SocketClaw

SocketClaw is a real-time network monitoring and autonomous threat response platform. It combines ICMP probes, TCP port scanning, and log watchers, then sends events through a LangGraph pipeline powered by Claude to classify traffic as normal, suspicious, or critical.

The system is structured like a small security operations loop: probes feed a WebSocket server, the agent performs classification and response planning, and a Gradio dashboard displays live events, decisions, and host status. It also includes persistent SQLite storage and a custom WebSocket frame protocol with channel multiplexing and CRC32 verification.