← Back to Skills Marketplace
146
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install artifact-contract-auditor
Description
Audit the workspace against the pipeline artifact contract (DONE outputs + pipeline target_artifacts). Writes `output/CONTRACT_REPORT.md`. **Trigger**: contr...
README (SKILL.md)
Artifact Contract Auditor
Purpose: make each workspace auditable and shareable.
This skill checks two contracts:
- Units contract: if a unit is marked
DONE, its required outputs must exist. - Pipeline contract: the pipeline’s
target_artifacts(from the pipeline spec referenced byPIPELINE.lock.md) should exist for a complete run.
It always writes a report so workspaces can serve as regression baselines.
Inputs
UNITS.csvPIPELINE.lock.md- Pipeline spec referenced by
PIPELINE.lock.md(underpipelines/*.pipeline.md; reads YAMLtarget_artifacts)
Outputs
output/CONTRACT_REPORT.md
Workflow (analysis-only)
- Read
UNITS.csvand validate DONE outputs
- For every unit with
status=DONE, verify each required output exists. - Outputs prefixed with
?are treated as optional and do not fail the contract.
- Read
PIPELINE.lock.mdand validate pipeline target artifacts
- Resolve the pipeline spec under
pipelines/*.pipeline.mdand loadtarget_artifactsfrom its YAML front matter. - Resolve the pipeline spec path and load
target_artifactsfrom its YAML front matter. - If the pipeline is complete (all units are
DONE/SKIP), verify each requiredtarget_artifactsfile exists.
- Write
output/CONTRACT_REPORT.md(always)
- Include missing DONE outputs (unit-level drift) and missing pipeline targets (pipeline-level completeness drift).
Status semantics
PASS: pipeline complete (all unitsDONE/SKIP) AND all required target artifacts exist AND no DONE unit is missing required outputs.OK: pipeline incomplete (still running) BUT DONE unit outputs are consistent; missing targets are expected.FAIL: at least one DONE unit is missing required outputs OR pipeline is complete but required target artifacts are missing.
How to use this report (self-loop routing)
- If DONE outputs are missing: fix the contract drift (regenerate the missing artifacts, or revert the unit status to TODO/BLOCKED).
- If the pipeline is complete but target artifacts are missing: find which unit/skill owns each missing artifact and rerun that unit.
Script
Quick Start
python scripts/run.py --workspace workspaces/\x3Cws>
All Options
--workspace \x3Cdir>--unit-id \x3CU###>(optional)--inputs \x3Csemicolon-separated>(unused; runner compatibility)--outputs \x3Csemicolon-separated>(unused; runner compatibility)--checkpoint \x3CC#>(optional)
Examples
- End-of-run audit (recommended before sharing a workspace):
python scripts/run.py --workspace workspaces/\x3Cws>
Usage Guidance
This skill appears to do exactly what it says: offline auditing of UNITS.csv and pipeline target_artifacts and writing output/CONTRACT_REPORT.md. Before running it, inspect the workspace's PIPELINE.lock.md (it controls which pipeline spec path is loaded) and ensure it doesn't point to unexpected absolute paths you don't want the auditor to read. Run the script in an isolated or non-sensitive workspace if you are worried about accidental disclosure of local files. If you need stronger guarantees, review the bundled tooling/*.py files (they are included) or run the script under a restricted user account or container.
Capability Analysis
Type: OpenClaw Skill
Name: artifact-contract-auditor
Version: 1.0.0
The artifact-contract-auditor skill is a legitimate utility designed to audit workspace completeness by verifying the existence of required output files defined in pipeline specifications. The core logic in scripts/run.py and the extensive quality-checking routines in tooling/quality_gate.py perform file system checks and data validation (CSV, YAML, JSONL) aligned with the stated purpose. While tooling/executor.py utilizes subprocess.run to execute pipeline units, this is a standard component of the OpenClaw execution framework and shows no signs of intentional misuse or command injection. No evidence of data exfiltration, remote payload execution, or malicious prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description match behavior: the script reads UNITS.csv and PIPELINE.lock.md, resolves a pipeline spec, checks for missing DONE outputs and pipeline target artifacts, and writes output/CONTRACT_REPORT.md. Declared requirements (python3/python) align with the provided Python scripts and modules. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md restricts the skill to analysis-only and no network; the implementation matches that (reads workspace files and repo pipeline specs, writes the report and quality gate). One thing to note: the script resolves the pipeline path from the workspace's PIPELINE.lock.md and then uses Path(...).resolve() to load that file. If PIPELINE.lock.md points to an absolute path, the auditor will attempt to load that path — i.e., it will read whatever file path is specified. This is coherent for legitimate pipeline use, but it means the auditor can be directed to read arbitrary local files if the workspace's PIPELINE.lock.md is manipulated.
Install Mechanism
No install spec (instruction-only) and bundled Python code is executed directly; no downloads or external installers are used. This is the lowest-risk install model for bundled code, assuming the user trusts the packaged files.
Credentials
The skill requests no environment variables or credentials. It only reads local workspace files and bundled pipeline specs. No secrets/external tokens are required or declared.
Persistence & Privilege
always:false and normal model-invocation settings. The skill writes only workspace-local report files (output/CONTRACT_REPORT.md and may update output/QUALITY_GATE.md via the quality_gate helper). It does not modify other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install artifact-contract-auditor - After installation, invoke the skill by name or use
/artifact-contract-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Artifact Contract Auditor v0.1.0
- Initial release of the artifact-contract-auditor skill.
- Audits workspaces for completeness by checking unit-level required outputs (in UNITS.csv) and pipeline-level target artifacts.
- Generates an always-updated CONTRACT_REPORT.md detailing missing outputs or targets.
- Analysis-only: does not modify content artifacts; only writes a report.
- Useful for verifying workspace integrity before sharing or ending a run.
Metadata
Frequently Asked Questions
What is Artifact Contract Auditor?
Audit the workspace against the pipeline artifact contract (DONE outputs + pipeline target_artifacts). Writes `output/CONTRACT_REPORT.md`. **Trigger**: contr... It is an AI Agent Skill for Claude Code / OpenClaw, with 146 downloads so far.
How do I install Artifact Contract Auditor?
Run "/install artifact-contract-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Artifact Contract Auditor free?
Yes, Artifact Contract Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Artifact Contract Auditor support?
Artifact Contract Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Artifact Contract Auditor?
It is built and maintained by WILLOSCAR (@willoscar); the current version is v1.0.0.
More Skills