ClawHub

Agent Rule Audit

v1.0.0

Audit an OpenClaw agent's behavior-layer rules and prompt sources to find drift, redundancy, conflict, loss of focus, and weak behavior guidance. Use when re...

0· 50·0 current·0 all-time
byAlan Wang@gkso
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the actual content: an instruction-only auditor for OpenClaw behavior-layer files. It requests no binaries, env vars, or installs — all proportional to an auditing guidance skill.
Instruction Scope
The SKILL.md directs the agent to read the workspace's core behavior files (AGENTS.md, SOUL.md, USER.md, etc.) and optionally widen scope when needed. This is appropriate for an audit, but it assumes the agent has access to the target workspace files or that the user will supply them. If those files contain sensitive data, the user should control which files are exposed or sanitize them first.
Install Mechanism
No install spec and no code files — lowest-risk pattern for skills. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no extraneous secret requests inconsistent with the described auditing purpose.
Persistence & Privilege
always is false and the skill is user-invocable. disable-model-invocation is false (normal platform default) but this alone does not introduce extra risk given the skill's narrow scope and lack of credential access.
Assessment
This skill is instruction-only and internally consistent with an audit role: it doesn't ask for credentials or install anything. Before using it, be aware it will read the agent/workspace behavior files you point it at — if those files contain sensitive data, share only the specific files needed or sanitize them. Because the agent can be invoked autonomously by default, limit scope or require an explicit prompt if you want to avoid unattended audits. Overall the skill appears coherent and low-risk, but exercise standard caution about what workspace content you expose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717debnh4qfz22xn121e35js83scrp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments