Back to skill
Skillv0.1.0
ClawScan security
Agent Audit Log · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 2:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it provides local, lightweight audit logging, includes a safe initialization script, requests no credentials, and contains no unexpected network or privileged operations.
- Guidance
- This skill appears safe and does what it claims: initializes a local audit directory and provides a schema and examples. Before use: (1) run scripts/init_audit.sh in a test directory to verify behavior; (2) ensure the audit directory is stored with appropriate file permissions and retention policies (logs can be sensitive); (3) never log plaintext secrets — follow the README guidance and redact or reference secrets rather than storing them; (4) be aware that other skills or workflows could later read or transmit these logs, so control which agents or services have access to the logs. If you need remote centralized logging, implement secure, explicit export steps rather than relying on this skill alone.
Review Dimensions
- Purpose & Capability
- okName/description (lightweight audit log) match the files and runtime instructions. All referenced files (schema, examples, risk model) are present and relevant; nothing in the manifest suggests unrelated capabilities or external services are required.
- Instruction Scope
- okSKILL.md stays on-topic: it instructs how to structure logs, which local reference files to read, and to use the included init script. It explicitly warns not to store plaintext secrets. It does not instruct reading unrelated system files, environment variables, or sending data to external endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only) and a single small bash script that only creates local directories/files. No downloads, package installs, or archive extraction are present.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. The schema includes event kinds such as 'config_secret_injection' but the documentation explicitly advises not to store plaintext secrets; this is a legitimate logging schema choice rather than credential access.
- Persistence & Privilege
- okThe skill is not forced always-on (always:false) and does not request elevated or cross-skill configuration changes. Its only persistence is creating local audit files in a logs/audit directory under a provided root — standard and scoped behavior.