Skip to content

aeon0199/ClawGuard

BranchesTags

Repository files navigation

🦞 ClawGuard

High-performance system monitor built for the OpenClaw ecosystem.

ClawGuard Logo

ClawGuard is a lightweight C++ daemon that continuously monitors your system's health and integrates natively with OpenClaw. Ask your bot "how's my system doing?" and get real answers with trend analysis and proactive alerts.

ClawGuard Dashboard C++17 License

Why ClawGuard?

If you run OpenClaw on a Mac Mini, home server, or VPS, you need to know:

  • Is my system healthy? CPU, memory, disk, network at a glance
  • Is something going wrong? Proactive alerts before things break
  • What's the trend? Memory leak detection, CPU trending, disk fill rate
  • What's eating resources? Top processes by memory and CPU

Other monitoring tools are bloated Python scripts that eat the resources they're supposed to monitor. ClawGuard is written in C++ — it uses <1% CPU and <5MB RAM while running 24/7.

Quick Start

# Build locally
git clone https://github.com/YOUR_USERNAME/clawguard.git
cd clawguard
make

# Install (user-level, no sudo) + auto-start + OpenClaw skill
bash ./scripts/install.sh

Open http://localhost:7677 for the live dashboard.

One-line Install (after you publish on GitHub)

curl -fsSL https://raw.githubusercontent.com/YOUR_USERNAME/clawguard/main/scripts/install.sh | bash

OpenClaw Integration

ClawGuard was built for OpenClaw. Install the skill:

# Auto-detected during ./scripts/install.sh, or manually:
mkdir -p ~/.openclaw/workspace/skills
cp -r skill/clawguard ~/.openclaw/workspace/skills/

Bot-first setup guide:

  • skill/clawguard/BOT_PLAYBOOK.md
  • offers Manual, Assist, and Autopilot autonomy modes and adapts by host profile

Now you can ask your OpenClaw bot:

  • "How's my system doing?"
  • "Is anything wrong with my server?"
  • "What's eating my RAM?"
  • "How's my CPU trending?"
  • "How much disk space do I have left?"

Proactive Alerts

ClawGuard writes alerts to ~/.clawguard/alerts.txt. Configure a cron job in OpenClaw to check it:

"Check ~/.clawguard/alerts.txt every 15 minutes. If there are WARNING or CRITICAL alerts, let me know on Telegram."

API Endpoints

Endpoint Description
GET / Live web dashboard
GET /api/current Current metrics snapshot
GET /api/system System info (hostname, OS, RAM, uptime)
GET /api/alerts Active alerts list
GET /api/security OpenClaw version/config/integrity posture
GET /api/containment Experimental containment state and action history
GET /api/activity Recent OpenClaw activity events (optional)
GET /api/recommendations Suggested next actions (bot-friendly)
GET /api/brief One-shot summary for bots (status + alerts + security + containment + recs + activity)
GET /api/trends 30-min CPU/memory trend analysis
GET /api/history?minutes=N Historical time-series data
GET /api/ports Listening TCP ports (best-effort)

Configuration

Edit ~/.clawguard/config.ini:

# Monitoring
mode = readonly
poll_interval_sec = 5
history_max_minutes = 1440
http_port = 7677
http_bind = 127.0.0.1
allow_remote_http = false
api_auth_token =
api_rate_limit_enabled = true
api_rate_limit_per_min = 120
port_scan_interval_sec = 60

# Security posture checks
security_scan_interval_sec = 60
openclaw_config_file = /Users/you/.openclaw/openclaw.json
integrity_baseline_file = /Users/you/.clawguard/integrity-baseline.txt

# Experimental containment (default-off)
containment_enabled = false
containment_shadow_mode = true
containment_auto_soft_actions = false
containment_auto_hard_actions = false
containment_require_user_approval_for_hard = true
containment_block_ttl_sec = 900
containment_max_actions_per_hour = 6

# Alert Thresholds
cpu_warn_pct = 80
cpu_crit_pct = 95
mem_warn_pct = 80
mem_crit_pct = 95
disk_warn_pct = 85
disk_crit_pct = 95

# OpenClaw Integration
openclaw_alerts = true

Rebuild integrity baseline after expected config/skill changes:

CLAWGUARD_REBASELINE=1 ./clawguard

Experimental containment notes:

  • mode = readonly is a hard monitor-only gate and disables containment execution.
  • Start with containment_enabled = true and containment_shadow_mode = true.
  • Review simulated actions in GET /api/containment before enabling enforcement.
  • Keep hard actions approval-gated unless user explicitly opts in.
  • block_port shell-command execution is disabled in v1.0 for safety.

Remote API notes:

  • Default is local-only (http_bind = 127.0.0.1).
  • Non-loopback bind is refused unless allow_remote_http = true.
  • When remote bind is enabled, api_auth_token is required and must be sent as:
    • Authorization: Bearer <token> or
    • X-API-Key: <token>
  • API rate limiting is enabled by default (api_rate_limit_per_min = 120 per client).
  • Dashboard responses include a restrictive Content Security Policy (CSP).

Verify Downloads (SHA-256 + Minisign)

Publisher flow:

# requires MINISIGN_SECRET_KEY, MINISIGN_PUBLIC_KEY, CLAWGUARD_PUBLISHER_ID
./scripts/release/sign_release.sh dist

User verification flow:

./scripts/release/verify_release.sh dist

Required signing inputs for publishers:

  • MINISIGN_SECRET_KEY=/path/to/minisign.key
  • MINISIGN_PUBLIC_KEY=/path/to/minisign.pub
  • CLAWGUARD_PUBLISHER_ID=clawguard.net (or your stable publisher identity string)

Optional stricter verification for users:

  • CLAWGUARD_EXPECTED_PUBLISHER_ID=clawguard.net ./scripts/release/verify_release.sh dist

macOS Signing and Notarization (Publisher)

# Sign only (Developer ID)
APPLE_CODESIGN_IDENTITY="Developer ID Application: Your Name (TEAMID)" \
./scripts/release/macos_sign_and_notarize.sh ./clawguard

# Sign + notarize (when notary profile is configured)
APPLE_CODESIGN_IDENTITY="Developer ID Application: Your Name (TEAMID)" \
APPLE_NOTARY_PROFILE="clawguard-notary" \
APPLE_TEAM_ID="TEAMID" \
./scripts/release/macos_sign_and_notarize.sh ./clawguard ./clawguard.notarized.zip

User-side macOS provenance check:

./scripts/release/macos_verify_provenance.sh ./clawguard

Run as a Service

# Linux (systemd user service, installed automatically by scripts/install.sh)
systemctl --user status clawguard

# macOS (launchd user agent, installed automatically by scripts/install.sh)
launchctl list | rg clawguard

Architecture

┌──────────────────────────────────┐
│         ClawGuard Daemon         │
├──────────┬───────────┬───────────┤
│ Collector│  History  │  Alerts   │
│ (C++ OS  │ (Ring Buf)│ (Engine)  │
│  APIs)   │ 24h data  │ + Trends  │
├──────────┴───────────┴───────────┤
│          HTTP Server             │
│   JSON API  +  Web Dashboard     │
├──────────────────────────────────┤
│       OpenClaw Skill Layer       │
│  SKILL.md  +  alerts.txt file    │
└──────────────────────────────────┘
  • Collector: Reads /proc (Linux) or Mach APIs (macOS) directly — no shell commands for core metrics
  • History: Lock-free ring buffer holding 24h of 5-second samples (~17K snapshots)
  • Alerts: Threshold evaluation with 5-minute cooldown, writes to file for OpenClaw
  • HTTP: Minimal embedded server, no dependencies, serves JSON API + single-page dashboard
  • Footprint: Single static binary, no runtime dependencies, <5MB RAM

Building from Source

Requirements: g++ with C++17 support, make

make              # Build
make clean        # Clean
sudo make install # Install to /usr/local/bin

Or with CMake:

mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make

Platforms

Platform Status
Linux (x86_64) ✅ Full support
Linux (ARM64) ✅ Full support
macOS (Apple Silicon) ✅ Full support
macOS (Intel) ✅ Full support

License

Proprietary commercial license. See LICENSE for details.

Built with 🦞 for the OpenClaw community.

About

High-performance C++ system monitor and security watchdog for OpenClaw. Port intrusion detection, skill attribution, trend analysis, and proactive alerts. <1% CPU, <5MB RAM, 188KB binary.

Topics

security monitoring cpp daemon intrusion-detection system-monitor openclaw

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages