← Back to Skills Marketplace
bytesagain3

Auditd

by bytesagain3 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
149
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install auditd
Description
Linux Audit Framework reference. auditctl rules for file watches and syscall auditing, auditd.conf configuration, ausearch log queries, aureport summaries, a...
README (SKILL.md)

auditd

Linux Audit Framework reference — kernel-level security auditing.

Commands

Command Description
intro What is auditd, architecture, quick start
rules auditctl watches, syscall rules, filters
config auditd.conf settings, rotation, disk actions
search ausearch by key, time, user, file
report aureport summaries, login, auth, file
logs audit.log format, field meanings
compliance CIS benchmark and PCI-DSS rules
tools auditctl, audit2allow, aulast, autrace
Usage Guidance
This skill is a local reference for auditd and appears coherent, but it documents and would instruct the agent to run commands that require root and can change system auditing (add/delete/lock rules, suspend logging, restart the daemon). Before installing or invoking: (1) review the included script and SKILL.md yourself; (2) do not allow the agent to run these commands as root without human review — prefer read-only queries; (3) test any commands in a non-production environment first; (4) if you enable autonomous invocation, restrict the agent's privileges so it cannot modify audit rules or restart system services without explicit human approval.
Capability Analysis
Type: OpenClaw Skill Name: auditd Version: 1.0.0 The 'auditd' skill bundle is a purely informational reference tool for the Linux Audit Framework. The main script (scripts/script.sh) contains static documentation and command examples for auditctl, ausearch, and aureport, which are printed to the console but never executed. There is no evidence of malicious intent, data exfiltration, or prompt injection.
Capability Assessment
Purpose & Capability
The name/description (auditd reference) aligns with the files and included script: examples and guidance for auditctl, ausearch, aureport, and auditd.conf. The skill does not request unrelated credentials or config paths. Note: the SKILL.md and script assume standard system utilities (auditctl, ausearch, aureport, augenrules, systemctl/service, kill, etc.) are present but these are not listed as required binaries — this is a minor metadata omission, not a functional mismatch.
Instruction Scope
Instructions are focused on auditd usage, log searching, and rule management. However, many suggested commands modify system state (adding/deleting/locking rules, restarting or signaling auditd, changing disk action policies) and therefore require root privileges and can impact system behavior (including suspending logging). The skill's instructions also reference reading /var/log/audit/audit.log and /etc/audit files — appropriate for the purpose but potentially sensitive.
Install Mechanism
No install spec (instruction-only plus a bundled script). No downloads or external installers are used, so there is no additional install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The operations it documents do require local privileged access to audit configuration/logs, which is proportional to an auditd reference skill.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide configuration changes on install. Note that an agent invoking the skill (autonomously) could run privileged commands if the agent process has elevated rights — this is a platform usage consideration, not a misbehavior of the skill itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install auditd
  3. After installation, invoke the skill by name or use /auditd
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
publish v1.0.0
Metadata
Slug auditd
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Auditd?

Linux Audit Framework reference. auditctl rules for file watches and syscall auditing, auditd.conf configuration, ausearch log queries, aureport summaries, a... It is an AI Agent Skill for Claude Code / OpenClaw, with 149 downloads so far.

How do I install Auditd?

Run "/install auditd" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Auditd free?

Yes, Auditd is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Auditd support?

Auditd is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Auditd?

It is built and maintained by bytesagain3 (@bytesagain3); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments