Agent Audit Log
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a mostly straightforward local audit-log skill, but its setup script can silently erase today's audit log if run more than once.
Review or patch scripts/init_audit.sh before using it in a real workspace, because rerunning it can erase today's JSONL audit log. If you use the skill, keep logs local to the intended project, avoid storing secrets, and exclude audit files from public releases unless you deliberately want to share them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the script is run again later in the day, existing audit entries for that day can be erased, weakening the audit trail the skill is meant to preserve.
The daily audit log path is created from today's date, and ': > "$JSONL"' truncates that file every time the initializer runs. Other files are protected with existence checks, but this one is not.
JSONL="$AUDIT_DIR/$TODAY.jsonl" ... : > "$JSONL"
Change the initializer to create the daily JSONL file only if it does not exist, for example with 'touch "$JSONL"' or '[ -f "$JSONL" ] || : > "$JSONL"', and document when it is safe to run.
Audit logs may reveal sensitive operational history such as what was installed, published, changed, or followed up, even if they do not contain secrets.
The skill intentionally creates persistent records and follow-up items that later agents or users may read. This is purpose-aligned, and the skill includes a clear no-plaintext-secrets rule.
Default layers 1. Raw fact log (`YYYY-MM-DD.jsonl`) ... 7. Open items (`open-items.json`) ... Operating rules - Do not store plaintext secrets in audit logs.
Store the audit directory only in the intended project or workspace, avoid recording secrets or unnecessary private details, and exclude audit logs from public exports unless intentionally shared.