Security Sentinel

A complete security monitoring setup: a HEARTBEAT.md that checks for suspicious activity on every heartbeat, plus a daily deep security audit cron job.

What's Included

• HEARTBEAT.md — Quick security checks every 15 minutes: health status, listening ports, gateway binding
• cron-setup.sh — Daily 6 AM deep audit with openclaw security audit --deep
• openclaw.json snippet — 15-minute heartbeat interval config
• README.md — Setup guide

Security Checks

• openclaw health --json on every heartbeat
• lsof -nP -iTCP -sTCP:LISTEN for unexpected ports
• Gateway localhost binding verification
• Daily deep audit: security scan, update status, firewall check
• All findings written to dated memory files
• 🚨 prefix for critical issues

1. Copy HEARTBEAT.md to ~/.openclaw/workspace/
2. Run bash cron-setup.sh for daily audits
3. Merge the openclaw.json snippet into your config for 15-min heartbeats
4. Review the first audit report to establish your baseline