FeelGoodBot

Know When You've
Been Compromised

File integrity monitoring for macOS that detects tampering and alerts you immediately. Sleep better knowing you'll know.

View on GitHub See How It Works
Terminal
go install github.com/kris-hansen/feelgoodbot/cmd/feelgoodbot@latest

Detection, Then Action

Traditional antivirus tries to prevent malware. FeelGoodBot focuses on detection and response — continuously monitoring your system and taking action when something changes.

File Integrity Monitoring

SHA-256 cryptographic signatures of critical system files. Any tampering is detected instantly.

Instant Alerts

Get notified via Clawdbot, Slack, or macOS notifications the moment something suspicious happens.

Continuous Monitoring

Background daemon scans every 5 minutes. Runs on boot via launchd. Set it and forget it.

Gate Engine

Async request/approve/deny flows for AI agents. Get Telegram notifications and approve with TOTP.

Secure Logging

Tamper-evident logs with HMAC signatures and hash chains. Verify integrity anytime.

Lockdown Mode

Emergency lockdown blocks all gated actions instantly. One command, no auth needed to activate.

Markdown Scanner

Detect prompt injection attacks — hidden instructions, RTL overrides, homoglyphs, and more.

Skill Scanner

Supply chain attack detection for AI skills — shell injection, credential theft, kill chains.

AI-Powered Review

LLM-assisted deep analysis with Claude. Semantic understanding catches novel obfuscation.

New Feature

TOTP Step-Up Authentication

Require OTP codes from Google Authenticator before your AI agent can perform sensitive actions like sending emails, making payments, or deleting files. 15-minute session caching for convenience.

send_email payment:* delete:* gateway:* voice_call:*

What It Monitors

Critical macOS locations where malware hides and persists.

CRITICAL
  • /usr/bin, /usr/sbin — System binaries
  • LaunchDaemons — Persistence mechanisms
  • /etc/sudoers — Privilege escalation
  • authorized_keys — SSH access
WARNING
  • .zshrc, .bashrc — Shell configs
  • /opt/homebrew/bin — Package managers
  • Chrome/Safari Extensions — Browser
  • crontab — Scheduled tasks
AI AGENTS
  • SOUL.md — Agent personality
  • config.yaml — API keys & secrets
  • skills/ — Custom agent skills
  • ~/.config/claude — MCP servers
New in v0.2

Protect Your AI Agents

AI agents are high-value targets. A compromised agent could exfiltrate sensitive data, execute malicious commands, or manipulate its own behavior to serve an attacker.

Personality Hijacking

Attackers modify SOUL.md to change agent behavior

Credential Theft

API keys and secrets extracted from config files

Malicious Skills

Trojan skills injected to execute arbitrary code

Protected Paths

CRIT ~/clawd/SOUL.md
CRIT ~/clawd/AGENTS.md
CRIT ~/.config/clawdbot/config.yaml
CRIT ~/clawd/skills/
WARN ~/clawd/MEMORY.md
WARN ~/.config/claude/
Supply Chain Security

Markdown & Skill Scanning

Detect prompt injection and supply chain attacks before they compromise your AI agent. Inspired by real-world ClawdHub malicious skill incidents.

Markdown Scanner

Prompt injection detection

Hidden instructions
RTL override
Zero-width chars
Homoglyphs
CSS hiding
Link mismatch
# Scan markdown files
feelgoodbot scan-md README.md
feelgoodbot scan-md *.md --json
# Scan from stdin
cat untrusted.md | feelgoodbot scan-md --stdin

Skill Scanner

Supply chain attack detection

Shell injection
Credential theft
Security bypass
Data exfiltration
Staged delivery
Kill chains
# Scan skill directory
feelgoodbot scan-skill ./my-skill/
# AI-powered deep analysis
feelgoodbot scan-skill ./skill --ai-review

AI-Powered Review with Claude

Go beyond pattern matching. The --ai-review flag sends skills to Claude for semantic analysis — understanding attack intent, explaining chains, and catching novel obfuscation that static scanners miss.

🚨 AI Risk Assessment: CRITICAL (confidence: 95%)
This skill downloads and executes remote code while stealing credentials...
Downloads executable from untrusted IP
Bypasses macOS Gatekeeper
Sends SSH keys to external server
New in v0.3

Gate Engine & Security

Advanced security features for AI agent control. Async approval flows, tamper-evident logging, and emergency lockdown.

Gate Engine 🚪

Async request/approve/deny lifecycle for sensitive actions. Perfect for AI agents that need human authorization via Telegram.

Agent requests action → pending (5 min TTL)
User gets Telegram notification
Approve with TOTP → agent gets token
Token valid for 15 min
# Request approval
feelgoodbot gate request payment:transfer
# Approve (prompts TOTP)
feelgoodbot gate approve req_abc123

Secure Logging 📜

Tamper-evident security logs with HMAC signatures and hash chain verification. If anyone modifies the logs, you'll know.

Event types:
auth gate alert integrity lockdown system
# View summary
feelgoodbot logs summary --since 24h
# Verify integrity
feelgoodbot logs verify

Lockdown Mode 🔒

Emergency lockdown blocks ALL gated actions instantly. No auth required to activate — lifting requires TOTP.

Revokes all active tokens
Blocks new gate requests
Triggers alert webhook
# Emergency lockdown
feelgoodbot lockdown
# Lift (requires TOTP)
feelgoodbot lockdown lift

Socket API for Programmatic Access

The daemon exposes a Unix socket (~/.config/feelgoodbot/daemon.sock) for programmatic access. AI agents and tools can interact with gate, logging, and lockdown endpoints without spawning CLI processes.

/gate/request /gate/approve /logs/summary /lockdown /status

Get Started in 30 Seconds

1 Install
$ go install github.com/kris-hansen/feelgoodbot/cmd/feelgoodbot@latest
2 Initialize baseline
$ feelgoodbot init
3 Start monitoring
$ feelgoodbot daemon install && feelgoodbot daemon start
Using Clawdbot?

Get instant alerts in your chat when files are tampered with. Install the feelgoodbot skill for seamless integration.

View Clawdbot Skill on ClawdHub
Read full documentation
Open Source & Free

Feel Good, Bot

Sleep better knowing your system is monitored. Open source, MIT licensed, built for the community.

Star on GitHub