← Back to Skills Marketplace
balkanblbn

Audit Log Firewall

by balkanblbn · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
422
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install audit-log-firewall
Description
Policy-based monitoring and command-line enforcement for high-risk agent operations. Intercepts sensitive commands and logs them for human auditing.
README (SKILL.md)

Audit Log Firewall

Security is a non-negotiable protocol for autonomous agents. This skill acts as a dynamic guardrail.

Operational Modes

1. Interception Mode

Every command is checked against a local allowlist (config/allowlist.json).

  • High Risk: commands like rm -rf, sudo, or direct curl to unknown external IPs.
  • Protocol: If a high-risk command is detected, the agent triggers a mandatory 'Pause and Ask' state.

2. Forensic Logging

All terminal activity is hashed and stored in .logs/SECURITY.json.

  • Fields: Timestamp, Command, User, Working Directory, and Hash.
  • Utility: Allows humans to reconstruct the agent's actions in case of a breach or error.

Installation

clawhub install audit-log-firewall
Usage Guidance
Proceed with caution. This skill's purpose (blocking and logging dangerous commands) is plausible, but the package lacks source code, a homepage, and an installable artifact despite containing an install command in SKILL.md. Before installing or enabling it: 1) ask the publisher for the implementation/source so you can audit how commands are intercepted and what is actually logged; 2) verify exactly where logs are stored, who can read them, and whether logs could contain secrets; 3) ensure the allowlist path (config/allowlist.json) and log path (.logs/SECURITY.json) are created in a controlled, write-restricted location; 4) do not grant autonomous invocation on production agents until you review the code; and 5) if you cannot obtain the implementation or provenance, run in an isolated test environment only.
Capability Analysis
Type: OpenClaw Skill Name: audit-log-firewall Version: 1.0.0 The skill bundle describes a security-focused agent skill designed for policy-based monitoring, command interception, and forensic logging of agent operations. The `SKILL.md` content outlines features like checking commands against an allowlist, pausing for high-risk actions, and logging terminal activity locally to `.logs/SECURITY.json`. There is no evidence of malicious intent, data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts against the agent. The described functionality is aligned with enhancing agent security and auditing.
Capability Assessment
Purpose & Capability
The SKILL.md describes a command-interception and logging guardrail which is coherent with the skill name. However, the skill metadata declares no required config paths or binaries while the instructions explicitly reference local files (config/allowlist.json and .logs/SECURITY.json) and an install command. The absence of a source/homepage and no code/install spec contrasts with the installation instruction (clawhub install ...) and creates an unresolved gap: there's no provided mechanism for how interception/enforcement would actually be implemented.
Instruction Scope
Instructions direct the agent to 'intercept every command', check a local allowlist, enforce a 'Pause and Ask' for high-risk commands, and log 'all terminal activity' including Timestamp, Command, User, Working Directory, and Hash. These steps imply reading command streams and writing forensic logs — actions that touch local filesystem state and potentially sensitive runtime context. The SKILL.md is high-level and does not specify how interception should occur or what exact commands are considered 'high risk' beyond a few examples, giving the agent broad discretion.
Install Mechanism
The skill is instruction-only with no install spec or code files in the registry, yet SKILL.md contains an install command (clawhub install audit-log-firewall). That install command suggests there should be an installable artifact, but none is provided here. Because there's no declared install or third-party download, nothing will be written to disk by the registry itself — but the mismatch is a provenance/traceability concern.
Credentials
No environment variables, credentials, or required binaries are declared, which is appropriate for a local monitoring tool. However, the instructions still require access to local files (config/allowlist.json and .logs/SECURITY.json) and to gather contextual info (User, Working Directory) that are not declared in metadata. That mismatch should be resolved before trusting the skill.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges and does not declare modifications to other skills or global settings. Autonomous invocation is allowed by default (disable-model-invocation: false) — standard for skills — but because this skill is intended to intercept commands, you should be cautious about giving it autonomous invocation without reviewing its implementation and storage behavior.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install audit-log-firewall
  3. After installation, invoke the skill by name or use /audit-log-firewall
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Command-line security enforcement
Metadata
Slug audit-log-firewall
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Audit Log Firewall?

Policy-based monitoring and command-line enforcement for high-risk agent operations. Intercepts sensitive commands and logs them for human auditing. It is an AI Agent Skill for Claude Code / OpenClaw, with 422 downloads so far.

How do I install Audit Log Firewall?

Run "/install audit-log-firewall" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Audit Log Firewall free?

Yes, Audit Log Firewall is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Audit Log Firewall support?

Audit Log Firewall is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Audit Log Firewall?

It is built and maintained by balkanblbn (@balkanblbn); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments