TrustLog Guard
PassAudited by ClawScan on May 1, 2026.
Overview
TrustLog Guard is purpose-aligned and instruction-only, but it will read local OpenClaw session logs to calculate spend and save a local budget file.
Before installing, confirm you are comfortable with the skill reading local OpenClaw session JSONL logs to calculate costs. The artifacts do not show executable code, credentials, or network transfer, but session logs may still contain sensitive conversation history, so keep reports focused on cost, model, timestamp, and session metadata.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill may expose local session history, file names, timestamps, models, and cost metadata to the active agent context while it builds reports.
The skill is designed to read local OpenClaw session logs. That is purpose-aligned for spend reporting, but session logs can contain private agent activity beyond just cost fields.
Session logs are located at: `~/.openclaw/agents/{agent}/sessions/*.jsonl` ... Read all `.jsonl` session files.Use it only if you are comfortable with local OpenClaw session logs being read for cost analysis, and avoid asking it to print raw conversation content unless needed.
Budget values may persist across sessions and influence later budget status reports.
The skill writes persistent local budget settings. This is expected for budget management and is scoped to the skill's workspace.
Save the budget to: `~/.openclaw/workspace/trustlog-guard/budgets.json`
Check or delete the local budgets.json file if you want to reset stored budget limits.
A user might underestimate the sensitivity of the session logs being processed.
The artifact makes an absolute privacy claim. The provided instructions do not show exfiltration or network use, but users should still understand that local logs are being read into the agent workflow.
Reads session .jsonl logs locally. 100% private.
Treat the privacy claim as limited to the artifact's lack of disclosed network behavior, and review what log data the agent reads or reports.