Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.
Real data. Real impact.
Growing
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Security watchdog that monitors filesystem activity and creates tamper-evident logs. Even if Clawdbot is compromised, it cannot stop the watchdog, forge entries, or delete evidence.
Use the CLI wizard to guide users through installation:
cd /path/to/clauditor cargo build --release
Check status:
./target/release/clauditor wizard statuscurrent_stepcompleteGet next step:
./target/release/clauditor wizard nextUser runs the sudo command
Verify:
./target/release/clauditor wizard verifyRepeat until complete: true
User: "Install clauditor"Agent: [runs wizard status → current_step: 1] Agent: "Step 1 of 6: Create system user
This creates a 'sysaudit' user that runs the watchdog. Even if you're compromised, you can't kill a process owned by another user.
Run this: sudo useradd --system --shell /usr/sbin/nologin --no-create-home sysaudit
Let me know when done."
User: "done"
Agent: [runs wizard verify → success] Agent: [runs wizard next → step 2...]
systemctl status systemd-journaldd
./target/release/clauditor digest \ --log /var/lib/.sysd/.audit/events.log \ --key /etc/sysaudit/key \ --format markdown
sudo bash wizard/wizard.sh
/etc/sysaudit/config.toml/etc/sysaudit/key/var/lib/.sysd/.audit/events.logEdit config to customize
watch_pathstarget_uidNo automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.