Watchdog
FreeSecurity guard dog for your OpenClaw agent system. Patrols your infrastructure.
About
Security guard dog for your OpenClaw agent system. Patrols your infrastructure, sniffs out vulnerabilities, barks at threats, and never lets a finding go until it's fixed. **What it patrols:** - File permissions and access controls across all machines - Exposed secrets, API keys, and credentials in workspaces and configs - Gateway misconfigurations and overly permissive tool policies - Open ports and network exposure - Agent workspace integrity (soul files, memory files, configs) **Includes 4 specialized skills:** - **Security Audit** - Full infrastructure assessment with severity ratings - **Permission Sweep** - File and directory permission analysis - **Secret Scanner** - Scans for exposed credentials across all workspaces - **Compound Engineer** - Tracks security posture trends over time Runs automated daily patrols and weekly deep scans. Silent when clean, loud when not. Detection only - never modifies your system.
README
Watchdog
Version: 1.2.0
Security agent that runs daily patrols, scans for exposed secrets, audits file permissions, and reports only when something needs attention. Silent when clean, loud when not.
Files
agent/
โโโ SOUL.md
โโโ BOOTSTRAP.md
โโโ IDENTITY.md
โโโ AGENTS.md
โโโ USER.md
โโโ TOOLS.md
โโโ MEMORY.md
โโโ HEARTBEAT.md
โโโ skills/
โโโ security-audit/
โโโ permission-sweep/
โโโ secret-scanner/
โโโ nightly-compound/
Setup
New agent. Create workspace, configure, verify.
1. Name
Ask: "What would you like to name this security agent?" Use answer as agent ID (kebab-case). Workspace: ~/.openclaw/workspace-{agent-id}/
2. Conflict Check
Read openclaw.json. If an agent with security/watchdog/audit role exists, ask: replace, keep both, or cancel.
3. Mode
Ask: "Own chat (Direct) or behind an existing agent (Delegated)?"
Direct: ask platform, create bot if needed. Delegated: ask which parent agent.
4. Create Workspace
Create ~/.openclaw/workspace-{agent-id}/, copy agent/ contents including skills/.
5. Configure
Add to agents.list in openclaw.json:
{
"id": "{agent-id}",
"skills": ["security-audit", "permission-sweep", "secret-scanner", "nightly-compound"],
"subagents": { "allowAgents": ["*"] }
}
Recommended model: Sonnet.
If Delegated: add agent ID to parent's subagents.allowAgents.
6. Cron Setup
Ask user's timezone. Add three crons:
Daily patrol (6 AM):
{
"name": "watchdog-patrol-{agent-id}", "agentId": "{agent-id}",
"schedule": { "kind": "cron", "expr": "0 6 * * *", "tz": "{tz}" },
"sessionTarget": "isolated",
"payload": { "kind": "agentTurn", "model": "anthropic/claude-sonnet-4-6",
"message": "DAILY PATROL. Run full security audit. Include permission sweep. Deliver report in chat.",
"timeoutSeconds": 900 },
"delivery": { "mode": "none" }, "enabled": true
}
Weekly deep scan (Monday 5 AM):
{
"name": "watchdog-deep-scan-{agent-id}", "agentId": "{agent-id}",
"schedule": { "kind": "cron", "expr": "0 5 * * 1", "tz": "{tz}" },
"sessionTarget": "isolated",
"payload": { "kind": "agentTurn", "model": "anthropic/claude-sonnet-4-6",
"message": "WEEKLY DEEP SCAN. Run secret-scanner across all workspaces and configs. Report findings with severity levels.",
"timeoutSeconds": 900 },
"delivery": { "mode": "none" }, "enabled": true
}
Nightly compound (staggered): See skills/nightly-compound/SKILL.md for cron config.
7. Heartbeat
Add to agent config:
{ "heartbeat": { "prompt": "HEARTBEAT CHECK: Have all scheduled patrols run in the last 24 hours? Any unresolved CRITICAL findings?" } }
8. Verify
Restart gateway. Send: "Run a quick security check on my system." Confirm it scans for real issues, not generic advice.
Files included
- agent/AGENTS.md.md
- agent/BOOTSTRAP.md.md
- agent/HEARTBEAT.md.md
- agent/IDENTITY.md.md
- agent/MEMORY.md.md
- agent/skills/nightly-compound/SKILL.md.md
- agent/skills/permission-sweep/SKILL.md.md
- agent/skills/secret-scanner/SKILL.md.md
- agent/skills/security-audit/SKILL.md.md
- agent/SOUL.md.md
- agent/TOOLS.md.md
- agent/USER.md.md
- pfp.png.png
- README.md.md