← Back to Skills Marketplace
hanxiao-bot

OpenClaw Audit Log Hook

by hanxiao-bot · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
100
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-audit-log-hook
Description
Records and logs all tool calls before and after execution for auditing, debugging, usage stats, and error tracking with sensitive data redaction.
Usage Guidance
This skill is plausible but sloppy: do not install it as-is if you care about protecting secrets. Key issues to resolve before use: (1) actually write logs to a controlled file path (with secure file permissions) rather than console, and declare OPENCLAW_STATE_DIR; (2) integrate and improve redaction — apply redaction to parsed objects and nested fields, handle stringified JSON, and avoid relying on truncation as a protection; (3) add log rotation, retention limits, and access controls; (4) avoid logging raw command outputs or API responses that may include credentials or tokens; (5) consider hashing or minimizing session/user identifiers and document who can read the logs. If you can't review and modify the hooks yourself, treat this skill as risky because it could leak sensitive data into agent logs.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-audit-log-hook Version: 1.0.0 The skill implements an audit logging mechanism in SKILL.md that records tool parameters and results. While it includes a 'redactSensitive' utility function, the provided hook implementations for 'before_tool_call' and 'after_tool_call' fail to actually invoke this function, leading to the logging of potentially sensitive data (API keys, tokens, passwords) in plain text to the console. This constitutes a sensitive information disclosure vulnerability.
Capability Assessment
Purpose & Capability
The SKILL.md claims to record all tool calls to an audit.log under OPENCLAW_STATE_DIR and to auto-redact sensitive data, but the example hook only console.logs entries (does not write to the claimed audit.log path) and never calls the redact function. That mismatch means the skill as-written won't deliver its described purpose and may expose data via stdout instead of a controlled file.
Instruction Scope
Instructions access event.tool.params and event.result (which commonly contain secrets). The provided redaction function is defined but not integrated into the hook code. Redaction logic only checks top-level property names, won't handle stringified JSON or nested fields, and the current code stringifies params and truncates them (slice(0,500)), which can still leak sensitive prefixes and break redaction. The SKILL.md also references OPENCLAW_STATE_DIR without declaring it and suggests analyzing an audit.log file even though the hooks don't write to that file.
Install Mechanism
Instruction-only skill with no install steps or external downloads, so it doesn't introduce installation-time code execution risk.
Credentials
No required environment variables are declared, but the example reads process.env.OPENCLAW_STATE_DIR. The skill should declare this env var (and its intended default) and document permissions expectations for where logs will be written.
Persistence & Privilege
The skill does not request always:true or modify other skills; it is user-invocable and can be run autonomously like other hooks. That default model-invocation behavior is expected.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-audit-log-hook
  3. After installation, invoke the skill by name or use /openclaw-audit-log-hook
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug openclaw-audit-log-hook
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OpenClaw Audit Log Hook?

Records and logs all tool calls before and after execution for auditing, debugging, usage stats, and error tracking with sensitive data redaction. It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.

How do I install OpenClaw Audit Log Hook?

Run "/install openclaw-audit-log-hook" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Audit Log Hook free?

Yes, OpenClaw Audit Log Hook is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OpenClaw Audit Log Hook support?

OpenClaw Audit Log Hook is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Audit Log Hook?

It is built and maintained by hanxiao-bot (@hanxiao-bot); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments