agentguardMonitors agent file access, API calls, and communications to detect suspicious behavior, log events, and generate actionable security reports.
Install via ClawdBot CLI:
clawdbot install manas-io-ai/agentguardVersion: 1.0.0
Author: Manas AI
Category: Security & Monitoring
AgentGuard is a comprehensive security monitoring skill that watches over agent operations, detecting suspicious behavior, logging communications, and providing actionable security reports.
Track all file read/write operations with pattern analysis.
Trigger: Continuous background monitoring
Command: agentguard monitor files [--watch-dir
What it detects:
Monitor outbound API calls for suspicious activity.
Command: agentguard monitor api
What it detects:
Log all external communications for audit trails.
Command: agentguard log comms [--output
Logs include:
ML-lite pattern analysis for behavioral anomalies.
Command: agentguard detect anomalies [--sensitivity
Detection methods:
Generate comprehensive daily security reports.
Command: agentguard report [--period
Report includes:
config/agentguard.yamlmonitoring:
enabled: true
file_watch_dirs:
- ~/clawd
- ~/.clawdbot
exclude_patterns:
- "*.log"
- "node_modules/**"
- ".git/**"
alerts:
sensitivity: medium # low, medium, high
channels:
- telegram
alert_on:
- credential_access
- bulk_file_read
- unknown_api_endpoint
- data_exfiltration
cooldown_minutes: 15
api_monitoring:
trusted_domains:
- api.anthropic.com
- api.openai.com
- api.telegram.org
- api.elevenlabs.io
block_on_suspicious: false # true = prevent call, false = alert only
logging:
retention_days: 30
log_dir: ~/.agentguard/logs
hash_sensitive_data: true
reporting:
auto_daily_report: true
report_time: "09:00"
report_channel: telegramagentguard startEnables all monitoring features with default config.
agentguard statusReturns current threat level, active monitors, recent alerts.
agentguard investigate --timerange "last 2 hours" --type file_accessagentguard report --nowagentguard alerts --last 24h --severity highagentguard trust add api.newservice.com --reason "Required for X integration"| Level | Color | Meaning | Example |
|-------|-------|---------|---------|
| INFO | šµ | Normal logged activity | File read in workspace |
| LOW | š¢ | Minor deviation | Slightly elevated API calls |
| MEDIUM | š” | Notable anomaly | Access to .env file |
| HIGH | š | Potential threat | Bulk credential access |
| CRITICAL | š“ | Immediate action needed | Data exfiltration pattern |
~/.agentguard/
āāā logs/
ā āāā file_access/
ā āāā api_calls/
ā āāā communications/
āāā baselines/
ā āāā behavior_model.json
āāā alerts/
ā āāā YYYY-MM-DD.json
āāā reports/
āāā YYYY-MM-DD_report.mdā Increase baseline learning period or reduce sensitivity
ā Check file_watch_dirs config covers target directories
ā Verify report_time format and timezone settings
| Script | Purpose |
|--------|---------|
| execution/monitor.py | Core monitoring daemon |
| execution/detector.py | Anomaly detection engine |
| execution/logger.py | Structured logging handler |
| execution/alerter.py | Alert dispatch system |
| execution/reporter.py | Report generation |
AgentGuard is designed with defense-in-depth principles. It assumes agents can be compromised or manipulated, and provides visibility into their operations.
For maximum security, run AgentGuard in a separate process with limited write access to prevent a compromised agent from disabling monitoring.
Generated Mar 1, 2026
AgentGuard monitors AI agents handling customer data and transactions in banking or fintech, detecting unauthorized file access to sensitive financial records and suspicious API calls to untrusted endpoints. It generates daily security reports for compliance audits and alerts on potential data exfiltration attempts, ensuring regulatory adherence and preventing fraud.
In healthcare, AgentGuard tracks AI agents processing patient records and medical data, logging all communications to maintain audit trails for HIPAA compliance. It detects anomalies in file access patterns to protected health information and monitors API calls to ensure data is not sent to unauthorized external services, safeguarding patient privacy.
AgentGuard secures AI agents managing inventory, customer orders, and payment processing in e-commerce platforms by monitoring for bulk file reads of transaction logs and unusual API call frequencies to payment gateways. It provides actionable alerts on credential access attempts and generates reports to identify fraud patterns, reducing operational risks.
In DevOps environments, AgentGuard watches over AI agents automating deployments and infrastructure management, detecting access to credential files like .env and monitoring API calls to cloud services for anomalies. It logs all external communications for audit purposes and helps prevent security breaches in CI/CD pipelines by alerting on suspicious behavior.
AgentGuard ensures AI agents in legal firms adhere to data protection laws by tracking file access to confidential case documents and logging communications for audit trails. It detects unauthorized API calls and provides security reports to demonstrate compliance with regulations like GDPR, minimizing legal liabilities.
Offer AgentGuard as a cloud-hosted or on-premise software service with tiered pricing based on features like monitoring frequency, report generation, and alert channels. Revenue comes from monthly or annual subscriptions, targeting businesses needing continuous AI agent security without upfront infrastructure costs.
Sell perpetual licenses for large organizations with custom integrations, premium support, and advanced features like encrypted storage and dedicated baseline models. Revenue is generated through one-time license fees plus optional maintenance contracts for updates and technical assistance.
Provide a free version with basic monitoring and limited alerts to attract individual developers or small teams, then upsell to premium plans offering enhanced capabilities such as higher sensitivity anomaly detection, automated reports, and multi-channel alerts. Revenue streams from upgrades and add-on services.
š¬ Integration Tip
Integrate AgentGuard early in the AI agent development lifecycle by configuring file watch directories and trusted domains in the YAML config to minimize false positives and ensure seamless monitoring from deployment.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.