Audit Log Firewall
v1.0.0Policy-based monitoring and command-line enforcement for high-risk agent operations. Intercepts sensitive commands and logs them for human auditing.
⭐ 0· 367·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a command-interception and logging guardrail which is coherent with the skill name. However, the skill metadata declares no required config paths or binaries while the instructions explicitly reference local files (config/allowlist.json and .logs/SECURITY.json) and an install command. The absence of a source/homepage and no code/install spec contrasts with the installation instruction (clawhub install ...) and creates an unresolved gap: there's no provided mechanism for how interception/enforcement would actually be implemented.
Instruction Scope
Instructions direct the agent to 'intercept every command', check a local allowlist, enforce a 'Pause and Ask' for high-risk commands, and log 'all terminal activity' including Timestamp, Command, User, Working Directory, and Hash. These steps imply reading command streams and writing forensic logs — actions that touch local filesystem state and potentially sensitive runtime context. The SKILL.md is high-level and does not specify how interception should occur or what exact commands are considered 'high risk' beyond a few examples, giving the agent broad discretion.
Install Mechanism
The skill is instruction-only with no install spec or code files in the registry, yet SKILL.md contains an install command (clawhub install audit-log-firewall). That install command suggests there should be an installable artifact, but none is provided here. Because there's no declared install or third-party download, nothing will be written to disk by the registry itself — but the mismatch is a provenance/traceability concern.
Credentials
No environment variables, credentials, or required binaries are declared, which is appropriate for a local monitoring tool. However, the instructions still require access to local files (config/allowlist.json and .logs/SECURITY.json) and to gather contextual info (User, Working Directory) that are not declared in metadata. That mismatch should be resolved before trusting the skill.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges and does not declare modifications to other skills or global settings. Autonomous invocation is allowed by default (disable-model-invocation: false) — standard for skills — but because this skill is intended to intercept commands, you should be cautious about giving it autonomous invocation without reviewing its implementation and storage behavior.
What to consider before installing
Proceed with caution. This skill's purpose (blocking and logging dangerous commands) is plausible, but the package lacks source code, a homepage, and an installable artifact despite containing an install command in SKILL.md. Before installing or enabling it: 1) ask the publisher for the implementation/source so you can audit how commands are intercepted and what is actually logged; 2) verify exactly where logs are stored, who can read them, and whether logs could contain secrets; 3) ensure the allowlist path (config/allowlist.json) and log path (.logs/SECURITY.json) are created in a controlled, write-restricted location; 4) do not grant autonomous invocation on production agents until you review the code; and 5) if you cannot obtain the implementation or provenance, run in an isolated test environment only.Like a lobster shell, security has layers — review code before you run it.
latestvk97dtbjt8jkfsqpfpjcvzrydad822r0s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.