ClawHub

EctoClaw

v0.1.3

Cryptographic audit ledger and AI firewall for OpenClaw agents. Records every agent action (messages, skills, tools, plugins, memory, models) in an immutable...

0· 188·0 current·0 all-time
by@ectospace
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md instructs the agent to call an ECTOCLAW_URL service to create sessions, append events, verify chains, stream events, and manage policies. Requiring a single primaryEnv (ECTOCLAW_URL) and an optional npm install of an 'ectoclaw' binary is coherent for an audit/firewall integration.
Instruction Scope
Instructions confine activity to HTTP(S) calls to {ECTOCLAW_URL} endpoints (sessions, events, verify, metrics, policies, stream). That is expected for an external audit service. However, the skill's purpose is to record 'every agent action' including messages, tool calls, model requests, and memory — which inherently captures sensitive prompts, tool outputs, and secrets. The SKILL.md explicitly warns not to point the URL at an untrusted host, but the agent will send potentially sensitive data to whatever ECTOCLAW_URL is configured.
Install Mechanism
Install spec is an npm package ('ectoclaw') that provides an 'ectoclaw' binary. Using an npm package is proportionate for this functionality but carries moderate supply-chain risk; you should review the package source (GitHub repo referenced in SKILL.md) before installation and prefer running a locally controlled instance.
Credentials
Only one primary environment variable (ECTOCLAW_URL) is declared, which is appropriate. Because audit logs may include secrets, the single URL gives a lot of exfiltration power if pointed at a remote/untrusted host. The SKILL.md warns about this, but users must ensure the endpoint is trusted and properly authenticated.
Persistence & Privilege
always:false and no config paths or extra privileges are requested. The skill does not request permanent agent inclusion or system-wide config changes in the provided instructions.
Scan Findings in Context
[no_regex_findings] expected: Static scanner found no code files to analyze; this is expected because the skill is instruction-only (SKILL.md) and the install spec points to an external npm package rather than bundling code.
Assessment
This skill appears to do what it says: send audit events to an EctoClaw server. Before installing or enabling it: (1) ensure ECTOCLAW_URL points to a server you control or a trusted private instance behind authentication; do not point it at third-party hosts you don't trust, because audit logs can include sensitive prompts, tool outputs, and memories; (2) review the referenced GitHub repo and the npm package contents for malicious or surprising behavior before running the installer; (3) configure retention, redaction, and policy rules to avoid storing unnecessary secrets; (4) run the EctoClaw server locally or in a tightly controlled network and require authentication (reverse proxy, mTLS, or tokens) if it must be reachable beyond localhost; and (5) consider limiting which event types are logged if you need stricter data minimization.

Like a lobster shell, security has layers — review code before you run it.

auditvk97614t4370yc5pxs1wf8x5zd582r7njfirewallvk97614t4370yc5pxs1wf8x5zd582r7njlatestvk97614t4370yc5pxs1wf8x5zd582r7njsecurityvk97614t4370yc5pxs1wf8x5zd582r7nj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Primary envECTOCLAW_URL

Install

Install EctoClaw (npm)
Bins: ectoclaw
npm i -g ectoclaw

Comments