← Back to Skills Marketplace
TrustLog Guard
by
AnouarTrust
· GitHub ↗
· v1.1.0
482
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install trustlog-guard
Description
Financial governance for OpenClaw agents. Tracks API spend, enforces budget limits, detects runaway loops, delivers cost briefings. Reads session .jsonl logs...
Usage Guidance
This skill appears to do what it claims (read session logs, report spend, write a budget file), but the package metadata did not declare the local files it reads/writes. Before installing, consider: 1) Inspect a sample of your ~/.openclaw/agents/*/sessions/*.jsonl files to confirm they don't contain secrets you don't want scanned or stored. 2) Ask the publisher for the skill source or a detailed manifest showing which exact paths it will read/write and an explicit privacy guarantee — the SKILL.md's '100% private' claim is not verifiable as-is. 3) If you proceed, run it in a restricted environment or backup your data; verify the budgets file location (~/.openclaw/workspace/trustlog-guard/budgets.json) and ensure you’re comfortable with the agent creating/writing that file. 4) Prefer skills that declare required config paths and provide source code or provenance. If you need lower risk, request the same functionality implemented as a small local utility you can inspect and run separately rather than an autonomously-invokable skill.
Capability Analysis
Type: OpenClaw Skill
Name: trustlog-guard
Version: 1.1.0
The skill bundle is classified as benign. Its stated purpose is financial governance, tracking API spend, and enforcing budgets, which aligns with its instructions. The `SKILL.md` explicitly states "100% local," "No external servers," and "No data transmission," and the instructions for the AI agent consistently adhere to this, focusing solely on reading local OpenClaw session logs (`.jsonl`) and its own budget configuration (`budgets.json`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent for harmful purposes.
Capability Assessment
Purpose & Capability
The name/description (financial governance, cost tracking) aligns with the SKILL.md: it reads session .jsonl logs, computes spend, enforces budgets, and writes a budgets.json file. However, the registry metadata declared no required config paths or credentials while the instructions explicitly read from and write to specific home-directory paths (~/.openclaw/agents/{agent}/sessions/*.jsonl and ~/.openclaw/workspace/trustlog-guard/budgets.json). That mismatch is an incoherence: the skill effectively requires file access that wasn't declared.
Instruction Scope
The SKILL.md instructs the agent to read potentially many local session JSONL files and to create/update a budgets.json file. It also mandates passive anomaly checks on every command invocation. These are within a plausible scope for a cost-tracking tool, but they grant broad local-file read access to conversation logs (which may contain sensitive data). The instructions are prescriptive (exact output formats and rules) and reference an {agent} placeholder but do not specify how to choose/limit which agents' session directories to scan, raising risk of over-broad scanning.
Install Mechanism
No install spec or code is present (instruction-only), so nothing is downloaded or written by an installer. This reduces supply-chain risk.
Credentials
No environment variables or external credentials are requested (good). However, the skill requires reading conversation session logs under ~/.openclaw and writing a budgets file under ~/.openclaw/workspace — accesses that were not declared in metadata. Reading whole session logs can expose user data and secrets; writing files to the user's home directory should be declared and justified in metadata. The skill claims '100% private' but provides no mechanism or guarantee for that.
Persistence & Privilege
always:false (good). The skill instructs passive anomaly detection during other commands, which means it may run file scans frequently when invoked — this is not an elevated platform privilege but increases monitoring frequency and privacy exposure. The skill writes its own budgets file in the user's home; that behavior is expected for its purpose but should have been declared.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trustlog-guard - After installation, invoke the skill by name or use
/trustlog-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Financial governance for OpenClaw
Metadata
Frequently Asked Questions
What is TrustLog Guard?
Financial governance for OpenClaw agents. Tracks API spend, enforces budget limits, detects runaway loops, delivers cost briefings. Reads session .jsonl logs... It is an AI Agent Skill for Claude Code / OpenClaw, with 482 downloads so far.
How do I install TrustLog Guard?
Run "/install trustlog-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TrustLog Guard free?
Yes, TrustLog Guard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does TrustLog Guard support?
TrustLog Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TrustLog Guard?
It is built and maintained by AnouarTrust (@anouartrust); the current version is v1.1.0.
More Skills