AgentGuard - Security Monitoring Skill
Version: 1.0.0
Author: Manas AI
Category: Security & Monitoring
Overview
AgentGuard is a comprehensive security monitoring skill that watches over agent operations, detecting suspicious behavior, logging communications, and providing actionable security reports.
Capabilities
1. File Access Monitoring
Track all file read/write operations with pattern analysis.
Trigger: Continuous background monitoring
Command: agentguard monitor files [--watch-dir <path>]
What it detects:
- Unusual file access patterns (bulk reads, sensitive directories)
- Access to credential files (.env, .secrets, keys)
- Unexpected write operations to system directories
- File exfiltration attempts (large reads followed by network calls)
2. API Call Detection
Monitor outbound API calls for suspicious activity.
Command: agentguard monitor api
What it detects:
- Calls to unknown/untrusted endpoints
- Unusual API call frequency (rate anomalies)
- Sensitive data in request payloads
- Authentication token exposure
- Calls to known malicious domains
3. Communication Logging
Log all external communications for audit trails.
Command: agentguard log comms [--output <path>]
Logs include:
- HTTP/HTTPS requests (sanitized)
- WebSocket connections
- Email sends
- Message platform outputs (Telegram, Discord, etc.)
- Timestamp, destination, payload hash
4. Anomaly Detection
ML-lite pattern analysis for behavioral anomalies.
Command: agentguard detect anomalies [--sensitivity <low|medium|high>]
Detection methods:
- Baseline deviation (learns normal patterns)
- Time-of-day anomalies
- Sequence analysis (unusual operation chains)
- Volume spikes
- New destination detection
5. Security Reports
Generate comprehensive daily security reports.
Command: agentguard report [--period <daily|weekly|monthly>]
Report includes:
- Activity summary
- Alert breakdown by severity
- Top accessed resources
- Communication destinations
- Anomaly timeline
- Recommendations
Configuration
Config File: config/agentguard.yaml
monitoring:
enabled: true
file_watch_dirs:
- ~/clawd
- ~/.clawdbot
exclude_patterns:
- "*.log"
- "node_modules/**"
- ".git/**"
alerts:
sensitivity: medium # low, medium, high
channels:
- telegram
alert_on:
- credential_access
- bulk_file_read
- unknown_api_endpoint
- data_exfiltration
cooldown_minutes: 15
api_monitoring:
trusted_domains:
- api.anthropic.com
- api.openai.com
- api.telegram.org
- api.elevenlabs.io
block_on_suspicious: false # true = prevent call, false = alert only
logging:
retention_days: 30
log_dir: ~/.agentguard/logs
hash_sensitive_data: true
reporting:
auto_daily_report: true
report_time: "09:00"
report_channel: telegram
Usage Examples
Start Full Monitoring
agentguard start
Enables all monitoring features with default config.
Check Current Security Status
agentguard status
Returns current threat level, active monitors, recent alerts.
Investigate Specific Activity
agentguard investigate --timerange "last 2 hours" --type file_access
Generate Immediate Report
agentguard report --now
Review Alert History
agentguard alerts --last 24h --severity high
Whitelist a Domain
agentguard trust add api.newservice.com --reason "Required for X integration"
Alert Severity Levels
| Level | Color | Meaning | Example |
|---|---|---|---|
| INFO | 🔵 | Normal logged activity | File read in workspace |
| LOW | 🟢 | Minor deviation | Slightly elevated API calls |
| MEDIUM | 🟡 | Notable anomaly | Access to .env file |
| HIGH | 🟠 | Potential threat | Bulk credential access |
| CRITICAL | 🔴 | Immediate action needed | Data exfiltration pattern |
Integration Points
With Clawdbot
- Receives file/API operation hooks
- Sends alerts via configured channels
- Integrates with heartbeat for periodic checks
With Other Skills
- Shares threat data with other security skills
- Can block operations (if configured)
- Provides audit logs for compliance skills
Data Storage
~/.agentguard/
├── logs/
│ ├── file_access/
│ ├── api_calls/
│ └── communications/
├── baselines/
│ └── behavior_model.json
├── alerts/
│ └── YYYY-MM-DD.json
└── reports/
└── YYYY-MM-DD_report.md
Privacy & Security
- No external data transmission - All processing is local
- Sensitive data hashing - Credentials are never logged in plain text
- Configurable retention - Auto-delete old logs
- Encrypted storage - Optional AES encryption for logs
Troubleshooting
High false positive rate
→ Increase baseline learning period or reduce sensitivity
Missing file events
→ Check file_watch_dirs config covers target directories
Reports not generating
→ Verify report_time format and timezone settings
Execution Scripts
| Script | Purpose |
|---|---|
execution/monitor.py | Core monitoring daemon |
execution/detector.py | Anomaly detection engine |
execution/logger.py | Structured logging handler |
execution/alerter.py | Alert dispatch system |
execution/reporter.py | Report generation |
Author Notes
AgentGuard is designed with defense-in-depth principles. It assumes agents can be compromised or manipulated, and provides visibility into their operations.
For maximum security, run AgentGuard in a separate process with limited write access to prevent a compromised agent from disabling monitoring.