← Back to Skills Marketplace
christineopenclaw

Reliability Evidence Pack

by ChristineOpenclaw · GitHub ↗ · v2.0.2
cross-platform ✓ Security Clean
349
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install reliability-evidence-pack
Description
Provides tools to record, validate, and report agent operational reliability artifacts using standardized schemas for consistent monitoring and compliance.
Usage Guidance
This package appears to do what it says: local collection, schema validation, and bundle generation for reliability artifacts. Before installing or running it: 1) Inspect the large scripts (scripts/rep.mjs, scripts/rep-validate.mjs, scripts/rep-heartbeat-cron.mjs, and github-action/entrypoint.sh) for any network calls or unexpected execs. 2) Configure REP_ARTIFACTS_PATH to an isolated, access-controlled directory and add it to .gitignore. 3) Never place private signing keys in the artifacts directory — use an external KMS/vault. 4) Prefer running the cron/heartbeat scripts in a container or unprivileged account first, and review the GitHub Action entrypoint before adding to CI. 5) If you do not want autonomous agent invocation, disable model invocation for this skill in your agent settings. If you want, I can scan the full contents of rep.mjs and rep-validate.mjs for network/system calls and highlight any lines of concern.
Capability Analysis
Package: (xpi) Version: Description: REP v1.0 demonstration bundle with mixed artifact types showcasing chain integrity, content hashing, and reliability evidence collection. The package implements a 'Reliability Evidence Pack (REP)' system designed for structured logging, validation, and auditing of agent operational data. The core logic, primarily in Node.js scripts, focuses on generating, storing, and verifying artifacts related to agent decisions, performance, health, and incidents. Key functionalities include local file system operations (reading/writing JSONL files to configurable paths), cryptographic hashing (SHA256) for artifact integrity and chain-of-custody, and comprehensive validation of artifact schemas and inter-artifact references. System information (e.g., CPU, memory, uptime, hostname, PID) is collected by specific scripts (e.g., `rep-heartbeat-cron.mjs`, `rep-performance-baseline.mjs`) but is logged locally as part of the reliability monitoring, not exfiltrated. The `rep.mjs serve` command initiates a local HTTP server to expose bundle statistics and artifacts, which includes `Access-Control-Allow-Origin: '*'`. While this could pose an information disclosure risk if exposed publicly without authentication, the project's documentation explicitly addresses this, warning about sensitive data in artifacts and recommending access control, indicating an intended use for local or controlled internal environments. No outbound network connections for data exfiltration or command-and-control are observed. External command execution is limited to controlled invocations of local scripts or package managers within a GitHub Action context. The project includes extensive documentation that clearly outlines its purpose, usage, and security considerations, reinforcing its legitimate intent. There is no evidence of obfuscation, arbitrary code execution, or other malicious behaviors. The non-functional nature of `cli/bin/cli.js` is a functional discrepancy, not a security vulnerability.
Capability Assessment
Purpose & Capability
Name/description (Reliability Evidence Pack) match the delivered artifacts: JSON schemas, CLI, validation scripts, cron helpers, examples, and CI integration. Requested capabilities (file read/write, process execute, Node runtime) are appropriate for building local artifact capture/validation tooling.
Instruction Scope
SKILL.md instructions stay within the stated purpose (run Node scripts, write to configurable artifacts dir, run local GitHub Action). However examples and quickstart include absolute user workspace paths and sample commands that read/write user files (e.g., /home/.../.openclaw/workspace, USER.md). These are expected for a logging/audit pack but are sensitive: follow the SKILL.md guidance to isolate REP_ARTIFACTS_PATH and add artifact paths to .gitignore. Also SKILL.md claims all scripts operate locally with no telemetry — you should still inspect larger scripts (rep.mjs, rep-validate.mjs, and github-action/entrypoint.sh) before use to confirm no unexpected network calls.
Install Mechanism
There is no automated install spec in the registry (instruction-only), which is lower intrinsic risk. The bundle includes a CLI with a package.json; following the documented 'npm install -g' will pull dependencies from the public npm registry (chalk, commander). That is normal but means you will download external packages at install time; installing and running the scripts will write files to disk. The bundle does not include downloads from arbitrary URLs in the SKILL.md.
Credentials
The skill declares no required credentials and only a small set of optional environment variables for artifact and schema paths and log file location. That is proportional to its function. The SPEC mentions artifact signing fields but key management is operator-defined and the SKILL.md explicitly warns not to store private keys in artifacts.
Persistence & Privilege
Registry-level flags provided earlier indicate the skill can be invoked autonomously (disable-model-invocation: false), while the included _meta.json lists 'autonomous_invocation': false — a minor inconsistency. The skill does not request always:true or system-level privileges. Because the skill can be executed autonomously by agents (platform default), consider whether you want the agent to run validation/heartbeat cron scripts without human review.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install reliability-evidence-pack
  3. After installation, invoke the skill by name or use /reliability-evidence-pack
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.2
Version 2.0.2 - Expanded "Security Considerations" in SKILL.md with detailed guidance on data handling, signing keys, CI use, and local execution. - Added best practices and mitigation steps for sensitive artifacts. - No changes to core logic or scripts. Documentation and metadata update only.
v2.0.1
- Updated Node.js requirement from v14 to v16 or higher in documentation. - Clarified the required Node.js version for runtime scripts in the "Required Binaries" section. - No changes to core functionality or interfaces.
v2.0.0
Version 2.0.0 Major update with new CLI, validation scripts, schema coverage, and expanded examples. - Added full CLI package for command-line use (see cli/). - Introduced GitHub Action for CI/CD automation (see github-action/). - Expanded and formalized artifact schemas (see schemas/). - New core scripts for heartbeat tracking, near-miss events, bundle generation, and validation. - Provided extensive real-world examples and workflow integrations. - Removed legacy files; overhauled and expanded documentation.
v1.0.0-rc.1
Initial release candidate introducing core functionality: - Provides standardized schemas for key reliability artifacts (heartbeats, decisions, context, handoffs, near-misses). - Includes a validation engine for schema compliance. - Enables compliance reporting and reliability metric tracking. - Ready for integration with cron jobs, subagents, and CI/CD pipelines. - Offers easy CLI commands for validation, initialization, and strict checks. - Comprehensive documentation and setup guides included.
Metadata
Slug reliability-evidence-pack
Version 2.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Reliability Evidence Pack?

Provides tools to record, validate, and report agent operational reliability artifacts using standardized schemas for consistent monitoring and compliance. It is an AI Agent Skill for Claude Code / OpenClaw, with 349 downloads so far.

How do I install Reliability Evidence Pack?

Run "/install reliability-evidence-pack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Reliability Evidence Pack free?

Yes, Reliability Evidence Pack is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Reliability Evidence Pack support?

Reliability Evidence Pack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Reliability Evidence Pack?

It is built and maintained by ChristineOpenclaw (@christineopenclaw); the current version is v2.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments