Quick overview
ReefWatch is a host-based intrusion detection daemon for Linux and macOS. It continuously scans for brute-force attacks, malware, privilege escalation, file tampering, cryptominers, and network anomalies using YARA, Sigma, and custom rules. Alerts are sent to the user only when a real threat is detected, with no LLM token usage during idle monitoring.
Runs as a background daemon without consuming LLM tokens during monitoring, so continuous host-level threat detection adds no per-check cost.
Common tasks
- Monitoring a home server for SSH brute-force attempts
- Detecting cryptomining malware on a developer workstation
- Scanning a downloaded binary for malware before execution
- Watching for unauthorized file changes on a Linux host
- Getting alerted when a process attempts privilege escalation
Install paths
Primary command
openclaw install yasnaak/reefwatch
ClawHub installer
npx clawhub@latest install yasnaak/reefwatch
OpenClaw CLI
openclaw skills install yasnaak/reefwatch
Direct OpenClaw install
openclaw install yasnaak/reefwatch
Skill metadata
- Category: DevOps & Cloud
- Language: Markdown
- Version: 1.3.0
- Security status: Benign
Review upstream source
The full public SKILL.md body is not directly fetchable for this entry right now, so this page is using the best available catalog metadata. Review the upstream source page for the latest files, version history, and security scan details: https://clawhub.ai/yasnaak/reefwatch



