← Back to Skills Marketplace
apollostreetcompany

Clauditor

by apollostreetcompany · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
2424
Downloads
1
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install clauditor
Description
Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.
README (SKILL.md)

Clauditor

Security watchdog that monitors filesystem activity and creates tamper-evident logs. Even if Clawdbot is compromised, it cannot stop the watchdog, forge entries, or delete evidence.

Installation (Guided)

Use the CLI wizard to guide users through installation:

cd /path/to/clauditor
cargo build --release

Agent Workflow

  1. Check status: ./target/release/clauditor wizard status

    • Returns JSON with current_step (1-6) and complete (true/false)

  2. Get next step: ./target/release/clauditor wizard next

    • Shows WHAT it does, WHY it matters, and the exact COMMAND to run

  3. User runs the sudo command

  4. Verify: ./target/release/clauditor wizard verify

    • Confirms step completed

  5. Repeat until complete: true

Example Interaction

User: "Install clauditor"

Agent: [runs wizard status → current_step: 1]
Agent: "Step 1 of 6: Create system user

This creates a 'sysaudit' user that runs the watchdog. Even if you're 
compromised, you can't kill a process owned by another user.

Run this:
sudo useradd --system --shell /usr/sbin/nologin --no-create-home sysaudit

Let me know when done."

User: "done"

Agent: [runs wizard verify → success]
Agent: [runs wizard next → step 2...]

After Installation

Check status

systemctl status systemd-journaldd

Generate digest

./target/release/clauditor digest \
  --log /var/lib/.sysd/.audit/events.log \
  --key /etc/sysaudit/key \
  --format markdown

Quick Install (Power Users)

sudo bash wizard/wizard.sh

Configuration

  • Config: /etc/sysaudit/config.toml
  • Key: /etc/sysaudit/key
  • Logs: /var/lib/.sysd/.audit/events.log

Edit config to customize watch_paths and target_uid.

Usage Guidance
This repo contains a reasonable implementation of a privileged filesystem watchdog, but several things deserve extra scrutiny before you install it or let an agent run it unattended: - Review the install scripts (wizard/wizard.sh, wizard/install.sh) line-by-line before running with sudo. They create a system user, write keys to /etc, install a binary under /usr/local/sbin, and register a systemd service named to resemble systemd internals — this stealth naming is intentional but can be surprising or deceptive. - Understand the privilege requirements: production collection uses fanotify/eBPF and requires CAP_SYS_ADMIN or root. That gives kernel-level visibility and broad ability to observe filesystem activity (and, if misused, to surveil many paths). - The alerter subsystem supports external channels (ClawdbotWake/gateway_url, webhooks, and a 'Command' channel which executes configured commands). Before enabling alerts, confirm no external gateway URL or untrusted command is configured; otherwise sensitive event data could be transmitted or commands executed. - AGENTS.md contains an orchestration/development workflow that tells agents to read/write CONTINUITY.md, run tests, commit, and push to GitHub. That is beyond what the runtime watchdog needs — if you plan to use the skill with an autonomous agent, ensure it cannot push repository content or your runtime artifacts to remote remotes without explicit, audited credentials. - If you decide to use it: build from source locally, inspect/modify config defaults (watch_paths, exec_watchlist, alert channels), run the install in an isolated VM/container first, and restrict file permissions on the key and logs as documented. If you want a higher-confidence assessment change: provide the full wizard scripts and any shortened/truncated code for the alerter send_to_channel implementation (to confirm whether it posts to external endpoints by default), or show the exact contents of wizard/wizard.sh -- these influence whether the skill attempts network exfiltration or other unexpected actions.
Capability Analysis
Type: OpenClaw Skill Name: clauditor Version: 0.1.2 The skill bundle is a security watchdog with strong defensive features like HMAC-chained logs, UID-filtered monitoring, and detection rules for exfiltration, injection, and tampering. However, it is classified as suspicious due to a few risky capabilities and inconsistencies. The `alerter` crate (crates/alerter/src/lib.rs) includes an `AlertChannel::Command` that allows executing arbitrary commands configured in the daemon's TOML file, which, while protected by file permissions, is a powerful primitive. Additionally, the `wizard/wizard.sh` script grants the `sysaudit` user membership to the `clawdbot` group for `/proc` access, a privilege escalation for a stated purpose. There's also a discrepancy in the GitHub repository URL between `SKILL.md` and `wizard/install.sh`, and the `systemd-core-check` sentinel binary is installed by `wizard/wizard.sh` but not provided in the analyzed files, indicating a potential incompleteness or packaging issue.
Capability Assessment
Purpose & Capability
The declared purpose (tamper-resistant audit watchdog) aligns with the code and runtime requirements: building with cargo, installing a systemd service, using fanotify/eBPF for privileged collection, HMAC-chained logs, and a wizard-driven install that requires root. However the project explicitly aims for 'stealth deployment' (service named systemd-journaldd) and includes features that go beyond pure monitoring (optional webhook/Clawdbot gateway alerts, command-execution alert channel), which are coherent with the design but raise operational concerns because they increase the attack surface.
Instruction Scope
SKILL.md and AGENTS.md instruct agents/operators to perform privileged installation (create system user, write keys to /etc, install a service, enable/daemon-reload) — expected for a system daemon — but also include a development orchestration workflow (read/update CONTINUITY.md every turn, spawn sub-agents, run cargo test, commit and push after each bead). Those orchestration steps encourage automated commits/pushes and reading/writing project state, which go beyond runtime monitoring and could cause an agent to access or transmit repository data or use Git credentials not declared in requires.env.
Install Mechanism
There is no registry 'install' spec (instruction-only), which is lower risk for hidden downloads. The repo includes wizard scripts (wizard/wizard.sh, wizard/install.sh) that perform privileged operations (useradd, copy to /usr/local/sbin, systemctl enable/start). Review of those scripts is required before running with sudo; they perform system-wide changes and install a binary named to masquerade as a system service.
Credentials
The skill declares no required environment variables or external credentials. It does, however, require root or CAP_SYS_ADMIN for installation and for privileged fanotify collection — this is proportionate to kernel-level monitoring. Note: AGENTS.md describes pushing to GitHub and committing, which would rely on external git credentials not declared by the skill; that is a scope creep risk.
Persistence & Privilege
The skill installs a persistent systemd daemon and uses privileged kernel APIs (fanotify with FAN_MARK_FILESYSTEM; mentions eBPF). While expected for a tamper-resistant monitor, the code and docs explicitly aim for stealth (service name mimicking journal) and sentinel behavior to detect tampering. Those choices increase privilege and persistence and could be abused or surprising to operators. The skill does not set always:true, and autonomous invocation remains the platform default.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clauditor
  3. After installation, invoke the skill by name or use /clauditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
- Added documentation file: AGENTS.md - Removed configuration files: dev-config.toml and dist/config/default.toml - No changes to core functionality or documentation in SKILL.md
v0.1.1
- Removed 8 files, including documentation and a test script (e.g., AGENTS.md, PLAN.md, test-fix.sh). - No changes to the core SKILL.md functionality or workflow. - Project now contains fewer auxiliary docs and samples.
v0.1.0
- Updated skill.
Metadata
Slug clauditor
Version 0.1.2
License
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is Clauditor?

Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence. It is an AI Agent Skill for Claude Code / OpenClaw, with 2424 downloads so far.

How do I install Clauditor?

Run "/install clauditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clauditor free?

Yes, Clauditor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clauditor support?

Clauditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clauditor?

It is built and maintained by apollostreetcompany (@apollostreetcompany); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments