ClawHub

Claw Trace

Track and visualize the OpenClaw agent's work process. Record tool call inputs, outputs, duration, and status, and present them in an easy-to-read format. **...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 164 · 1 current installs · 1 all-time installs
by@JDChi
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and runtime instructions align: the skill records and presents tool-call traces and only needs its own config.json. There are no unexplained credentials, binaries, or installs.
!
Instruction Scope
The SKILL.md instructs the agent to record inputs/outputs, durations, and statuses and — when enable=true — to automatically include trace output after every tool call without waiting for user request. This is consistent with a tracer, but it significantly broadens what the agent will display (including potentially sensitive tool inputs/outputs). The document requires redaction of some patterns but does not provide an enforceable, comprehensive redaction implementation. The skill also instructs writing updates to config.json, which is within scope.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing will be written to disk by an installer. Lower risk from installation perspective.
Credentials
No environment variables, credentials, or external config paths are requested. The config.json is the skill's own file and is appropriately scoped. No unrelated secrets are requested.
Persistence & Privilege
always is false and the skill is user-invocable. The skill can be invoked autonomously by the agent (platform default), which increases blast radius if traces include secrets — this is normal for skills but relevant given the automatic-trace mandate. The skill does write to its own config.json per its instructions, which is expected.
Assessment
This skill appears to be what it says, but be cautious: if you enable tracing, the agent will automatically show trace output after every tool call (potentially exposing sensitive inputs/outputs) unless redaction works perfectly. Before enabling: (1) test in a safe environment with non-sensitive data; (2) keep detailedLog/saveToFile disabled and use simple mode; (3) review a sample of traces to confirm redaction covers your secrets and conventions (headers, query strings, file contents, tokens in JSON, etc.); (4) avoid enabling in production or when handling private credentials. If you need stronger guarantees, request an implementation that enforces deterministic redaction rules or that never records certain categories (e.g., Authorization headers, entire request bodies for particular tools).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.1
Download zip
latestvk9711169s6qmn0z5fz7qxe64tx82r2gc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Claw Trace - Work Process Visualization

This Skill is used to record and display the AI agent's work process.

Feature Modules (Configurable)

User can say "enable XX feature" or "use simple mode" to switch.

Module 1: Call Table (Enabled by Default)

StepToolInputResultDuration
1web_searchquery: "xxx"❌ Failed0ms
2web_fetchurl: "xxx"✅ Success230ms

Module 2: Flowchart (Enabled by Default)

[User Request] ↓

  1. web_search → ❌ ↓
  2. web_fetch → ✅ ↓ [Reply to User]

Module 3: Statistics (Optional)

📊 Work Statistics
⏱️ Total Time: 8.5s
🔧 Tool Calls: 15 times
✅ Success Rate: 87% (13/15)

📈 Tool Usage Ranking:
  1. web_fetch  - 10 times (67%)
  2. exec       - 3 times (20%)

Module 4: Detailed Log (Optional)

Record complete input/output for each call (except sensitive info).

Module 5: Save to File (Optional)

Generate Markdown report saved to workspace.

Module 6: Filters (Optional)

Filter tool calls by various criteria:

Filter TypeCommandExample
By tool name"filter: tool_name""filter: web_search"
By result"filter: success" / "filter: failed""filter: failed"
By time"filter: last N calls""filter: last 5 calls"
By keyword"filter: keyword in output""filter: error"

Multiple filters can be combined: "filter: web_search and failed"

Module 7: Export Format (Optional)

Choose export format:

  • Markdown (default)
  • JSON
  • HTML (with syntax highlighting)

Usage

Configuration File

The Skill has a config file config.json with the following options:

{
  "enable": false,        // Whether to enable by default (default: false, on-demand)
  "mode": "simple",       // Mode: simple / full
  "enabledModules": {
    "table": true,        // Call table
    "flowchart": true,   // Flowchart
    "statistics": false,  // Statistics
    "detailedLog": false,// Detailed log
    "saveToFile": false  // Save to file
  },
  "language": "auto"       // Language: auto / zh / en
}

User Commands

User can modify config through conversation:

CommandAction
"enable trace"enable = true
"disable trace"enable = false
"use simple mode"mode = simple
"use full mode"mode = full
"enable statistics"statistics = true
"enable filters"filters = true
"filter: tool_name"filter by tool name
"filter: success/failed"filter by result
"filter: last N calls"filter by count
"output in English"language = en
"output in Chinese"language = zh

Workflow

  1. Each time Skill is called: Read config.json first to get current config
  2. Based on config:
    • enable = false → Don't show (unless user explicitly requests)
    • enable = true → MUST automatically show trace output after every tool call, do NOT wait for user to ask
  3. When user modifies config: Update config.json and save

⚠️ Important Rule

When enable = true, trace output MUST be included in EVERY reply after tool calls automatically, without waiting for user to say "show trace"!

Language Auto-Detection

  • Output language follows user's language
  • User speaks Chinese → Output in Chinese
  • User speaks English → Output in English

Notes

  • Sensitive info (API Keys, passwords) should not be recorded
  • Truncate overly long output with [...]
  • Clearly indicate reasons for failed calls
  • Keep output concise, don't over-detail

⚠️ Security Guidelines

Sensitive Data Redaction (MANDATORY)

Before displaying any tool call input/output, you MUST redact the following:

Must redact:

  • API Keys, Tokens, Passwords (patterns: key=, token=, password=, Authorization:)
  • File contents that may contain secrets
  • User credentials or private data

How to redact:

  • Replace with [REDACTED] or [HIDDEN]
  • Keep the structure but mask values
  • Example: {"api_key": "sk-xxx"}{"api_key": "[REDACTED]"}

Safe Defaults

Default configuration is set to:

  • enable: false (off by default, user must explicitly enable)
  • detailedLog: false (don't record full inputs/outputs)
  • saveToFile: false (don't persist to disk)

Best Practices

  1. Test before enabling - Enable in a safe environment first
  2. Review outputs - Check that no secrets appear in traces
  3. Use simple mode - Avoid detailed logging in production
  4. Disable after use - Turn off when not needed

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…