ClawHub

What Did You Do

v1.0.1

Reconstruct and display a plain-language log of recent agent tool calls, actions taken, and decisions made.

2· 58·0 current·0 all-time
by@openauthority
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the actual behavior: an instruction-only skill that reads the model's conversation context and OpenClaw session metadata to produce a human-readable action log. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
The SKILL.md explicitly says the skill reconstructs the log from the model's conversation context and session metadata and lists redaction rules. That is within scope for a 'what did you do' feature. However, because the skill is instruction-only and depends on the model to redact secrets, there is residual risk that secrets or sensitive arguments present in the conversation or metadata could be included if redaction fails or patterns are incomplete.
Install Mechanism
No install spec and no code files — lowest-risk delivery. Nothing will be written to disk or fetched at install time.
Credentials
The skill declares no environment variables, credentials, or config paths. This aligns with its stated purpose and is proportionate.
Persistence & Privilege
always is false and the skill does not request persistent privileges or to modify other skills. Default autonomous invocation remains enabled (platform default), which is reasonable for a user-invoked inspection tool.
Assessment
This skill appears to do what it says and does not request extra credentials or install code. However, it reconstructs logs from the agent's conversation context and session metadata and relies on redaction rules written in prose. Before you install or use it for sensitive sessions: (1) confirm how your platform stores conversation/session metadata and who can access it; (2) test the skill in a safe session (with fake secrets) to verify redaction behavior; (3) prefer the platform's structured audit log (the SKILL.md links to an OpenAuthority plugin) for forensic needs because this skill is a narrative reconstruction, not an authoritative tamper-proof audit; and (4) avoid invoking it immediately after operations that handled high-value secrets unless you have strong assurance about redaction and storage policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ce1gnce4gfdxpw7jrwman59841qh4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments