ClawHub

Okx Audit Log

v2.2.10

Use this skill when the user asks to export audit logs, find audit log location, view command history, 导出日志, 查看日志, 日志路径, 操作记录, 调用记录, 命令历史. Do NOT use for wal...

0· 267·0 current·0 all-time
by@ok-james-01
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md: it documents where the Onchain OS audit log lives and its format. The skill does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md only instructs the agent to report the log file path, format, header fields, and rotation policy and explicitly forbids reading or displaying the file contents. There are no commands, file reads, or network endpoints in the instructions.
Install Mechanism
No install spec and no code files — instruction-only, which is the lowest-risk model for skills.
Credentials
The instructions mention an optional $ONCHAINOS_HOME env var as an alternate path but the registry lists no required env vars. This is a minor inconsistency (reference vs declared requirements) but not a security concern: no credentials or secrets are requested.
Persistence & Privilege
always:false and there is no behavior that modifies or persists system/agent configuration. The skill does not request elevated or persistent privileges.
Scan Findings in Context
[no_regex_findings] expected: The scanner found no code to analyze (instruction-only SKILL.md). This is expected; absence of findings is not proof of safety but consistent with a docs-only skill.
Assessment
This skill is low-risk: it only tells you the audit log location (~/.onchainos/audit.jsonl or $ONCHAINOS_HOME/audit.jsonl) and its JSON Lines format and explicitly says not to display the file contents. Before installing or using it, verify the skill's provenance (the SKILL.md claims author 'okx' and a homepage, but the registry source is 'unknown'), and never paste actual log contents or sensitive data into a chat unless you trust the recipient. Note the minor inconsistency that the env var $ONCHAINOS_HOME is referenced in the docs but not declared as a required env var — this is harmless but worth being aware of.

Like a lobster shell, security has layers — review code before you run it.

latestvk9749vn2f4681cvfg4qbr3nw4s84zqbk
267downloads
0stars
3versions
Updated 2d ago
v2.2.10
MIT-0
@ok-james-01
latest
Download

Onchain OS Audit Log

Provide the audit log file path for developers to troubleshoot issues offline.

Response

Tell the user:

  1. Log file path: ~/.onchainos/audit.jsonl (or $ONCHAINOS_HOME/audit.jsonl if the env var is set)
  2. Format: JSON Lines, one JSON object per line
  3. First line (device header): {"type":"device","os":"<os>","arch":"<arch>","version":"<cli_version>"} — written once when the log file is created; preserved across rotations
  4. Entry fields: ts (local time with timezone, e.g. 2026-03-18 +8.0 18:00:00.123), source (cli/mcp), command, ok, duration_ms, args (redacted), error
  5. Rotation: max 10,000 lines, auto-keeps the device header + most recent 5,000 entries

Do NOT read or display the file contents in the conversation.

Comments

Loading comments...