watchdog▌

Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation, analyzing autoruns entries, and using Python watchdog for real-time filesystem monitoring.

Deploys and monitors ransomware canary files across critical directories using Python's watchdog library for real-time filesystem event detection. Places strategically named decoy files that mimic high-value targets (financial records, credentials, database exports) in locations ransomware typically enumerates first. Monitors for any read, modify, rename, or delete operations on canary files and triggers immediate alerts via email, Slack webhook, or syslog when interaction is detected, providing early warning before full encryption begins.

Description: Self-healing monitoring system for OpenClaw gateway. Monitors health, auto-restarts on failure, and sends Telegram alerts. Diagnostics and log analysis run locally on-device. Alert notifications are sent to the user's Telegram bot. Use when user wants to set up gateway monitoring, watchdog, or auto-recovery.

Automated daily security audits for OpenClaw agents with formatted email and DM reporting. \n \n Runs standard and deep security audits via openclaw security audit commands, collecting findings by severity (critical, warning, info) \n Configures a daily cron job (default 23:00) with timezone support, delivering summarized reports to Telegram, Slack, email, or other DM channels \n Supports environment variable provisioning for MDM/automated deployments, with minimal interactive prompts as fallbac