EvidenceOps - Forensic Evidence Management
v1.0.0Forensic media triage with chain of custody. Use when receiving images, videos, audio, PDFs, or documents that need evidence-grade handling, integrity verifi...
⭐ 1· 578·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill name/description (forensic media triage, chain of custody) aligns with the provided code and docs: a plugin implements ingestion, verification, manifests, exports, filesystem and S3 drivers, hashing, path sanitization, and redaction. The included dependencies (exifreader, archiver, AWS SDK) are consistent with the stated functionality.
Instruction Scope
SKILL.md instructions are scoped to forensic intake: staging files, calculating SHA-256, extracting metadata, generating derivatives, calling evidence.ingest and updating manifests. The instructions explicitly forbid modifying originals, executing untrusted code, or exfiltrating data. They reference only relevant inputs (file content, filename, channel, sender) and expected tools (evidence.*).
Install Mechanism
SKILL.md frontmatter and README recommend installing the plugin via npm (@openclaw/evidence-vault). There is no remote arbitrary-download/install step (good). Small inconsistency: registry metadata earlier said “No install spec — instruction-only”, but the skill and repo include an npm plugin and package files. Confirm which install path the platform will use (manual copy vs npm install).
Credentials
The skill declares no required environment variables, which is reasonable for a local-first tool. However, the plugin contains an S3 driver and lists @aws-sdk/client-s3 in dependencies; if you configure an S3 backend you will need appropriate credentials or IAM roles. The skill does not automatically request/require AWS credentials, which is proportionate provided S3 use is optional and user-configured.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config changes. It documents use of a vault directory and local manifests; nothing in the repository indicates it would modify other skills or force-enable itself. Permission scoping includes Read/Write/Bash in metadata — Bash access is broad but justified for staging/derivative generation; review platform permission model before granting shell access.
Assessment
This package appears to be a legitimate forensic evidence tool, but check these before installing:
- Confirm source integrity: the repository/package owner is not a known homepage; verify the npm package name and publisher, or install from the included code after review.
- Resolve the metadata inconsistency: SKILL.md recommends npm install but registry metadata shows “no install spec.” Ask the publisher which install method to use.
- If you plan to use S3/MinIO: configure AWS credentials via IAM roles or environment in a controlled way (avoid embedding static secrets). The skill itself doesn't declare required env vars because cloud storage is optional.
- Review and test redaction and path-sanitization on non-sensitive test data to ensure they behave as described.
- Review the platform permission grant for “Bash” / shell execution—this is broad and should be restricted to trusted environments.
- For production, follow the SECURITY.md recommendations: channel allowlist, pairing, size limits, audit logging, and object-locked S3 buckets if using cloud storage.
If you want, I can list specific files to inspect (e.g., src/drivers/s3.ts, src/utils/redaction.ts, src/utils/path.ts) or summarize their contents for deeper review.Like a lobster shell, security has layers — review code before you run it.
latestvk9779s9bfeqwsvvmqkxv2yh35181anx6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔬 Clawdis
OSmacOS · Linux · Windows