ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Audit Log Hook

v1.0.0

Records and logs all tool calls before and after execution for auditing, debugging, usage stats, and error tracking with sensitive data redaction.

0· 32·0 current·0 all-time
by@hanxiao-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md claims to record all tool calls to an audit.log under OPENCLAW_STATE_DIR and to auto-redact sensitive data, but the example hook only console.logs entries (does not write to the claimed audit.log path) and never calls the redact function. That mismatch means the skill as-written won't deliver its described purpose and may expose data via stdout instead of a controlled file.
!
Instruction Scope
Instructions access event.tool.params and event.result (which commonly contain secrets). The provided redaction function is defined but not integrated into the hook code. Redaction logic only checks top-level property names, won't handle stringified JSON or nested fields, and the current code stringifies params and truncates them (slice(0,500)), which can still leak sensitive prefixes and break redaction. The SKILL.md also references OPENCLAW_STATE_DIR without declaring it and suggests analyzing an audit.log file even though the hooks don't write to that file.
Install Mechanism
Instruction-only skill with no install steps or external downloads, so it doesn't introduce installation-time code execution risk.
Credentials
No required environment variables are declared, but the example reads process.env.OPENCLAW_STATE_DIR. The skill should declare this env var (and its intended default) and document permissions expectations for where logs will be written.
Persistence & Privilege
The skill does not request always:true or modify other skills; it is user-invocable and can be run autonomously like other hooks. That default model-invocation behavior is expected.
What to consider before installing
This skill is plausible but sloppy: do not install it as-is if you care about protecting secrets. Key issues to resolve before use: (1) actually write logs to a controlled file path (with secure file permissions) rather than console, and declare OPENCLAW_STATE_DIR; (2) integrate and improve redaction — apply redaction to parsed objects and nested fields, handle stringified JSON, and avoid relying on truncation as a protection; (3) add log rotation, retention limits, and access controls; (4) avoid logging raw command outputs or API responses that may include credentials or tokens; (5) consider hashing or minimizing session/user identifiers and document who can read the logs. If you can't review and modify the hooks yourself, treat this skill as risky because it could leak sensitive data into agent logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eskm925n9h555x6hwa88z058416d3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments