ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Consent

v2.0.1

Build cookie consent banners and track opt-in compliance status. Use when implementing GDPR consent, auditing cookies, generating privacy banners.

0· 223·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with required artifacts and behavior: the skill provides local commands for recording consent, audits, token rotation logs, exporting, and searching. Nothing requested (no env vars, no external binaries) is out of scope for a local consent logger.
Instruction Scope
SKILL.md and the script instruct the agent/user to write and read timestamped plain-text log entries under ~/.local/share/consent. There are no instructions to read unrelated files or call external endpoints, but many commands will record arbitrary input (including credentials or PII) verbatim into logs and history.log.
Install Mechanism
There is no install spec (instruction-only skill) and only a bundled Bash script. No remote downloads or package installs are requested.
Credentials
The skill requires no environment variables, credentials, or config paths beyond creating and using a local data directory — proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or global agent privileges. It writes only to its own data dir (~/.local/share/consent) and does not modify other skills or system-wide agent configs.
Assessment
This skill is internally consistent and appears to be a simple, offline consent/audit logger. Important cautions before installing or using it: - Data is stored as plain text under ~/.local/share/consent (per-command .log files and history.log). Do not store production secrets, unencrypted passwords, or sensitive PII there. - Exports merge all logs into single files (export.*) and will include everything logged — treat those files as sensitive. - Consider hardening: set the data directory to restrictive permissions (chmod 700), run in a limited account or container, and avoid logging raw secrets. If you need secure storage, use an encrypted store or modify the script to encrypt entries at rest (or to not capture secrets). - The script appears to make no network calls, requests no credentials, and contains no obfuscated code, but you should still inspect the bundled script before running and consider running in an isolated environment if you have high-sensitivity data needs.

Like a lobster shell, security has layers — review code before you run it.

latestvk971518fv8evx48fmmvhwqaqw9835xca

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Consent

Security toolkit for managing consent records — generate tokens, check strength, rotate credentials, audit logs, store and retrieve entries, manage policies, and produce compliance reports. All data stays local.

Commands

CommandDescription
consent generate <input>Generate a new entry and log it
consent check-strength <input>Check strength of a given input and record the result
consent rotate <input>Rotate a credential or token and log the change
consent audit <input>Record an audit entry for compliance tracking
consent store <input>Store a value securely in the local data log
consent retrieve <input>Retrieve a previously stored value
consent expire <input>Mark an entry as expired
consent policy <input>Record or update a policy entry
consent report <input>Generate a report entry for review
consent hash <input>Hash a value and store the result
consent verify <input>Verify a value against stored records
consent revoke <input>Revoke a previously granted consent or credential
consent statsShow summary statistics: entry counts, data size, first activity date
consent export <fmt>Export all data in json, csv, or txt format
consent search <term>Search across all logs for a keyword
consent recentShow the 20 most recent activity entries
consent statusHealth check: version, data dir, entry count, disk usage, last activity
consent helpShow help with all available commands
consent versionShow current version

Command Behavior

  • With arguments: Each command logs the input with a timestamp to its own dedicated log file (e.g., generate.log, audit.log)
  • Without arguments: Each command displays the 20 most recent entries from its log file

Data Storage

  • Default data directory: ~/.local/share/consent/
  • Per-command logs: $DATA_DIR/<command>.log (e.g., generate.log, audit.log, store.log)
  • History log: $DATA_DIR/history.log — master timeline of all activity
  • Export files: $DATA_DIR/export.<fmt> — generated by the export command
  • All data is local plain-text. No network calls, no cloud sync.

Requirements

  • Bash 4+ (uses set -euo pipefail)
  • No external dependencies or API keys required
  • Works entirely offline — your data stays on your machine

When to Use

  1. Tracking consent and compliance — Record who consented to what and when with store, audit, and policy for a simple compliance trail
  2. Credential rotation logging — Use rotate and expire to log when credentials were changed or invalidated
  3. Security auditing — Run audit entries and pull report data to review security posture over time
  4. Exporting compliance data — Use export json or export csv to produce machine-readable records for external auditing tools
  5. Quick lookups and verification — Search across all logs with search or verify specific entries with verify and hash

Examples

# Store a consent record
consent store "user:alice accepted terms-of-service v2.1"

# Audit a policy change
consent audit "updated data retention policy to 90 days"

# Generate a new token entry
consent generate "api-key-prod-2025"

# Rotate a credential and log it
consent rotate "db-password-main rotated"

# Check strength of a passphrase
consent check-strength "my-complex-passphrase-2025!"

# Export all data as JSON
consent export json

# Search across all logs
consent search "alice"

# View summary statistics
consent stats

# Health check
consent status

# Show recent activity
consent recent

How It Works

Each domain command (generate, audit, store, etc.) maintains its own log file in the data directory. Entries are stored as timestamp|value lines. The stats command aggregates counts across all log files. The export command merges all logs into a single file in your chosen format. Every action is also recorded in history.log as a master audit trail.

Tips

  • Run any command without arguments to see its recent entries — great for quick review
  • Use consent recent to see a timeline of all activity across all commands
  • Pipe exports to other tools: consent export csv && cat ~/.local/share/consent/export.csv | head
  • Combine search with grep for complex queries: consent search "2025" | grep "policy"
  • Run consent help at any time for the full command reference

Powered by BytesAgain | bytesagain.com | hello@bytesagain.com

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…