ClawHub

Auditd

v1.0.0

Linux Audit Framework reference. auditctl rules for file watches and syscall auditing, auditd.conf configuration, ausearch log queries, aureport summaries, a...

0· 70·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (auditd reference) aligns with the files and included script: examples and guidance for auditctl, ausearch, aureport, and auditd.conf. The skill does not request unrelated credentials or config paths. Note: the SKILL.md and script assume standard system utilities (auditctl, ausearch, aureport, augenrules, systemctl/service, kill, etc.) are present but these are not listed as required binaries — this is a minor metadata omission, not a functional mismatch.
Instruction Scope
Instructions are focused on auditd usage, log searching, and rule management. However, many suggested commands modify system state (adding/deleting/locking rules, restarting or signaling auditd, changing disk action policies) and therefore require root privileges and can impact system behavior (including suspending logging). The skill's instructions also reference reading /var/log/audit/audit.log and /etc/audit files — appropriate for the purpose but potentially sensitive.
Install Mechanism
No install spec (instruction-only plus a bundled script). No downloads or external installers are used, so there is no additional install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The operations it documents do require local privileged access to audit configuration/logs, which is proportional to an auditd reference skill.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide configuration changes on install. Note that an agent invoking the skill (autonomously) could run privileged commands if the agent process has elevated rights — this is a platform usage consideration, not a misbehavior of the skill itself.
Assessment
This skill is a local reference for auditd and appears coherent, but it documents and would instruct the agent to run commands that require root and can change system auditing (add/delete/lock rules, suspend logging, restart the daemon). Before installing or invoking: (1) review the included script and SKILL.md yourself; (2) do not allow the agent to run these commands as root without human review — prefer read-only queries; (3) test any commands in a non-production environment first; (4) if you enable autonomous invocation, restrict the agent's privileges so it cannot modify audit rules or restart system services without explicit human approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk972j3r1cgqqd18g0p3g0gd74s83hrd1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments