ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

buildlog

Record, export, and share your AI coding sessions as replayable buildlogs

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2.5k · 8 current installs · 9 all-time installs
byErik@espetey
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, commands, and configuration all align: the skill documents starting/stopping recordings, exporting sessions, and uploading to buildlog.ai. No unrelated binaries, installs, or credentials are requested.
!
Instruction Scope
The SKILL.md instructs the agent to capture sessions in real time and offers an option includeFileContents=true with a maxFileSizeKb. It does not define which files are captured (workspace files, all files referenced, or arbitrary system files) or the exact triggers for auto-upload. This vagueness could lead to unintended capture and upload of sensitive data (secrets, credentials, private files). The doc also claims 'API keys are never included in exports' but provides no technical guarantee or mechanism for redaction.
Install Mechanism
No install spec or code files — instruction-only skill. This minimizes disk-write and supply-chain risk.
Credentials
The skill declares no required environment variables and no primary credential. The SKILL.md shows an optional apiKey in OpenClaw config for uploads, which is appropriate for an upload feature. However, since file-content capture is configurable, the absence of required credentials does not eliminate the risk of exporting sensitive local data.
Persistence & Privilege
always is false and there are no install hooks or claims to modify other skills or system config. The skill can be invoked autonomously (platform default), which is expected — but if allowed to run autonomously it could record and upload session data unless autoUpload is disabled.
What to consider before installing
This skill appears to do what it says (record and upload coding sessions), but you should be careful before enabling it for real work. Things to consider before installing or using it: - Turn off autoUpload by default and review exports before uploading. - Set includeFileContents to false if you don't want the skill to capture file contents (this reduces risk of leaking secrets or private files). - If you provide an apiKey, treat it like a credential — only use it if you trust buildlog.ai and understand their retention/privacy policies. - Avoid recording sessions that handle secrets (API keys, private keys, passwords, internal IPs). - Ask the maintainer (or check the repository) for implementation details showing how exports redact secrets and what exact files are captured. If you need assurance, request or review source code that limits capture scope and demonstrates redaction before uploading. Given the information available (instruction-only SKILL.md with no code), this assessment is medium confidence; access to the implementation or a privacy/security whitepaper from buildlog.ai would raise confidence and could change the verdict to benign if it proves explicit safeguards.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk974w0hcx7vkm3vhtwk3kjztz980cjb9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Buildlog Skill

Record your OpenClaw coding sessions and share them on buildlog.ai.

Overview

The buildlog skill captures your AI-assisted coding sessions in real-time, creating replayable recordings that can be shared with others. Perfect for:

  • Tutorials: Share how you built something step-by-step
  • Documentation: Create living documentation of complex implementations
  • Debugging: Review sessions to understand what went wrong
  • Learning: Study how others approach problems

Commands

Recording

  • "Start a buildlog [title]" — Begin recording a new session
  • "Stop the buildlog" — End recording and optionally upload
  • "Pause the buildlog" — Temporarily pause recording
  • "Resume the buildlog" — Continue a paused recording

Exporting

  • "Export this session as a buildlog" — Convert current session to buildlog format
  • "Export the last [N] messages" — Export a portion of the session

Uploading

  • "Upload the buildlog" — Push to buildlog.ai
  • "Share the buildlog" — Upload and get a shareable link

Annotations

  • "Add a note: [text]" — Add commentary to the current point
  • "Mark this as important" — Flag the current exchange
  • "Add chapter: [title]" — Create a chapter marker

Status

  • "Buildlog status" — Check recording state
  • "Show buildlog info" — Display current recording details

Configuration

Add to your OpenClaw configuration:

{
  "skills": {
    "buildlog": {
      "apiKey": "your-api-key",
      "autoUpload": false,
      "defaultPublic": true,
      "includeFileContents": true,
      "maxFileSizeKb": 100
    }
  }
}

Options

OptionTypeDefaultDescription
apiKeystringYour buildlog.ai API key (optional for public uploads)
autoUploadbooleanfalseAutomatically upload when recording stops
defaultPublicbooleantrueMake buildlogs public by default
includeFileContentsbooleantrueInclude file content snapshots
maxFileSizeKbnumber100Maximum file size to include

Events

The skill emits the following events:

  • buildlog:started — Recording began
  • buildlog:stopped — Recording ended
  • buildlog:paused — Recording paused
  • buildlog:resumed — Recording resumed
  • buildlog:uploaded — Buildlog uploaded successfully
  • buildlog:error — An error occurred

Examples

Basic Recording

You: Start a buildlog "Building a REST API"
Assistant: 🔴 Recording started: "Building a REST API"

You: Create an Express server with TypeScript
Assistant: [creates files...]

You: Stop the buildlog
Assistant: Recording stopped. 12 exchanges captured.
         Would you like to upload to buildlog.ai?

Retroactive Export

You: Export this session as a buildlog
Assistant: Exported 24 exchanges as buildlog.
         Title: "Untitled Session"
         Ready to upload?

Privacy

  • Buildlogs can be public or private
  • API keys are never included in exports
  • You control what gets shared
  • Delete buildlogs anytime at buildlog.ai

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…