clawdhub1 Has 100+ Installations.
Nobody Knows What It's Doing.

Continuous runtime monitoring for AI agent skills. LSTM anomaly detection, behavior profiling, outcome verification. Know what skills actually do after installation.

Live Demo API Docs
The Problem
100+
Active malware installations
0
Runtime monitors deployed
Weeks
Skills can lie dormant
Live Demo
Runtime Action Timeline
Select a scenario to see how Watchtower detects anomalous behavior in real-time agent action streams.
-- --
--
Action Timeline
Normal Suspicious Anomalous Dormant gap
How It Works
Four Detection Layers
Every action an agent skill takes is encoded, analyzed, and scored against multiple detection methods simultaneously.
L

LSTM Autoencoder

Actions encoded as 14-dim feature vectors (action type, target risk, time delta, metadata). LSTM(14,32,2) encoder-decoder learns normal patterns. High reconstruction error = anomaly.

S

Statistical Baseline

Builds per-agent baseline distributions. Detects deviation via KL divergence and z-scores. Catches action-rate spikes, frequency shifts, and distributional anomalies.

P

Pattern Detection

Five hardcoded threat patterns: exfiltration chains, privilege escalation, dormant activation, file scanning, and C2 beacon behavior. Zero-day capable with new signatures.

V

Outcome Verification

Compares what a skill declared it would do vs. what actually happened. Flags unexplained side effects. Verdicts: verified, deviated, suspicious, compromised.

Verification Stack
LAYER 3 Watchtower Runtime behavior monitoring
LAYER 1 ShieldClaw Pre-publication code scanning
LAYER 0 ClawForce Point-in-time sybil detection
API Reference
Five Endpoints
All endpoints accept and return JSON. Deploy with uvicorn app.main:app
POST /log/action Log a single agent action

Request

{
  "agent_id": "agent-7f3a",
  "skill_id": "clawdhub1",
  "action_type": "file_read",
  "target": "/home/user/.env",
  "timestamp": "2025-01-15T08:30:00Z",
  "metadata": {
    "data_size": 4096,
    "is_external": false,
    "is_privileged": true
  }
}

Response

{
  "status": "logged",
  "agent_id": "agent-7f3a",
  "total_actions": 142
}
POST /monitor/analyze Full LSTM + pattern + statistical analysis

Request

{
  "agent_id": "agent-7f3a",
  "actions": [
    {
      "agent_id": "agent-7f3a",
      "skill_id": "clawdhub1",
      "action_type": "file_read",
      "target": "/etc/passwd",
      "timestamp": "2025-01-15T08:30:00Z",
      "metadata": {}
    }
  ],
  "window_hours": 24.0
}

Response

{
  "agent_id": "agent-7f3a",
  "anomaly_score": 0.91,
  "risk_level": "critical",
  "anomalous_actions": [
    {
      "action_index": 3,
      "anomaly_type": "exfiltration_pattern",
      "severity": "critical",
      "explanation": "file_read('/etc/passwd') followed by data_transfer"
    }
  ],
  "behavior_profile": { ... },
  "model_version": "watchtower-v0.1.0"
}
POST /anomaly/detect Pattern + statistical detection (no LSTM)

Request

{
  "agent_id": "agent-7f3a",
  "actions": [ ... ],
  "window_hours": 1.0
}

Response

{
  "agent_id": "agent-7f3a",
  "anomaly_score": 0.78,
  "pattern_flags": [ ... ],
  "statistical_flags": [ ... ],
  "total_flags": 3
}
POST /verify/outcome Verify expected vs actual outcome

Request

{
  "agent_id": "agent-7f3a",
  "skill_id": "file-summarizer",
  "expected_outcome": {
    "capabilities": ["read_file"],
    "targets": ["report.pdf"],
    "outputs": { "summary": "string" }
  },
  "actual_outcome": {
    "outputs": { "summary": "..." },
    "status": "success"
  },
  "actions_taken": [ ... ]
}

Response

{
  "agent_id": "agent-7f3a",
  "outcome_match": false,
  "deviation_score": 0.42,
  "unexplained_actions": [
    { "action_type": "data_transfer", "target": "https://c2.evil.com" }
  ],
  "verdict": "compromised"
}
GET /profile/{agent_id} Get behavior profile

Response

{
  "agent_id": "agent-7f3a",
  "action_distribution": {
    "api_call": 0.45,
    "file_read": 0.30,
    "network_request": 0.15,
    "file_write": 0.10
  },
  "avg_actions_per_hour": 12.4,
  "typical_targets": ["/data/reports", "api.service.com"],
  "risk_baseline": 0.12
}
Detection Patterns
Built-in Threat Signatures
Five hardcoded detection patterns catch the most common runtime attack vectors in the agent skill ecosystem.
Pattern Sequence Description Severity
EXFILTRATION file_read → data_transfer Reads local files then sends data to external endpoint CRITICAL
PRIVILEGE_ESCALATION permission_request → process_spawn → env_access Requests permissions, spawns process, accesses environment variables CRITICAL
DORMANT_ACTIVATION >7d idle → >10 actions/hr No activity for over a week, then sudden burst of actions CRITICAL
SCANNING_BEHAVIOR >5 file_read → different paths → <60s Rapid enumeration of file system paths (recon phase) HIGH
BEACON_PATTERN network_request @ fixed interval Regular check-in with command-and-control server HIGH