Ai Intelligent Audit Logging
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-intelligent-audit-logging Version: 1.0.0 The skill bundle contains only metadata and documentation without providing the actual implementation code. The SKILL.md file instructs the agent to clone an external repository (github.com/openclaw-skills/ai-intelligent-audit-logging) and execute it locally via 'python app.py'. This pattern is suspicious as it encourages the execution of unvetted remote code, which could serve as a vector for supply chain attacks, although no specific malicious payload is present in the provided text.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it would rely on external code and dependencies that were not part of this review.
The skill directs users to obtain dependencies and code from an external, unpinned GitHub repository that is not included in the reviewed artifact set.
git clone https://github.com/openclaw-skills/ai-intelligent-audit-logging cd ai-intelligent-audit-logging pip install -r requirements.txt
Review the referenced repository and requirements before installing, pin a trusted commit or release, and use an isolated virtual environment or container.
Running the command starts code from the external project on the user's machine.
The documented setup flow runs Python code from the cloned project. This is purpose-aligned for a FastAPI app, but it should be an explicit user-controlled action.
python app.py
Run the app only after inspecting the code and dependencies, and avoid running it with unnecessary privileges.
A user might assume stronger official provenance than the provided metadata actually establishes.
The skill uses an official-sounding author attribution, while the surrounding registry data says the source is unknown and skill.json lists a different author. This is a provenance ambiguity rather than proof of deception.
作者:OpenClaw Skills Team
Verify the publisher and repository ownership before trusting or installing the external code.