Tribunal Usage
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Tribunal may block or warn on file writes, tests, and agent handoffs after it is initialized.
The tool is intended to enforce quality gates, but the documented hooks can affect broad development actions and agent workflow behavior.
Once installed (`pip install tribunal && tribunal init`), it hooks into every file write, test run, and agent interaction.
Run Tribunal initialization only in projects where you want these quality gates, and review its configuration before using strict enforcement.
A plugin pack from an untrusted source could change quality rules or hook behavior in the project.
The guide supports installing plugin packs from a registry, direct URL, or local directory; those external packs are not part of the reviewed artifact.
tribunal install https://github.com/org/custom-pack # direct URL tribunal install ./local-pack/ # local directory
Install Tribunal and plugin packs only from trusted sources, review pack contents, and pin versions where practical.
Local audit logs may reveal project structure, agent activity, and details about blocked or failed checks.
The tool stores persistent audit information that can include file paths, agent IDs, and event details for later review.
All hook events logged to `.tribunal/audit.jsonl` ... Fields: `timestamp`, `hook_name`, `file_path`, `outcome`, `duration_ms`, `agent_id`, `detail`
Treat `.tribunal/audit.jsonl` as project-sensitive data, avoid committing it unless intended, and review retention/sharing practices.
Claude Code sessions connected to the Tribunal MCP server may be able to query audit data or request file checks.
The guide describes MCP-accessible tools that can expose audit information and run checks on file paths from Claude Code sessions.
Tribunal exposes MCP tools queryable by any Claude Code session: ... `tribunal_audit` ... `tribunal_check_file` — run file_checker on any path
Enable the MCP connector only for trusted workspaces and sessions, and verify what paths and audit data the server exposes.
After setup, Tribunal may continue recording lifecycle events and enforcing gates during later sessions.
The documented hook continues to run at lifecycle events and records session summaries as part of Tribunal's persistent project behavior.
`SessionEnd` | `session_end` | Writes session summary to audit log
Confirm Tribunal is enabled only where wanted, and use its status/doctor/configuration commands to understand active hooks.