ClawHub

Clawdit

v1.1.0

Belief systems auditor for OpenClaw agents. Systematically evaluates an agent's loaded context files (SOUL.md, AGENTS.md, USER.md, skills) against the user's...

0· 108·0 current·0 all-time
byM. Christopher Roebuck@mcroebuck
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (belief systems auditor) align with the runtime instructions: the skill reads SOUL.md, AGENTS.md, USER.md, and skill SKILL.md files, extracts beliefs, classifies them, and produces a report. Required capabilities (file read/write in the agent workspace) are consistent with the stated purpose.
Instruction Scope
The SKILL.md explicitly instructs the agent to run directory listings, read many workspace files, extract beliefs, and (after confirming goals) update USER.md. Reading and analyzing these files is expected for an auditor. Two user-facing notes: (1) the skill will read any .md files in the workspace (including cron/standing orders) which can contain sensitive operational details, and (2) the skill writes updates back to USER.md — the SKILL.md requires confirming goals before update, but does not detail backups or explicit user approval for the file write step beyond confirmation of the summary.
Install Mechanism
Instruction-only skill with no install spec and no bundled code files beyond documentation; this is low-risk because nothing is downloaded or executed beyond filesystem reads/standard shell listings.
Credentials
The skill requests no environment variables, credentials, or external tokens. Its need to access the agent workspace files (default ~/.openclaw/workspace) is proportionate to an auditor's job. Note that sensitive information may exist in the files it reads (e.g., embedded tokens in config or cron entries), which is expected but worth disclosing to the user.
Persistence & Privilege
always is false and the skill is user-invocable. It does instruct writing USER.md (agent-local config), which is a normal and proportionate action for an audit that updates stored goals. The skill does not request persistent platform-level privileges or modify other skills.
Assessment
This skill is internally consistent with its stated purpose, but it will read many files from your agent workspace (default: ~/.openclaw/workspace) and can update USER.md. Before installing or running: (1) Back up your workspace (or USER.md) so you can revert any changes; (2) Run the audit interactively and review proposed changes before allowing the skill to write files; (3) Be aware the audit will read any .md files (including cron/standing orders) which may contain sensitive data — remove or redact secrets beforehand; (4) Prefer invoking this skill manually rather than enabling autonomous invocation if you want to limit accidental writes; (5) If you need stronger guarantees, ask the skill author to add an explicit backup step and an explicit confirmation prompt before any file write.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715r0rw0sw6bc4w9hkjtz7e983phgw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments