Add OpenClaw & MCP #2
Open
Franzferdinan51 wants to merge 32 commits into
Open
Conversation
…AI provider support, WebUI with Leaflet map, persistent settings
…, OpenClaw integration
- src/regions.ts: 44 regions (was 7), all 6 continents, sub-regional granularity - src/sources/rss.ts: NEW RSS/Atom feed parser + 30-feed registry - src/sources/intel.ts: NEW USGS earthquakes, GDACS disasters, NWS weather, Open-Meteo - src/http.ts: rewired to use new modules, added /osint /snapshot /earthquakes /gdacs /weather endpoints - README.md: full v2.0 documentation with all endpoints - .env.example: OPENSKY_API_KEY added Replaces broken HTML scraping (Reuters, AP, Al Jazeera) with stable RSS feeds. Google News RSS used as proxy for sources whose RSS is geo-blocked or dead. All endpoints verified working: 28/30 feeds live, 21917 flights tracked, 15 M4.5+ quakes, 100 GDACS events.
- src/sources/intel.ts: fetchDefconLevel() — parses defconlevel.com current level - src/http.ts: new GET /defcon endpoint, DEFCON woven into /osint summary and /snapshot - README.md: v2.1 banner, document /defcon endpoint - v2.1.0-lobster Fixes the gap where the OpenClaw evening brief and topic configs (osint-news.md, ww3-sitrep.md, HEARTBEAT.md) all list defconlevel.com as a source but no actual fetcher was wired up. 15-minute cache. Current level = DEFCON 3.
…elegram 9 new endpoints ported from github.com/simplifaisoul/osiris into ClawdWatch Lobster Edition's Node.js / API-only style. All endpoints tested end-to-end via scripts/test-endpoints.js (24/24 pass). New endpoints: GET /sanctions?q=<name> OFAC SDN + OpenSanctions person/org/vessel (needs API key) GET /crypto/btc/:address BTC wallet trace via blockstream.info (no key) GET /crypto/eth/:address ETH wallet trace via Blockscout (no key) GET /fires?hours=24®ion NASA FIRMS active fire hotspots (needs API key) GET /cve/:id NVD CVE detail lookup (no key) GET /cve/recent?days=7 recently modified CVEs (no key) GET /whois/:domain RDAP lookup (no key) GET /dns/:domain A/AAAA/MX/TXT/NS/CNAME via Google DoH (no key) GET /telegram/:channel public Telegram channel recent messages (no key) Plus: - .env.example updated with OPENSANCTIONS_API_KEY + FIRMS_MAP_KEY hints - scripts/test-endpoints.js covers all 24 endpoints, fails fast on regression - / endpoint version bumped to 2.2.0-lobster, endpoint list expanded No existing functionality changed. All 15 v2.1 endpoints still pass.
…er-threats, geo, air-quality) New endpoints (all free, no API keys required): - /space-weather NOAA SWPC Kp index + solar flares + geomagnetic alerts - /sentinel Sentinel-1/2 satellite imagery search via Element84 STAC - /satellites Celestrak TLE catalog (stations, weather, starlink, etc.) - /cyber-threats CISA Known Exploited Vulnerabilities (recent KEV) - /geo IP geolocation (3-provider cascade: ipapi.co → freeipapi.com → ipwho.is) - /air-quality Open-Meteo current AQI for 22 major global cities Fixes: - /sentinel: removed bad sortby field (Element84 STAC doesn't sort on 'datetime') - /geo: fixed ASAS → AS prefix in ASN formatting - /air-quality: switched from retired OpenAQ v2 to working Open-Meteo API All 31 endpoints registered. Test harness passes 30/30 (2 endpoints need API keys, return 404).
…AC auto-flag, opt-in port scanner
New endpoints:
- /ssl/:host SSL/TLS certificate inspector (Node tls module, free, no key)
Returns full cert chain: subject, issuer, validity dates, SHA-256,
SHA-1 fingerprints, SANs, self-signed detection, expiry warnings
- /news/live Live broadcast network catalog (15 global 24/7 news streams)
Static feed list with embeddable/external split, lat/lng for mapping
- /ofac/check?q= Single-value OFAC SDN cross-check (returns null without API key)
- POST /ofac/refresh Reload OFAC cache from OpenSanctions (needs OPENSANCTIONS_API_KEY)
- /scan?host=&ports= TCP port scanner with SSRF guards (default OFF)
OFAC auto-flag integration:
- /whois/:domain Each registrant entity now has 'ofac_sanctioned' boolean
- /geo?ip= Response includes 'ofac_sanctioned' for the queried IP
- /crypto/btc/:addr Response includes 'ofac_sanctioned' for the wallet address
- /crypto/eth/:addr Response includes 'ofac_sanctioned' for the wallet address
Without OPENSANCTIONS_API_KEY, all auto-flags degrade to null (graceful)
Port scanner safety:
- Default OFF via PORT_SCAN_ENABLED=false
- SSRF guards block private IPs (10.x, 192.168.x, 172.16-31.x, 127.x, 169.254.x,
IPv6 ::1, fc00::/7, fe80::/10, 224.x) unless PORT_SCAN_ALLOW_PRIVATE=true
- 31-port default scan + banner grabbing for service fingerprinting
- 3s timeout per port, parallel probes
Test results: 34/34 endpoints pass (was 22/24 before). Includes /scan disabled-state.
…fix 'ME-focused' misnomer ClawdWatch Lobster Edition is GLOBAL (44 regions, 6 continents), not ME-focused. Old README incorrectly stated 'ME-focused' and lacked: - Provenance section crediting cloudweaver/clawdwatch (upstream) + OSIRIS (inspiration) - 15 OSIRIS-derived endpoints (was undocumented) - RECON Toolkit (SSL, live news, OFAC auto-flag, port scanner) - Feature toggle documentation (SANCTIONS_ENABLED, FIRES_ENABLED, PORT_SCAN_ENABLED) - OFAC auto-flag behavior (null vs false, graceful degradation) - Port scanner SSRF guard behavior - Live broadcast network catalog - Consumption pattern (how the agent actually uses it) - v2.2 → v2.4 changelog Kept the lobster voice: ASCII art banner, 'all-seeing OSINT agent' tagline, 'in the fog of war, be the one who sees clearly' closer, all 🦀 emoji. Updated: - Version banner: v2.1 → v2.4 - Project structure: includes osiris.ts, mcp-clawdwatch/ path fixed, test harness noted - Scripts: added test-endpoints.js - News table: 30 feeds labeled as global (was ambiguously sorted) - Added explicit credits section
Was hardcoded '2.1.0-lobster' in /status and /snapshot, '2.2.0-lobster' in /. The server-log banner was already v2.4. Align everything.
The MCP server only knew about 6 hardcoded tools (status, flights, news,
osint, conflict, regions). The other 31 endpoints we shipped in v2.2-v2.4
(DNS, WHOIS, SSL, CVE, crypto, sanctions, fires, telegram, OFAC, scan,
sentinel, satellites, cyber-threats, geo, air-quality, space-weather, live
news, etc.) were unreachable through MCP.
Rewrote mcp-clawdwatch/index.mjs:
- Fetches GET / on startup and parses the live endpoint catalog
- Auto-generates one MCP tool per HTTP endpoint (clawdwatch_<key>)
- Auto-extracts path params (':domain', ':address') into inputSchema.required
- Auto-extracts query params ('?host=&ports=') into inputSchema.properties
- Auto-detects type (number for days/hours/limit/etc., string otherwise)
- Supports POST endpoints (e.g. /ofac/refresh) with correct method
- Override backend URL via CLAWDWATCH_URL env var
- Uses native Node fetch (drops node-fetch dependency)
Verified end-to-end with JSON-RPC stdio test:
- initialize → server reports clawdwatch v2.4.0-lobster
- tools/list → 37 tools (was 6)
- clawdwatch_whois github.com → 200, real RDAP data
- clawdwatch_sslInspect github.com → TLSv1.3, 41 days to expiry
- clawdwatch_scan host=github.com → blocked with clear reason
Other:
- mcp-clawdwatch/package.json: install missing @modelcontextprotocol/sdk,
fix main/start to point at index.mjs (was index.js)
- mcp-clawdwatch/.gitignore: exclude node_modules/
- README.md: updated MCP section to note auto-sync + 37 tools
- regions.ts: +18 country-level regions * Africa: sudan, nigeria, ethiopia, drc, kenya, tanzania, south_africa * Europe: poland, greece, spain * Asia: vietnam, indonesia, philippines, myanmar * Americas: venezuela, colombia, cuba * Oceania: papua_new_guinea - cli.ts: full rewrite (797 lines of dead code referencing RegionName/getRegionDefinition/listRegionDefinitions/resolveRegionInputs → 290 lines that use the live HTTP API). Old version failed 'npx tsc --noEmit' with 5 errors. New version supports: * npm run regions [--group <g>] [--json] * npm run snapshot [--region X] [--json] [--base http://...] * npm run status - src/http.ts: bump version to 2.5.0-lobster (3 places) - README.md: update region counts everywhere (44→62), add comprehensive OpenSanctions setup section (hosted API key 5-min path + on-prem Docker yente path), add v2.5 changelog - .env.example: expanded OpenSanctions docs with the on-prem Docker yente setup recipe, optional OPENSANCTIONS_BASE_URL for self-hosted - package.json: bump version to 2.5.0-lobster - delete src/cli.ts.bak (dead backup) All 18 new regions tested live via /regions and CLI. npx tsc --noEmit is clean. MCP catalog still auto-syncs 37 tools. EOF
added 2 commits
June 29, 2026 15:30
…t, and clawdwatch-threat-brief skill - src/alerts/defcon.ts: new DefconAlertHandler class with Telegram/Slack dispatch, cooldown/escalation state machine, env-var factory - src/sources/intel.ts: add DEFCON_SCORE_1-5 constants, defconScore(), full DEFCON 4 & 5 descriptions, threatScore field in DefconStatus - src/http.ts: enrich GET /defcon with threatLevel + thresholds table, add GET /defcon/score for lightweight numeric response - skills/clawdwatch-threat-brief/: new skill (v0.2.0) - SKILL.md: threat brief procedure and verification - references/defcon-alert-flow.txt: state machine + channel rules - references/threat-score-ref.txt: interface, endpoints, scoring map - scripts/clawdwatch-brief.sh: one-shot brief runner
…ript - SKILL.md: Procedure Step 4 now specifies the EXACT output format (ASCII bars, DEFCON table, Breaking, Ceasefire, Risk Drivers, Bottom line) as a mandatory constraint — no deviations, live data always required - clawdwatch-brief.sh: updated to attempt live HTML parse from defconlevel.com when HTTP server is offline, with proper exit codes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
added a way for openclaw to use this and report on demand as well as a MCP for lm studio this should help people work thru thoughts about situations on the fly thats what i have been using it for so far i used my openclaw to help build this its running (MiniMax M2.5) so i hope this helps someone out their