Agent Audit Trail
v2.1.0Append-only, hash-chained audit log for AI agents. Records agent actions, tool calls, decisions, and external writes with provenance, timestamps, and sha256...
⭐ 0· 1.2k·6 current·6 all-time
byJustin@roosch269
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and runtime instructions all describe creating and maintaining a local append-only, sha256 hash-chained NDJSON audit log for agent events. No unrelated binaries, credentials, or remote endpoints are requested — this is coherent with an on-disk audit trail implementation.
Instruction Scope
Instructions are narrowly scoped to creating an audit directory/file, adding guidance to workspace docs (TOOLS.md, SOUL.md), and an optional local Python helper that appends hash-chained entries. However, the spec explicitly includes event kinds such as `credential-access` and `external-write`, which means logs could contain secrets or sensitive data if the agent records raw values; the guidance does not include explicit caution about redacting or protecting secrets in the log.
Install Mechanism
There is no install spec and no code files that need to be installed system-wide; the skill is instruction-only and the only code shown is an optional helper script intended to be placed under the workspace (no downloads or external installs). This is low risk from an install perspective.
Credentials
The skill requests no environment variables or credentials (proportional). But because it suggests auditing 'credential-access' events and external writes, operators should be aware the log may capture sensitive values. No env vars are required by the skill itself, so there is no direct credential exfiltration request in the manifest.
Persistence & Privilege
The skill is not always-on and is user-invocable; it does not request permanent platform privileges. Being instruction-only it does not modify other skill configurations or require platform-wide changes.
Scan Findings in Context
[no_regex_findings] expected: The regex-based scanner had no findings because this is an instruction-only skill with no packaged code to analyze. The included helper script is shown in SKILL.md and _meta.json but there were no automated matches flagged.
Assessment
This skill appears coherent and low-risk, but review these practical issues before installing: (1) Protect the audit file — set strict filesystem permissions (e.g., owner-only, 600) and consider append-only or immutable flags where supported. (2) Avoid logging raw secrets — decide whether credential-access events should record only metadata (justification, actor) and not secret values. (3) Consider atomicity and concurrency: multiple agents appending may cause ord/hash inconsistencies; implement locking or a centralized log writer for multi-agent environments. (4) For compliance, consider signing or storing logs in secure tamper-evident storage (WORM, secure object store, HSM-backed signing) rather than only local files. (5) Confirm timezone/ts expectations (the helper uses a fixed +01:00 offset) and adjust to your deployment. If you accept those precautions, the skill can be used as a local compliance audit trail.Like a lobster shell, security has layers — review code before you run it.
accountabilityvk97a9thg56vtz049w0jde6cy5x843400article-12vk97a9thg56vtz049w0jde6cy5x843400auditvk97a9thg56vtz049w0jde6cy5x843400compliancevk97a9thg56vtz049w0jde6cy5x843400eu-ai-actvk97a9thg56vtz049w0jde6cy5x843400hash-chainvk97fa19mzb7jreangvqtvscend816f12latestvk97a9thg56vtz049w0jde6cy5x843400securityvk97a9thg56vtz049w0jde6cy5x843400trustvk97fa19mzb7jreangvqtvscend816f12
License
MIT-0
Free to use, modify, and redistribute. No attribution required.