← Back to Skills Marketplace
bytesagain1

Consent

by bytesagain1 · GitHub ↗ · v2.0.1 · MIT-0
cross-platform ⚠ suspicious
330
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install consent
Description
Build cookie consent banners and track opt-in compliance status. Use when implementing GDPR consent, auditing cookies, generating privacy banners.
README (SKILL.md)

Consent

Security toolkit for managing consent records — generate tokens, check strength, rotate credentials, audit logs, store and retrieve entries, manage policies, and produce compliance reports. All data stays local.

Commands

Command Description
consent generate \x3Cinput> Generate a new entry and log it
consent check-strength \x3Cinput> Check strength of a given input and record the result
consent rotate \x3Cinput> Rotate a credential or token and log the change
consent audit \x3Cinput> Record an audit entry for compliance tracking
consent store \x3Cinput> Store a value securely in the local data log
consent retrieve \x3Cinput> Retrieve a previously stored value
consent expire \x3Cinput> Mark an entry as expired
consent policy \x3Cinput> Record or update a policy entry
consent report \x3Cinput> Generate a report entry for review
consent hash \x3Cinput> Hash a value and store the result
consent verify \x3Cinput> Verify a value against stored records
consent revoke \x3Cinput> Revoke a previously granted consent or credential
consent stats Show summary statistics: entry counts, data size, first activity date
consent export \x3Cfmt> Export all data in json, csv, or txt format
consent search \x3Cterm> Search across all logs for a keyword
consent recent Show the 20 most recent activity entries
consent status Health check: version, data dir, entry count, disk usage, last activity
consent help Show help with all available commands
consent version Show current version

Command Behavior

  • With arguments: Each command logs the input with a timestamp to its own dedicated log file (e.g., generate.log, audit.log)
  • Without arguments: Each command displays the 20 most recent entries from its log file

Data Storage

  • Default data directory: ~/.local/share/consent/
  • Per-command logs: $DATA_DIR/\x3Ccommand>.log (e.g., generate.log, audit.log, store.log)
  • History log: $DATA_DIR/history.log — master timeline of all activity
  • Export files: $DATA_DIR/export.\x3Cfmt> — generated by the export command
  • All data is local plain-text. No network calls, no cloud sync.

Requirements

  • Bash 4+ (uses set -euo pipefail)
  • No external dependencies or API keys required
  • Works entirely offline — your data stays on your machine

When to Use

  1. Tracking consent and compliance — Record who consented to what and when with store, audit, and policy for a simple compliance trail
  2. Credential rotation logging — Use rotate and expire to log when credentials were changed or invalidated
  3. Security auditing — Run audit entries and pull report data to review security posture over time
  4. Exporting compliance data — Use export json or export csv to produce machine-readable records for external auditing tools
  5. Quick lookups and verification — Search across all logs with search or verify specific entries with verify and hash

Examples

# Store a consent record
consent store "user:alice accepted terms-of-service v2.1"

# Audit a policy change
consent audit "updated data retention policy to 90 days"

# Generate a new token entry
consent generate "api-key-prod-2025"

# Rotate a credential and log it
consent rotate "db-password-main rotated"

# Check strength of a passphrase
consent check-strength "my-complex-passphrase-2025!"

# Export all data as JSON
consent export json

# Search across all logs
consent search "alice"

# View summary statistics
consent stats

# Health check
consent status

# Show recent activity
consent recent

How It Works

Each domain command (generate, audit, store, etc.) maintains its own log file in the data directory. Entries are stored as timestamp|value lines. The stats command aggregates counts across all log files. The export command merges all logs into a single file in your chosen format. Every action is also recorded in history.log as a master audit trail.

Tips

  • Run any command without arguments to see its recent entries — great for quick review
  • Use consent recent to see a timeline of all activity across all commands
  • Pipe exports to other tools: consent export csv && cat ~/.local/share/consent/export.csv | head
  • Combine search with grep for complex queries: consent search "2025" | grep "policy"
  • Run consent help at any time for the full command reference

Powered by BytesAgain | bytesagain.com | [email protected]

Usage Guidance
This skill is internally consistent and appears to be a simple, offline consent/audit logger. Important cautions before installing or using it: - Data is stored as plain text under ~/.local/share/consent (per-command .log files and history.log). Do not store production secrets, unencrypted passwords, or sensitive PII there. - Exports merge all logs into single files (export.*) and will include everything logged — treat those files as sensitive. - Consider hardening: set the data directory to restrictive permissions (chmod 700), run in a limited account or container, and avoid logging raw secrets. If you need secure storage, use an encrypted store or modify the script to encrypt entries at rest (or to not capture secrets). - The script appears to make no network calls, requests no credentials, and contains no obfuscated code, but you should still inspect the bundled script before running and consider running in an isolated environment if you have high-sensitivity data needs.
Capability Analysis
Type: OpenClaw Skill Name: consent Version: 2.0.1 The 'consent' skill is a deceptive utility that claims to provide security functions like hashing, credential rotation, and secure storage, but the implementation in 'scripts/script.sh' simply records all inputs as plain text in local log files. Commands like 'hash', 'rotate', and 'store' (which SKILL.md claims stores values 'securely') do not perform any cryptographic operations and instead save raw input strings to '~/.local/share/consent/'. While no evidence of data exfiltration or remote code execution was found, the tool is highly misleading and could lead to the accidental exposure of sensitive information.
Capability Assessment
Purpose & Capability
Name/description align with required artifacts and behavior: the skill provides local commands for recording consent, audits, token rotation logs, exporting, and searching. Nothing requested (no env vars, no external binaries) is out of scope for a local consent logger.
Instruction Scope
SKILL.md and the script instruct the agent/user to write and read timestamped plain-text log entries under ~/.local/share/consent. There are no instructions to read unrelated files or call external endpoints, but many commands will record arbitrary input (including credentials or PII) verbatim into logs and history.log.
Install Mechanism
There is no install spec (instruction-only skill) and only a bundled Bash script. No remote downloads or package installs are requested.
Credentials
The skill requires no environment variables, credentials, or config paths beyond creating and using a local data directory — proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or global agent privileges. It writes only to its own data dir (~/.local/share/consent) and does not modify other skills or system-wide agent configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install consent
  3. After installation, invoke the skill by name or use /consent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
update
v2.0.0
v2.5 standard: Use-when desc, homepage, source, security fix
v1.0.2
retry-fix-token
v1.0.1
old template -> domain-specific v2.0.0
v1.0.0
Initial release
Metadata
Slug consent
Version 2.0.1
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 5
Frequently Asked Questions

What is Consent?

Build cookie consent banners and track opt-in compliance status. Use when implementing GDPR consent, auditing cookies, generating privacy banners. It is an AI Agent Skill for Claude Code / OpenClaw, with 330 downloads so far.

How do I install Consent?

Run "/install consent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Consent free?

Yes, Consent is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Consent support?

Consent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Consent?

It is built and maintained by bytesagain1 (@bytesagain1); the current version is v2.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments