ClawHub

log

v1.1.1

A privacy-first, local-first provenance protocol for agent workflows. Emits structured audit records for important decisions, tool calls, state changes, and...

1· 343·2 current·2 all-time
by@agistack
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares a provenance/logging purpose and only provides instructions for emitting a structured audit record; it requests no binaries, env vars, or installs — all proportional to a logging protocol spec.
Instruction Scope
The SKILL.md stays within logging scope and explicitly forbids secrets and chain-of-thought. One ambiguity: examples show source_references such as "user_prompt" and "local:file_a.md" which could surface sensitive user content or local filenames. The spec requires redaction but enforcement is left to the host; hosts should ensure agents actually redact and avoid including raw sensitive content.
Install Mechanism
Instruction-only (no install spec, no code files to execute). This minimizes filesystem/network risk.
Credentials
No environment variables, credentials, or config paths are requested; the declared requirements are minimal and appropriate for a logging/provenance specification.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges. Model invocation is allowed (default) but that is expected for an agent-invocable skill and not, by itself, a concern.
Assessment
This skill is a logging/provenance specification and is internally coherent, but the host environment is responsible for enforcing redaction, storage, and approval flow. Before enabling: 1) verify your host will not forward logs to external services and will store them according to your privacy policy; 2) test with non-sensitive inputs to confirm the agent redacts secrets and does not emit chain-of-thought; 3) if you allow 'source_references' that include user prompts or local filenames, ensure those references do not accidentally leak sensitive content; 4) prefer host-side enforcement of approval gates rather than relying on the skill's textual rules alone.

Like a lobster shell, security has layers — review code before you run it.

auditvk973maemx9c17smd9dxtqv2b4s82gb8ydatavk973maemx9c17smd9dxtqv2b4s82gb8ylatestvk97bm7231vahg2pccw0wwsvbd9833h8blogvk973maemx9c17smd9dxtqv2b4s82gb8ymemoryvk973maemx9c17smd9dxtqv2b4s82gb8ysecurityvk973maemx9c17smd9dxtqv2b4s82gb8y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments