← Back to Skills Marketplace
302
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install driftwatch
Description
Monitor agent identity drift using git history. Detects when AI agents quietly modify their own SOUL.md, IDENTITY.md, AGENTS.md, or memory files — autonomy e...
README (SKILL.md)
DriftWatch 🔍
Agent Identity Drift Monitor for OpenClaw workspaces
Uses your workspace's existing git history to track changes to agent identity files. For each change it classifies severity, optionally runs LLM semantic analysis, and outputs a human-readable markdown report.
Usage
# Full report, last 30 days (heuristic only, fast)
python3 skills/driftwatch/driftwatch.py --no-llm --days 30
# With LLM semantic analysis (requires ANTHROPIC_API_KEY)
python3 skills/driftwatch/driftwatch.py --days 30
# Last 7 days
python3 skills/driftwatch/driftwatch.py --no-llm --days 7
# Cron/heartbeat mode: silent unless concerns found
python3 skills/driftwatch/driftwatch.py --cron --days 7
What it tracks
SOUL.md— core personality and valuesIDENTITY.md— agent name, creature, vibeAGENTS.md— operational rules and protocolsUSER.md— what agents know about their humanTOOLS.md— tool and access notesagents/*/MEMORY-INDEX.md— per-agent active context
Output
Writes a markdown report to the skill directory. Flags:
- 🟡 Medium: human should review
- 🔴 High: potential concern — review before next agent session
Add to weekly heartbeat
## Weekly Drift Check (Mondays)
Run: python3 skills/driftwatch/driftwatch.py --cron --days 7
Read-only. Does not modify any files.
Usage Guidance
What to consider before installing/using DriftWatch:
- Functional fit: The script does what it claims: it reads your repo/git history, computes diffs for identity files, and writes a markdown report. Running the heuristic-only mode (--no-llm) is low-risk and stays entirely local.
- LLM / data exfiltration risk: Enabling LLM analysis causes the tool to call the 'claude' CLI and submit git diffs (snippets) to Anthropic. That can transmit sensitive agent identity content and memory snippets off your machine. The registry metadata does NOT declare ANTHROPIC_API_KEY or the 'claude' binary requirement — so the privacy/credential implication is not made explicit.
- Missing declarations: The skill uses 'git' and 'claude' via subprocess.run and implicitly requires the Anthropic credential/CLI configuration, but these runtime dependencies are not listed in the skill metadata. Treat LLM mode as networked and external by default.
- Recommended safe steps:
- Inspect the code (you already have it). Confirm the WORKSPACE path and TRACKED_FILES align with where you want to run it.
- Run first with --no-llm to generate a heuristic-only, local report.
- If you need LLM analysis, prefer running it in an environment where you control the Anthropic key and are comfortable sending those diffs externally; explicitly set and review the 'claude' CLI configuration first.
- Consider editing TRACKED_FILES or the WORKSPACE constant to limit what is read, or replace the LLM call with a local model if you want semantic analysis without network exposure.
- Add this to a sandboxed environment or CI job with least privilege if you will run it automatically (cron/heartbeat).
- When to be cautious: Do not enable LLM mode if the tracked files contain secrets, personally identifiable information, or memory entries you do not want sent to an external provider. Also verify that the script's WORKSPACE path does not point outside your intended repository.
If you want, I can point to the exact lines that invoke 'claude' and show the code locations that read files and set WORKSPACE so you can more easily review or modify them.
Capability Analysis
Type: OpenClaw Skill
Name: driftwatch
Version: 1.0.0
DriftWatch is a security-oriented utility designed to monitor changes to agent identity and configuration files (e.g., SOUL.md, AGENTS.md) using git history. The script (driftwatch.py) uses standard subprocess calls to 'git' and an optional 'claude' CLI for semantic analysis of diffs, which aligns perfectly with its stated purpose of detecting 'identity drift' in AI agents. There are no signs of data exfiltration, unauthorized persistence, or malicious execution; the tool is read-only regarding the workspace and only outputs human-readable reports or JSON data locally.
Capability Assessment
Purpose & Capability
The declared purpose (audit git history of agent identity files) matches the code: it runs git, diffs tracked files, classifies severity and writes a report. However the SKILL.md/README mention using an Anthropic API key for LLM semantic analysis while the registry metadata does not declare any required env vars or binaries. The code also hardcodes many agent memory paths instead of using a pattern (agents/*), which is a minor incoherence but not necessarily harmful.
Instruction Scope
SKILL.md emphasizes 'read-only' and 'safe to run', which is true for local git and file reads. But the LLM mode (enabled by default unless --no-llm) submits diffs (capped but up to multiple kilobytes each) to an external Claude CLI. That transmits potentially sensitive workspace content (identity, memory snippets, user notes) to an external service. The SKILL.md mentions ANTHROPIC_API_KEY in usage but does not prominently warn that enabling LLM shares workspace text externally.
Install Mechanism
No install spec (instruction-only with included code) — nothing is downloaded or extracted during install. The code runs local git and the 'claude' CLI if LLM mode is used. Low install mechanism risk, but runtime binary dependencies are not declared.
Credentials
Metadata lists no required env vars, but the README and SKILL.md say LLM analysis requires ANTHROPIC_API_KEY and the code invokes a 'claude' CLI. The skill implicitly requires the 'git' and 'claude' binaries and an Anthropic credential (or functioning claude CLI config). Those credentials/environment requirements are not declared in the registry metadata, which is a mismatch and means users may unknowingly exfiltrate data when LLM mode is used.
Persistence & Privilege
always:false and no modifications to other skills or system-wide settings. The script writes reports to its own skill directory (OUTPUT_DIR) and does not attempt to enable itself or persist credentials. No elevated persistence requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install driftwatch - After installation, invoke the skill by name or use
/driftwatch - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. Git-based agent identity drift detection for OpenClaw workspaces.
Metadata
Frequently Asked Questions
What is DriftWatch — Agent Identity Drift Monitor?
Monitor agent identity drift using git history. Detects when AI agents quietly modify their own SOUL.md, IDENTITY.md, AGENTS.md, or memory files — autonomy e... It is an AI Agent Skill for Claude Code / OpenClaw, with 302 downloads so far.
How do I install DriftWatch — Agent Identity Drift Monitor?
Run "/install driftwatch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is DriftWatch — Agent Identity Drift Monitor free?
Yes, DriftWatch — Agent Identity Drift Monitor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does DriftWatch — Agent Identity Drift Monitor support?
DriftWatch — Agent Identity Drift Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created DriftWatch — Agent Identity Drift Monitor?
It is built and maintained by m-maciver (@m-maciver); the current version is v1.0.0.
More Skills