data Exposure] (LOW): The skill mentions monitoring 'credential usage patterns' and logging results to
/root/clawd/clawdbot-security/logs/alerts.log. Accessing the/rootdirectory indicates a requirement for elevated privileges, and the 'monitoring' of credentials poses a risk of accidental or intentional sensitive data exposure.
Audit Metadata