ClawHub

Skill usage tracker

v1.0.0

Automatically tracks and audits skill usage, enforces rules from SKILL_USAGE_RULES.md, logs violations, and generates daily reports.

0· 305·2 current·2 all-time
by@sasamittrrr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the instructions: it audits replies, enforces rules, logs violations, and produces reports. However, the instructions require reading SKILL_USAGE_RULES.md even though that file is not present in the package or declared as a required config path — this is a missing dependency and reduces coherence.
!
Instruction Scope
SKILL.md tells the agent to check every reply, read SKILL_USAGE_RULES.md, write violations to skill_violations.log, and generate daily reports. It does not specify what parts of replies are logged, how rules are sourced if SKILL_USAGE_RULES.md is absent, or whether logs/reports are stored, rotated, or transmitted. Automatic checking of all replies could cause broad access to potentially sensitive user content; the instructions are too vague about scope and data handling.
Install Mechanism
Instruction-only skill with no install steps or external downloads — low risk from installation. No code files were included for static analysis.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a local usage-tracker, but the skill still implies access to the agent's reply stream and the ability to write logs — both of which should be explicitly documented.
!
Persistence & Privilege
The instructions create persistent artifacts (skill_violations.log and daily reports) and state the checks run automatically after each reply. There is no guidance on log contents, retention, encryption, or access controls. Persistent logging of conversation content raises privacy and data-leakage risks if sensitive data are recorded or reports are exported.
What to consider before installing
Before installing, ask the skill author (or the registry) for: (1) the SKILL_USAGE_RULES.md file or where rules will come from; (2) exact logging behavior — what fields of replies are recorded, sample log lines, and whether sensitive content is redacted; (3) where daily reports are stored or sent, who can access them, and retention/rotation/encryption policies; (4) an option to disable automatic per-reply auditing or require explicit user consent; and (5) an explicit config path for logs/rules (don’t assume defaults). If you can’t get clear answers, avoid installing or enable in a restricted test environment only.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jk3mhxnar6h5vwvrsxx9t181z5nn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Skill Usage Tracker

Purpose

自动追踪和审计 skill 使用情况,确保强制规则被执行。

Integration

  • 读取 SKILL_USAGE_RULES.md 获取强制规则
  • 检查每次回复是否符合规范
  • 记录违规到 skill_violations.log
  • 生成每日使用报告

Usage

无需手动调用,系统会自动在每次回复后执行检查。

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…