ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Audit Trail

v1.0.0

Governance — immutable, timestamped, hash-chained audit log of all agent actions. Forensic-ready for compliance, investigation, and accountability.

0· 28·0 current·0 all-time
byAdnane Arharbi@arhadnane
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code: it writes JSONL logs, chains hashes, verifies chains, and can query/generate reports. However, the SKILL.md claims 'append-only' and 'agent cannot delete or modify entries' — the code simply writes files to a directory under the agent's cwd and does not enforce OS-level immutability, append-only filesystem flags, or access controls. Storing logs in the working directory ('.security/audit-trail') may capture arbitrary sensitive context depending on targetDir.
!
Instruction Scope
SKILL.md describes 'always-on hook on ALL agent actions' and 'verify on every read' and promises secrets will be redacted before logging. The implementation does sanitize args using regexes, but the code has correctness issues: sanitizeEntry JSON-parses a possibly-truncated string (which will break for very large entries), user hashing truncates the SHA-256 digest to 16 hex chars (increasing collision risk), and some code appears truncated/unfinished (matchesQuery is cut off). Also, the doc's claim that the agent cannot delete/modify entries is not enforced by the implementation.
Install Mechanism
No install spec or external downloads; the skill is provided as local JS code and SKILL.md. No third-party packages are fetched at install time. This is low install risk.
Credentials
The skill requests no environment variables or external credentials and does not contact external endpoints. It includes patterns to redact many common secret formats (AWS keys, GH tokens, bearer tokens). That is reasonable for an auditing tool, but redaction is implemented by regex replacements in-memory which can be brittle; the truncated user-hash and potential redaction/parsing bugs reduce privacy guarantees.
Persistence & Privilege
The skill persists logs and writes integrity and report files to disk, which is expected for an audit tool. It does not declare 'always: true' and does not request elevated platform privileges. Still, persistent logs can contain sensitive data and require careful filesystem permissioning and operational controls (retention/purge workflows, manual approval hooks) that the code/documentation do not technically enforce.
What to consider before installing
This skill largely does what it says (hash-chained JSONL logs, chain verification, queries, reports) and does not exfiltrate data or call external services, but there are practical and correctness issues you should address before trusting it for compliance: - Do not assume immutability: the code writes files to the agent's working directory but does not set OS-level append-only flags or permissions to prevent deletion/modification. Protect the log directory with appropriate filesystem ACLs or an external immutable storage backend. - Review and fix implementation bugs: sanitizeEntry can produce invalid JSON for truncated inputs, user hashing truncates the SHA-256 output (collision risk), and parts of the code appear truncated/unfinished. These flaws could break redaction or integrity checks. - Test redaction and hashing in a safe environment with realistic inputs to confirm secrets are consistently removed and user identifiers are anonymized as required by policy. - Consider audit log access controls and encryption at rest. The skill writes plain files by default; ensure the logs are only readable by authorized processes and consider encrypting archives. - Prefer explicit operational controls: human-approval purge flows, tamper-evidence stored in an external immutable store, and signed log entries if you need a forensic-grade chain. Given these mismatches between claims and implementation, review and fix the code (or obtain a vetted implementation) before relying on this skill for compliance or forensic purposes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97atc4f6sw7sp01bk21we954n845amh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📜 Clawdis

Comments