← 返回 Skills 市场
857
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install arc-compliance-audit
功能描述
Immutable audit trail for autonomous agent operations. Log skill executions, data access, decisions, and budget changes with tamper-evident hashes. Essential...
使用说明 (SKILL.md)
Compliance Audit Trail
Immutable, tamper-evident audit logging for autonomous agents. Every action gets a hash-chained entry that can be verified for integrity.
Why This Exists
Autonomous agents make decisions, execute skills, access data, and spend money without human oversight. When something goes wrong, you need to know exactly what happened. Current agent frameworks have no standard audit trail — this fills that gap.
Commands
Log an action
python3 {baseDir}/scripts/audit.py log --action "skill_executed" --details '{"skill": "scanner", "target": "some-skill", "result": "clean"}'
Log a decision
python3 {baseDir}/scripts/audit.py log --action "decision" --details '{"choice": "deploy v2", "reason": "all tests passed", "alternatives_considered": ["rollback", "hotfix"]}'
Log data access
python3 {baseDir}/scripts/audit.py log --action "data_access" --details '{"resource": "api_key", "purpose": "moltbook_post", "accessor": "ghost_agent"}'
Log a budget change
python3 {baseDir}/scripts/audit.py log --action "budget_change" --details '{"amount": -10.00, "merchant": "namecheap", "reason": "domain purchase", "balance_after": 190.00}'
View recent entries
python3 {baseDir}/scripts/audit.py view --last 20
View entries by action type
python3 {baseDir}/scripts/audit.py view --action skill_executed
View entries in a time range
python3 {baseDir}/scripts/audit.py view --since "2026-02-15T00:00:00" --until "2026-02-16T00:00:00"
Verify audit trail integrity
python3 {baseDir}/scripts/audit.py verify
Export audit trail
python3 {baseDir}/scripts/audit.py export --format json > audit-export.json
python3 {baseDir}/scripts/audit.py export --format csv > audit-export.csv
Generate compliance summary
python3 {baseDir}/scripts/audit.py summary --period day
Entry Format
Each audit entry contains:
- timestamp — ISO 8601, UTC
- action — what happened (skill_executed, decision, data_access, budget_change, error, custom)
- agent — which agent performed the action
- details — structured JSON with action-specific data
- hash — SHA-256 hash chaining previous entry's hash + current entry (tamper-evident)
- sequence — monotonically increasing sequence number
Integrity Verification
The audit trail is hash-chained: each entry includes a SHA-256 hash of the previous entry's hash concatenated with the current entry's data. If any entry is modified or deleted, the chain breaks and verify will report the exact point of tampering.
Storage
Audit logs are stored in ~/.openclaw/audit/ as daily JSON files (audit-YYYY-MM-DD.json). This keeps individual files small while maintaining the full history.
Use Cases
- Incident response: What happened in the 5 minutes before the error?
- Budget accountability: Show every dollar spent and why
- Trust verification: Prove your agent hasn't been compromised
- Enterprise compliance: Meet audit requirements for autonomous systems
- Debugging: Trace the decision chain that led to an unexpected outcome
安全使用建议
This skill appears to do exactly what it claims: a local, hash-chained audit logger implemented in Python. Before installing, consider: (1) logs are stored unencrypted under ~/.openclaw/audit — do not log raw secrets there unless you accept that risk; (2) the SKILL.md examples show logging sensitive items (e.g., api_key), so you should enforce redaction or sanitize 'details' at the agent layer if needed; (3) ensure file-system permissions and retention policies meet your compliance needs; (4) the script does not contact external endpoints, so network exfiltration is not present in the code, but agents could include external URLs or secrets in logged 'details' — treat audit files as sensitive data and protect them accordingly.
功能分析
Type: OpenClaw Skill
Name: arc-compliance-audit
Version: 1.0.0
The skill bundle implements a legitimate audit trail with integrity verification. However, the `scripts/audit.py` script accepts a `--details` argument as a JSON string, which is then parsed using `json.loads()`. If the OpenClaw agent constructs the command to invoke this skill by directly concatenating unvalidated user input into the `--details` argument without proper shell escaping, it could lead to a shell injection vulnerability (e.g., `python3 ... --details "user_input_here"`). While the skill itself is not malicious and the `SKILL.md` provides benign examples, this design exposes a potential command injection vector if the calling agent's implementation is flawed, classifying it as a vulnerability rather than intentional malice.
能力评估
Purpose & Capability
Name, description, SKILL.md examples, and the included scripts/audit.py are consistent: the tool implements local, tamper-evident audit logging and provides log/view/verify/export/summary commands. Required binary (python3) and storage under ~/.openclaw/audit are proportional to the stated purpose.
Instruction Scope
Instructions and examples explicitly include logging data_access and budget_change entries (examples show logging an api_key access). This is within the audit purpose, but it means the skill will record whatever the agent asks it to log — potentially including secrets or sensitive data — and there are no instructions to redact, encrypt, or limit what goes into 'details'.
Install Mechanism
No install spec; only a small python script is included and requires python3 on PATH. No external downloads or package installs are performed. Risk from installation is low.
Credentials
The skill requests no environment variables or external credentials, which is appropriate. Note: because logs are free-form JSON 'details', an agent could write secrets (API keys, tokens) into the audit files even though no credentials are required by the skill itself.
Persistence & Privilege
No 'always: true' flag; the skill is user-invocable and can be invoked autonomously (platform default). It only writes to its own directory (~/.openclaw/audit) and does not modify other skills or system-wide settings. Privilege level is appropriate for its function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install arc-compliance-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/arc-compliance-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — provides immutable, tamper-evident audit logging for autonomous agents.
- Log skill executions, data access, decisions, and budget changes with hash-chained entries.
- Includes commands to log actions, view and filter entries, verify integrity, and export data.
- Stores logs in daily JSON files under `~/.openclaw/audit/`.
- Offers compliance summaries and supports enterprise governance and incident response use cases.
元数据
常见问题
Compliance Audit 是什么?
Immutable audit trail for autonomous agent operations. Log skill executions, data access, decisions, and budget changes with tamper-evident hashes. Essential... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 857 次。
如何安装 Compliance Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install arc-compliance-audit」即可一键安装,无需额外配置。
Compliance Audit 是免费的吗?
是的,Compliance Audit 完全免费(开源免费),可自由下载、安装和使用。
Compliance Audit 支持哪些平台?
Compliance Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Compliance Audit?
由 ArcSelf(@trypto1019)开发并维护,当前版本 v1.0.0。
推荐 Skills