Meet Argus Panoptes, Your Security Guardian

In the last chapter, you locked down your setup by hand. That works — but you're human. You'll forget to run the audit. You'll skip the check after a config change. Life happens.

So let's do something better: make your agent do it for you.

This is your first taste of what makes OpenClaw different from a chatbot. You're not going to ask it a question and get an answer. You're going to give it a job, and it's going to do that job every 6 hours whether you're awake or not.

The Concept: Delegation

Instead of manually running security checks, you'll create a specialized agent called Argus Panoptes — named after the giant in Greek mythology with 100 eyes. Argus never sleeps. Argus watches everything.

This is how you'll work with OpenClaw going forward: identify a task, delegate it to an agent, let it run. You focus on the things only you can do. The agent handles the rest.

Give Your Agent the Instructions

Open your Telegram chat with OpenClaw (or the Gateway chat at http://127.0.0.1:18789/) and paste this prompt:

Create a security agent called Argus Panoptes

Create this directory structure:
- memory/
- scripts/
- security/audit/
- security/reports/
- security/hashes/

Create these files:

1. SOUL.md - Argus is a security guardian with 100 eyes. Personality:
   paranoid, vigilant, plain-spoken. Monitors file integrity, scans
   for secrets, audits permissions.

2. HEARTBEAT.md - Define 5 phases for when Argus wakes:
   - Self-integrity check
   - File integrity (compare to baseline hashes)
   - Secrets scan (API keys, tokens)
   - Permission audit (world-readable files)
   - Report to memory/YYYY-MM-DD.md

3. scripts/check-integrity.sh - Bash script that reads
   security/hashes/baseline.sha256 and verifies files match

4. scripts/check-secrets.sh - Bash script that scans for:
   - API keys (sk-... pattern)
   - Telegram tokens (123456789:ABC... pattern)
   - .secrets directory permissions (should be 700) if you have any.

5. scripts/heartbeat.sh - Master script that runs all checks and
   writes report to memory/

Create baseline hashes for SOUL.md, AGENTS.md, HEARTBEAT.md and
save to security/hashes/baseline.sha256

Make all scripts executable.

Set up a cron job that wakes Argus every 6 hours to run the heartbeat.

Confirm when done and show me how to test it.

That's it. You just gave your agent a job. Now sit back and watch it work.

Tip

This is a big prompt — and that's fine. OpenClaw is built for multi-step instructions like this. It'll create the directories, write the files, set permissions, and configure the cron job. If it asks you any clarifying questions, answer them and let it continue.

What Just Happened?

Your agent just built a complete security monitoring system. Let's break down what each piece does:

SOUL.md — The Agent's Identity

This defines who Argus is. OpenClaw agents use SOUL files to understand their personality and purpose. Argus is paranoid by design — that's exactly what you want from a security agent.

HEARTBEAT.md — The Patrol Route

Every 6 hours, Argus wakes up and runs through 5 phases:

Self-integrity check — Makes sure Argus's own files haven't been tampered with
File integrity — Compares critical files against saved hashes. If someone (or something) modified a file, Argus notices
Secrets scan — Hunts for API keys, tokens, and credentials that might have leaked into places they shouldn't be
Permission audit — Flags any files that are world-readable when they shouldn't be
Report — Writes everything to a daily report in memory/

The Scripts — The Actual Work

check-integrity.sh reads the baseline hashes and compares them to current files
check-secrets.sh scans for patterns like sk-... (API keys) and 123456789:ABC... (Telegram tokens)
heartbeat.sh ties everything together and generates the report

Reading the Daily Reports

Every 6 hours, Argus writes a new report to memory/. The reports are plain Markdown files named by date — easy to read, easy to search.

A clean report looks boring. That's good. You want boring security reports.

A report with findings will flag exactly what's wrong:

Hash mismatch — A file changed since the baseline was created. Could be you, could be something else. Investigate.
Secret found — An API key or token was found somewhere it shouldn't be. Move it, revoke it, rotate it.
Permission issue — A file is more accessible than it should be. Tighten it up.

What To Do When Argus Finds Something

Don't panic. Most findings are harmless — you edited a config file, a log rotated, whatever.

Here's the process:

Read the report — What exactly did Argus flag?
Investigate — Was it something you did? Check the timestamp against your activity
Fix it — If it's a real issue, fix it. Revoke leaked tokens, tighten permissions, update hashes
Update the baseline — After legitimate changes, update the hashes so Argus doesn't keep flagging them. Just ask your agent:

Update the Argus baseline hashes to reflect the current state of monitored files.

Tip

You can't talk to Argus directly — not yet. For now, you can ask your main agent for updates on Argus's reports. Just message it something like "What did Argus find in the latest security report?" In a later molt, we'll set up how to talk to your sub-agents directly.

Why This Matters

You just did something most OpenClaw users never do: you delegated security to an agent.

This is the pattern you'll use over and over as you level up:

Identify a repeating task
Give your agent clear instructions
Set it on a schedule
Check the reports

You didn't write a single line of code. You described what you wanted in plain language, and your agent built it. That's the whole point of OpenClaw.

Challenge

Run Argus's heartbeat manually and screenshot the daily report showing all checks passed. Then wait for the first automated run (check crontab -l to see when it's scheduled) and compare the two reports. That's your proof you've got a working security agent — and you've completed Molt 1.