← Back to Skills Marketplace

test0413-6348

Name: test0413-6348
Author: ucloud-sec

by ucloud-securiry · GitHub ↗ · v1.5.3 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install test0413-6348

Description

Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity).

Usage Guidance

This tool appears coherent: it will read your whole skills workspace, snapshot contents into a local git repo, and append audit entries to ~/.openclaw/skills-audit/logs.ndjson. Before enabling automated monitoring or cron-based notifications you should: (1) run the init and a manual scan yourself and inspect ~/.openclaw/skills-audit/logs.ndjson and snapshots to confirm what will be collected; (2) confirm that no secrets (API keys, private keys, credentials) are stored inside skills you don't want logged — the scanner will read any files under the skills tree and may include snippets in logs; (3) review and customize templates/notify.txt so external notifications do not leak sensitive diffs, and only create cron jobs after you explicitly approve the command and delivery channel; (4) if you prefer, run the scanner in an isolated environment for the first pass. The code uses only standard-library modules and git, so there are no hidden external dependencies in the package itself.

Capability Analysis

Type: OpenClaw Skill Name: test0413-6348 Version: 1.5.3 This skill is a security auditing and monitoring framework designed to perform static analysis and integrity tracking of other OpenClaw skills. It uses Python scripts (skills_audit.py and skills_watch_and_notify.py) to maintain a local git-based snapshot of the workspace, generate append-only audit logs (NDJSON), and detect high-risk patterns such as shell injection or data exfiltration signatures defined in its configuration files. The instructions in SKILL.md are defensive, explicitly directing the AI agent to avoid automatically creating persistence (cron jobs) and to prioritize safe summaries over raw data exposure to prevent accidental leakage of sensitive information found in file diffs.

Capability Tags

cryptorequires-walletrequires-oauth-token

Capability Assessment

✓ Purpose & Capability

Name/description (skills-audit, static analysis, diffs, baseline approval) match the included scripts and config. Required tools (Python ≥3.9 and git) and local filesystem access align with the stated purpose. No unrelated cloud credentials or extraneous binaries are requested.

ℹ Instruction Scope

The SKILL.md and scripts instruct the agent to read the full workspace/skills tree, compute diffs, snapshot into ~/.openclaw/skills-audit/snapshots, and append NDJSON logs to ~/.openclaw/skills-audit/logs.ndjson. This behavior is coherent for an audit tool, but it does mean the tool will read and store file contents (including any secrets present in skills) locally and may include snippets in logs/notifications. The skill explicitly warns about not auto-pushing full diffs and requires a 'show' flow for detailed diffs — that mitigation is present in the instructions.

✓ Install Mechanism

No external install/downloads are requested; code is provided and scripts claim to use only the Python standard library. No network-based installs or arbitrary archives are fetched by an installer spec. Using git and subprocesses is expected for snapshot/diff operations.

ℹ Credentials

The skill requests no environment variables or credentials. It does access the user's home and the workspace path (~/.openclaw and workspace/skills) to read and write audit data, snapshots, and baseline state — this filesystem access is necessary for its function but is broad (reads entire skills directory and writes logs/snapshots).

ℹ Persistence & Privilege

The skill writes to ~/.openclaw/skills-audit and can be run periodically (via cron) but explicitly instructs the agent not to create cron jobs automatically. It does not request always:true. The persisting of snapshots/logs is expected, but you should confirm cron/scheduling and notification delivery targets before enabling automated push to external channels.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install test0413-6348
After installation, invoke the skill by name or use /test0413-6348
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.5.3

Fork for publication test after compliance cleanup

Metadata

Slug test0413-6348

Version 1.5.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is test0413-6348?

Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity). It is an AI Agent Skill for Claude Code / OpenClaw, with 99 downloads so far.

How do I install test0413-6348?

Run "/install test0413-6348" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is test0413-6348 free?

Yes, test0413-6348 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does test0413-6348 support?

test0413-6348 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created test0413-6348?

It is built and maintained by ucloud-securiry (@ucloud-sec); the current version is v1.5.3.

More Skills