ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Intelligent Audit Logging

审计日志,操作记录 + 合规审计。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 24 · 0 current installs · 0 all-time installs
by@yang1002378395-cmyk
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim an audit-logging service which plausibly maps to a Python/FastAPI app, but the published package includes no code and no declared dependencies. The SKILL.md tells users to git clone and run a GitHub repo; a genuine packaged skill would normally include its code or declare required binaries (git, python, pip) and any credentials. The presence of pricing and product-like marketing in the SKILL.md further blurs whether this is an installable skill or merely a product ad.
!
Instruction Scope
Runtime instructions tell the agent/user to clone a remote repository and run pip install -r requirements.txt and python app.py. That directs fetching and executing arbitrary third-party code (server process) outside the agent's package—this goes beyond typical instruction-only guidance and could result in arbitrary code execution or unexpected network activity. The instructions do not ask to read system files or credentials explicitly, but they give broad discretion to run remote code.
!
Install Mechanism
There is no formal install spec in the registry; the SKILL.md recommends cloning from a GitHub URL. While GitHub is a common host, the registry package itself contains no code for audit, so the actual install would pull and run external code not vetted by the skill package. This is higher risk than an instruction-only skill that relies only on local, pre-installed binaries.
!
Credentials
The skill declares no required environment variables or primary credentials. That is inconsistent with a server-like audit logging product, which typically needs database credentials, storage/backing services, or API keys. The omission makes it unclear whether the external repo will prompt for or expect secrets at runtime—raising a risk that credentials could be requested or mishandled outside the skill manifest.
Persistence & Privilege
always is false and the skill is user-invocable (normal). However, the installation instructions start a long-running server (python app.py), which if executed would create persistent system presence and potentially open network ports. The skill itself does not request elevated platform privileges in its manifest, but following its instructions could create persistent services on the host.
What to consider before installing
Do not clone or run the external repository until you verify its contents. This skill package contains no code and asks you to fetch and execute a GitHub repo—that could run arbitrary code or exfiltrate data. Steps to reduce risk before installing: 1) Ask the publisher for the repository owner, commit history, and a signed release or packaged code included in the skill bundle. 2) Manually inspect the GitHub repo (code, requirements.txt, app.py) for network calls, credential usage, or secret exfiltration before running. 3) Verify what environment variables and services (DB, object storage) the app needs and require them to be declared in the skill manifest. 4) If you must test it, run it in an isolated sandbox or container with no access to production credentials or sensitive data. 5) Prefer skills that include their code in the package or a reputable, well-audited release; avoid blindly executing 'git clone && pip install && python app.py'.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk974pyexyg9av0ahhgndm76da1834pch

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

SKILL.md

AI 智能审计日志系统

描述

审计日志,操作记录 + 合规审计。

功能

  • 操作记录(操作日志)
  • 审计查询(审计查询)
  • 合规检查(合规审计)
  • 数据分析(行为分析)
  • 报告生成(审计报告)

定价

  • 基础版:¥99/月(10 万条/月)
  • 专业版:¥499/月(100 万条/月)
  • 企业版:¥1999/月(无限条)

适用场景

  • 合规审计
  • 操作审计
  • 安全审计
  • 数据审计

技术栈

  • Python + FastAPI
  • 日志记录
  • 审计查询
  • 报告生成

安装

git clone https://github.com/openclaw-skills/ai-intelligent-audit-logging
cd ai-intelligent-audit-logging
pip install -r requirements.txt
python app.py

创建:2026-03-13 作者:OpenClaw Skills Team

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…