Audit Log Hook
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is purpose-aligned for audit logging, but it broadly records all tool parameters, results, and session identifiers while its redaction and retention controls are incomplete.
Install or implement this only if you intentionally want broad audit logging of agent tool activity. Before use, make sure raw parameters and results are redacted, logs are access-controlled, and there is a clear retention and cleanup policy.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Once enabled, the hook can observe every tool invocation rather than only a single user-requested action.
The skill is explicitly designed to hook every tool call. That is expected for an audit logger, but users should understand that logging happens automatically after the hook is registered.
Record all tool calls via `before_tool_call` and `after_tool_call` hooks
Use it only in environments where global audit logging is intended, and add allowlists, denylists, or per-tool controls if only some activity should be logged.
Sensitive information handled by tools could be copied into audit logs or console output and later viewed, retained, or reused unintentionally.
The hook records tool parameters, tool results, session keys, and user identifiers. Those fields can contain secrets, private file contents, account data, or other sensitive context.
params: JSON.stringify(event.tool.params).slice(0, 500), ... result: String(event.result).slice(0, 200), ... session: ctx.sessionKey, user: ctx.session?.senderId
Redact before logging, avoid logging raw results by default, omit or hash session/user identifiers where possible, restrict log access, and document retention and deletion behavior.
Users may believe secrets are protected when the provided implementation would still log many sensitive values.
The skill claims automatic redaction, but the earlier hook code logs `event.tool.params` and `event.result` directly and does not call `redactSensitive`; results and errors are not covered by the shown redaction function.
## Sensitive Data Handling
Auto-redact sensitive fields: ... function redactSensitive(obj) { ... }Integrate redaction into the actual before/after hook paths, cover nested objects and result/error text, and avoid claiming automatic redaction unless it is enforced.
Private tool activity could remain on disk longer than expected or be available across sessions.
The artifact implies persistent audit-log storage and later analysis, but it does not define file permissions, retention limits, rotation, cleanup, or whether logs are session-scoped.
const AUDIT_LOG = path.join(process.env.OPENCLAW_STATE_DIR || '~/.openclaw', 'audit.log'); ... Periodically analyze audit.log:
Document the exact log location, retention period, permissions, rotation policy, and cleanup process before enabling persistent logging.