Agent Audit Log

Lightweight operational audit logging for AI assistants, agent workspaces, and personal automation systems. Use when you need a structured way to record high-value actions such as installs, config changes, updates, repository operations, external publishing, secret injection, deletions, export-safety checks, and follow-up risks. Also use when designing or improving an audit trail with JSONL logs, risk levels, target indexes, human summaries, and open-item tracking.

Audits

Pass

ClawScanReview

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install agent-audit-log

Agent Audit Log

Create and maintain a lightweight audit trail for high-value actions.

Core rule

Log only actions that matter for safety, traceability, or later review. Do not turn the audit log into noise.

Default layers

Raw fact log (YYYY-MM-DD.jsonl)
Date summary (index.json)
Target/project index (by-target.json)
Risk index (by-risk.json)
Human-readable summary (latest.md)
Export-safety events (export_safety_check)
Open items (open-items.json)
Status transition history (open-items-history.json)

Read references as needed

Read references/schema.md for the log schema and event fields.
Read references/risk-model.md for how to classify low / medium / high risk.
Read references/export-safety.md before logging publish/export actions.
Read references/open-items.md when tracking unresolved risks or follow-up work.
Read references/examples.md when you need concrete event, export-safety, or open-item examples.

Use scripts as needed

Use scripts/init_audit.sh to create the basic audit directory and starter files.

Operating rules

Do not store plaintext secrets in audit logs.
Prefer concise, human-readable summaries.
Record target, result, and non-sensitive references.
Use warn when something needs attention but did not fail.
Use open items for follow-up risk, not for routine noise.