ktg-plugin-marketplace/plugins/llm-security-copilot/skills/watch/SKILL.md

---
name: security-watch
description: Continuous security monitoring — runs diff on a recurring interval
---

# Security Watch

Set up continuous monitoring that runs security diffs on an interval.

## Step 1: Parse Arguments

- Target path = first positional argument or current directory
- `--interval <value>` — monitoring interval (default: 6h). Supports: 30m, 1h, 6h, 12h, 24h.

## Step 2: Create Initial Baseline

```bash
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --save-baseline
```

Display baseline summary: verdict, risk score, finding counts.

## Step 3: Start Monitoring

For continuous monitoring, use the watch-cron scanner:

```bash
node <plugin-root>/scanners/watch-cron.mjs [--config <plugin-root>/reports/watch/config.json]
```

Or set up a system cron job / scheduled task:
- **Linux/macOS cron:** `0 */6 * * * node <plugin-root>/scanners/watch-cron.mjs`
- **Windows Task Scheduler:** Create a task that runs the same command on your preferred interval

## Step 4: Advisory

- Results stored in `<plugin-root>/reports/watch/latest.json`
- Use `security-diff` to manually compare against baseline at any time
- Watch-cron overwrites latest.json on each run