security monitoring AI Agent Skills
Browse 20 skills related to security monitoring
arc-sentinel
Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.
security-monitor
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
vendor-risk-monitor
Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection
vulnerability-scanning
Automated vulnerability detection using OWASP tools, CVE databases, and security scanners. Use when performing security audits, compliance checks, or continuous security monitoring.
threat-hunting
Proactively search for security threats, vulnerabilities, and suspicious patterns in applications and infrastructure before they cause damage. Use when conducting security audits, identifying vulnerabilities, analyzing security logs, detecting suspicious patterns, investigating potential breaches, performing penetration testing, or implementing security monitoring.
security-audit-logging
Implement comprehensive security audit logging for compliance, forensics, and SIEM integration. Use when building audit trails, compliance logging, or security monitoring systems.
SOC 2 Compliance Testing
Testing SOC 2 compliance controls including security monitoring, change management, access reviews, and incident response procedures.
detection-sigma
Generic detection rule creation and management using Sigma, the universal SIEM rule format. Sigma provides vendor-agnostic detection logic for log analysis across multiple SIEM platforms. Use when: (1) Creating detection rules for security monitoring, (2) Converting rules between SIEM platforms (Splunk, Elastic, QRadar, Sentinel), (3) Threat hunting with standardized detection patterns, (4) Building detection-as-code pipelines, (5) Mapping detections to MITRE ATT&CK tactics, (6) Implementing compliance-based monitoring rules.
Security Engineer
Implement security best practices across the application stack. Use when securing APIs, implementing authentication, preventing vulnerabilities, or conducting security reviews. Covers OWASP Top 10, auth patterns, input validation, encryption, and security monitoring.
x-cmd-security
This skill provides comprehensive security assessment and vulnerability management tools through x-cmd CLI, including network reconnaissance with Shodan, vulnerability scanning with OSV, and known exploited vulnerability tracking with KEV. This skill should be used when users need to perform security assessments, vulnerability research, network reconnaissance, or security monitoring from command line interfaces.
audit-logging
Implement centralized audit logging and SIEM integration. Configure log retention and security monitoring. Use when implementing audit trail requirements.
implementing-database-audit-logging
Use when you need to track database changes for compliance and security monitoring. This skill implements audit logging using triggers, application-level logging, CDC, or native logs. Trigger with phrases like "implement database audit logging", "add audit trails", "track database changes", or "monitor database activity for compliance".
threat-model-generation
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
securing-kubernetes-on-cloud
This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards, network policies, workload identity, RBAC scoping, image admission controls, and runtime security monitoring. It addresses cloud-specific security features including IRSA for EKS, Workload Identity for GKE, and Managed Identities for AKS.
configuring-suricata-for-network-monitoring
Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for real-time network traffic inspection, threat detection, and integration with SIEM platforms for centralized security monitoring.
implementing-cloud-trail-log-analysis
Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation using Athena, CloudWatch Logs Insights, and SIEM integration to identify unauthorized access, privilege escalation, and suspicious API activity.
field-security
Security hardening for field agents serving external clients. Prompt injection detection, secret protection, client isolation enforcement, and security monitoring with HQ alerts.
security-monitoring-threat-detection
Enterprise-grade skill for implementing 24/7 security monitoring and threat detection on OpenClaw AI agent infrastructure. Use whenever setting up logging, alerting, intrusion detection, SIEM integration, or real-time monitoring for AI agent systems. Also trigger for log analysis, anomaly detection, incident response procedures, SOC operations for AI infrastructure, security event correlation, or any continuous monitoring pattern for autonomous AI agent deployments.
SecurityAudit
Hourly automated security vulnerability scanner for DigitalOcean droplets AND Moltbot/Clawdbot. USE WHEN security audit, vulnerability scan, droplet security, scan server, security monitoring, vulnerability assessment, security check, moltbot security, bot security, OR configure security scanning.
implementing-database-audit-logging
Process used when you need to track database changes for compliance and security monitoring. This skill implements audit logging using triggers, application-level logging, CDC, or native logs. Trigger with phrases like "implement database audit logging", "add audit trails", "track database changes", or "monitor database activity for compliance".