test2894-0406
v1.5.3Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity).
⭐ 0· 16·0 current·0 all-time
byzhendong.xie.ucloud@buffedon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The files and scripts implement a skills-audit tool (static scanning, git snapshotting, append-only logs, baseline approval, notifications). Required capabilities (reading workspace/skills, running git, writing under ~/.openclaw/skills-audit, running subprocesses for controlled operations) match the declared purpose. Minor packaging inconsistency: registry metadata uses the test slug 'test2894-0406' while the skill internals identify as 'skills-audit' / 'Skills Audit' — likely a naming/package mismatch but not a functional red flag.
Instruction Scope
SKILL.md and the scripts restrict actions to static analysis, local git snapshots, log writes, and notification text generation. The instructions explicitly forbid executing audited skill code and forbid automatically creating cron jobs; they require the agent to use the provided 'show' command to present diffs and to avoid sending raw diffs by default. The scripts do read the entire workspace/skills tree (intended) and may run local trusted commands (git, Python subprocesses) — consistent with purpose.
Install Mechanism
No external install/downloads or network-based installers are included. The package is not instruction-only (it contains Python scripts), but it does not perform any third-party fetching itself. All code is local and uses only the standard library (requirements.txt empty).
Credentials
No environment variables or credentials are required by default. The only optional external credential is a QianXin SafeSkill token stored in config/intelligent.json for querying remote intel by MD5; this is documented as disabled by default in the shipped config file. (Implementation detail: the load_qianxin_config helper defaults 'enabled' to true but then reads the included config which sets enabled=false; in practice remote queries only run when the user enables them and provides a token.) The optional remote query is proportionate to an audit tool that offers external intel, but users should not enable the token unless they trust the remote service and understand that the (stable) MD5 of their skills bundle will be sent.
Persistence & Privilege
The skill creates persistent artifacts under ~/.openclaw/skills-audit (logs.ndjson, state.json, baseline.json, snapshots/ git repo). It is not always:true and will not auto-create cron jobs (SKILL.md explicitly instructs the agent not to auto-create cron jobs). This level of persistence is appropriate for an audit/monitoring tool, but users should be aware that skill content metadata, diffs, and snippets will be stored locally and could contain sensitive information if not handled carefully.
Assessment
This package appears to do what it says: static scanning, local git snapshots, append-only logs, baseline approval, and optional remote MD5-based intel lookups. Before installing or enabling it: 1) Inspect the scripts yourself (they run locally and will read your workspace/skills and write under ~/.openclaw/skills-audit). 2) Keep the QianXin token disabled/empty unless you explicitly trust that remote service — enabling it will send a deterministic MD5 of your skills bundle to the configured endpoint. 3) Understand that diffs and snippets are stored locally; do not enable automatic external push of full diffs unless you sanitize them. 4) Accept that the tool creates persistent files (logs, snapshots, baseline) in your home directory; rotate or restrict access if needed. 5) Note the packaging/name mismatch and confirm you have the intended skill version. If you want extra caution, run the tool initially against a copy of your workspace in a sandbox and verify its outputs and configuration behavior before enabling cron or external tokens.Like a lobster shell, security has layers — review code before you run it.
latestvk9798wdap9dyhwnqt8txr45y3s84b688
License
MIT-0
Free to use, modify, and redistribute. No attribution required.