ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Audit Log Hook

v1.0.0

Logs all tool calls before and after execution with parameters, results, errors, and session info for auditing and debugging.

0· 27·1 current·1 all-time
by@hanxiao-bot·duplicate of @hanxiao-bot/openclaw-audit-log-hook
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the provided hook code (before_tool_call / after_tool_call). However the SKILL.md declares an audit log file path (AUDIT_LOG) but the example hooks only console.log entries (they do not write to the audit.log). The code references process.env.OPENCLAW_STATE_DIR even though no environment variables are declared; this is plausible as an optional override but should be documented.
!
Instruction Scope
The instructions capture tool params, results, session keys, and user IDs which is consistent with auditing, but the provided redaction function is never invoked in the hook examples and is naive (only top-level key checks for tokens/passwords). Logging uses JSON.stringify and simple slicing of values which can still expose secrets in values or nested objects. The SKILL.md also shows shell grep/jq commands against audit.log even though the example hook does not write that file—this is an internal inconsistency. There is no guidance on log retention, access controls, or encryption.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by an installer. This minimizes install-time risk but also means runtime behavior depends entirely on the agent’s execution of the provided hook code.
Credentials
No required environment variables or credentials are declared, which fits a local audit hook. The example references OPENCLAW_STATE_DIR (optional) and uses session/user identifiers; these are reasonable but should be declared if relied upon. No credentials are requested, which is proportionate.
Persistence & Privilege
The skill does not request always:true and is user-invocable with normal model invocation enabled. It does not request elevated system-wide privileges or modify other skills' configurations in the provided instructions.
What to consider before installing
This skill appears intended to audit tool calls, but the example implementation is inconsistent and can leak secrets if used as-is. Before installing: (1) require a clear, consistent implementation that actually writes to a secured audit log (or explicitly documents relying on console logs); (2) implement robust redaction (recursive traversal, header keys like Authorization, nested fields, and pattern matching) and call it before logging; (3) avoid logging full param/result payloads — log hashes or truncated metadata where possible; (4) ensure logs are stored with access controls, rotation, and encryption; (5) review retention and privacy/compliance requirements for session and user identifiers. If you cannot verify these changes, treat the skill as unsafe for production/real-user data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9721vh2951w7c9zd623a7ck49843q3h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments