← Back to Skills Marketplace
1570
Downloads
3
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-ledger
Description
Tamper-evident audit trail for agent sessions. Hash-chained logs of workspace changes with cryptographic verification. Know exactly what changed, when, and detect if anyone altered the record. Free alert layer — upgrade to openclaw-ledger-pro for freeze, forensics, and chain restoration.
Usage Guidance
Before installing or running this skill: (1) Review the full script locally — especially the truncated tail — to confirm there are no file‑moving or deletion operations you don't expect (search for 'shutil.move', 'os.remove', '.quarantine', 'frozen', 'restore', etc.). (2) Note that the ledger records file paths and SHA‑256 hashes in .ledger/session.json and chain.jsonl — this can reveal directory structure and filenames even though it does not store file contents. Don't point it at sensitive or production workspaces until you are comfortable with that data being stored locally. (3) The code will honor OPENCLAW_WORKSPACE if set; this env var was not declared in the skill metadata — be aware of implicit workspace selection. (4) Because the source/homepage is unknown, run the script first in an isolated test workspace or container and verify there are no unexpected network calls or destructive actions. (5) If you plan to rely on the tool for security/auditing, confirm provenance (official repo or signed releases) and consider code review or vendor verification before trusting ledger contents for forensics.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-ledger
Version: 1.0.2
The OpenClaw Ledger skill is designed to provide a tamper-evident audit trail for agent workspaces. The Python script (`scripts/ledger.py`) uses only standard library modules, performs no network calls, and restricts file system operations to the specified workspace and its `.ledger` subdirectory for logging and snapshotting. The `SKILL.md` and `README.md` files clearly describe the skill's purpose and commands without any prompt injection attempts or instructions for malicious actions. The 'protect' command implements defensive measures like freezing compromised chains and auto-restoring from clean backups, which are legitimate security features. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation.
Capability Assessment
Purpose & Capability
Name/description match the delivered capability: the included Python script implements init/record/verify/log/status for a hash-chained audit trail. However, the README and the script header advertise additional capabilities (freeze, quarantine, forensics, restoration) that are not exposed in the SKILL.md command list; source/homepage are unknown. Overall the core purpose is implemented, but marketing claims and provenance are inconsistent.
Instruction Scope
The runtime instructions call the included script (python3 {baseDir}/scripts/ledger.py) which walks the entire workspace and snapshots filenames, sizes, and SHA‑256 hashes. The code writes local artifacts (.ledger/chain.jsonl and .ledger/session.json) containing file paths and hashes. The script also reads an environment variable OPENCLAW_WORKSPACE to resolve the workspace if --workspace is not supplied, but this env var is not declared in requires.env or documented in SKILL.md — a mismatch. The behavior is local-only (no network libs observed) but the broad filesystem scanning and undisclosed env usage are scope concerns.
Install Mechanism
No install spec is provided (instruction-only), and the skill includes a Python script using only the standard library. README suggests manual git clone/copy. No remote downloads, package installs, or extract-from-URL operations were found in the provided files.
Credentials
The registry metadata declares no required env vars, yet the code consults OPENCLAW_WORKSPACE to discover the workspace path. The script requires only python3 (reasonable) but will read the entire workspace tree (file names and hashes), which can expose sensitive project structure. No network credentials are requested, which is appropriate for a local ledger, but the undeclared env var and wide read access are disproportionate to the absence of any documentation about privacy or retention.
Persistence & Privilege
The skill does not request always:true and uses only its own workspace-scoped .ledger directory to store chain/session artifacts. There is no evidence it modifies other skills' configuration or system-wide settings. It may create quarantine/frozen directories under the workspace (names appear in code), but actions are local and confined to the target workspace.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-ledger - After installation, invoke the skill by name or use
/openclaw-ledger - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Documentation updated to remove promotion of openclaw-ledger-pro from SKILL.md and README.md.
- References to premium audit and forensics features have been removed from the documentation.
- Core functionality, usage instructions, and cross-platform support documentation remain unchanged.
v1.0.1
- Documentation updated in README.md for clarity and completeness.
- No code or functionality changes.
v1.0.0
- Initial release of openclaw-ledger.
- Provides a tamper-evident, hash-chained audit log for agent workspace sessions.
- Supports initializing a ledger, recording changes, verifying the hash chain, viewing logs, and checking status.
- Runs locally with no external dependencies (Python standard library only).
- Compatible across major operating systems (macOS, Linux, Windows).
- Upgrade path available for advanced forensic and recovery features via openclaw-ledger-pro.
Metadata
Frequently Asked Questions
What is Openclaw Ledger?
Tamper-evident audit trail for agent sessions. Hash-chained logs of workspace changes with cryptographic verification. Know exactly what changed, when, and detect if anyone altered the record. Free alert layer — upgrade to openclaw-ledger-pro for freeze, forensics, and chain restoration. It is an AI Agent Skill for Claude Code / OpenClaw, with 1570 downloads so far.
How do I install Openclaw Ledger?
Run "/install openclaw-ledger" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Ledger free?
Yes, Openclaw Ledger is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openclaw Ledger support?
Openclaw Ledger is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Openclaw Ledger?
It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.2.
More Skills