Skillv1.0.0

ClawScan security

Compliance Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 9:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose: it creates a local, hash-chained audit trail using only python3 and stores logs under ~/.openclaw/audit; there is no network exfiltration or unrelated credential requests — but logs are stored unencrypted and may contain sensitive secrets if agents write them there.
Guidance: This skill appears to do exactly what it claims: a local, hash-chained audit logger implemented in Python. Before installing, consider: (1) logs are stored unencrypted under ~/.openclaw/audit — do not log raw secrets there unless you accept that risk; (2) the SKILL.md examples show logging sensitive items (e.g., api_key), so you should enforce redaction or sanitize 'details' at the agent layer if needed; (3) ensure file-system permissions and retention policies meet your compliance needs; (4) the script does not contact external endpoints, so network exfiltration is not present in the code, but agents could include external URLs or secrets in logged 'details' — treat audit files as sensitive data and protect them accordingly.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md examples, and the included scripts/audit.py are consistent: the tool implements local, tamper-evident audit logging and provides log/view/verify/export/summary commands. Required binary (python3) and storage under ~/.openclaw/audit are proportional to the stated purpose.
Instruction Scope: noteInstructions and examples explicitly include logging data_access and budget_change entries (examples show logging an api_key access). This is within the audit purpose, but it means the skill will record whatever the agent asks it to log — potentially including secrets or sensitive data — and there are no instructions to redact, encrypt, or limit what goes into 'details'.
Install Mechanism: okNo install spec; only a small python script is included and requires python3 on PATH. No external downloads or package installs are performed. Risk from installation is low.
Credentials: okThe skill requests no environment variables or external credentials, which is appropriate. Note: because logs are free-form JSON 'details', an agent could write secrets (API keys, tokens) into the audit files even though no credentials are required by the skill itself.
Persistence & Privilege: okNo 'always: true' flag; the skill is user-invocable and can be invoked autonomously (platform default). It only writes to its own directory (~/.openclaw/audit) and does not modify other skills or system-wide settings. Privilege level is appropriate for its function.