Audit Trail
ReviewAudited by ClawScan on May 10, 2026.
Overview
This audit-log skill is purpose-aligned, but it broadly records sensitive agent activity while its secret-redaction and immutability guarantees appear weaker than advertised.
Review this carefully before installing for compliance use. It may be useful as a local audit logger, but do not assume the logs are truly immutable or complete, and avoid logging sensitive tool arguments or message contents until redaction, access control, and integrity protections are strengthened.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may rely on the logs for compliance or investigations even though the provided integrity mechanism does not protect the full audit record.
For a skill advertised as immutable and forensic-ready, the implementation only hashes a small subset of fields and writes ordinary local files. Logged arguments, session, channel, skill, user hash, and duration are not covered by the integrity hash, so important audit details could be altered without a hash mismatch.
const hashData = JSON.stringify({ id: logEntry.id, ts: logEntry.ts, type: logEntry.type, tool: logEntry.tool, outcome: logEntry.outcome, prev_hash: prevHash }); ... fs.appendFileSync(logFile, JSON.stringify(logEntry) + '\n');Hash or sign a canonical representation of every logged field, bind entries to a trusted runtime source, and avoid claiming append-only immutability unless it is enforced by file permissions or an append-only storage backend.
Secrets or private content from tool arguments, messages, memory, or configuration changes could be retained in long-lived audit files and later returned by queries or reports.
The redaction runs regexes on JSON-stringified arguments. Common fields such as {"password":"value"} or {"api_key":"value"} contain a quote between the key and colon, so these patterns will not reliably redact them before persistent logging.
let sanitized = JSON.stringify(entry.args); for (const pattern of this.config.secretPatterns) { sanitized = sanitized.replace(pattern, '[REDACTED]'); } ... /password[:=]\s*[^\s]+/gi, /token[:=]\s*[^\s]+/gi, /api[_-]?key[:=]\s*[^\s]+/giUse recursive key/value redaction before serialization, maintain an allowlist for logged fields, test common credential formats, and protect audit files with access controls or encryption.
A misdirected invocation could create or query audit files in an unintended local directory.
The skill's local file creation is expected for an audit trail, but the base path is supplied by the invocation input, so it can write or read audit directories outside the current workspace if invoked that way.
const targetDir = input.path || process.cwd(); const logDir = path.join(targetDir, this.config.logDir); if (!fs.existsSync(logDir)) { fs.mkdirSync(logDir, { recursive: true }); }Constrain the log base path to the intended workspace or require explicit user approval before using a caller-supplied path.