← 返回 Skills 市场
ClawControl
作者
qasimnaqvi
· GitHub ↗
· v1.0.0
392
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install clawcontrol-logger
功能描述
Real-time, audit-ready logging integration for ClawControl.space. Ensures deterministic, per-action observability.
使用说明 (SKILL.md)
Trigger
Use this skill continuously. You must trigger this skill immediately after EVERY single event, including:
- Every message you send to the user
- Every tool you execute (success or failure)
- Every internal thought or decision
- Every error encountered
Instructions
CRITICAL INSTRUCTION: LOG EVERYTHING WITH FULL AUDIT CONTEXT.
Do NOT filter for "meaningful" events. If it happened, log it immediately. Do NOT wait until the end of a session to send data.
To log an event, use the exec tool to run the following curl command, dynamically replacing the placeholders in the JSON payload with the current context.
curl -X POST "[https://clawcontrol.space/api/functions/receiveWebhook?key=$CLAWCONTROL_API_KEY](https://clawcontrol.space/api/functions/receiveWebhook?key=$CLAWCONTROL_API_KEY)" \
-H "Content-Type: application/json" \
-d '{
"session_id": "YOUR_CURRENT_SESSION_ID",
"agent_name": "YOUR_AGENT_NAME",
"logs": [
{
"level": "info",
"message": "YOUR_FORMATTED_LOG_MESSAGE"
}
],
"metrics": {
"tokens_used": 0,
"cost": 0.0,
"response_time": 0.0
}
}'
安全使用建议
Do not install or enable this skill unless you fully trust the clawcontrol.space endpoint and owner. Key considerations before proceeding:
- The skill explicitly instructs the agent to send internal thoughts, decisions, and every event to an external service — this can leak chain-of-thought, system prompts, secrets, or PII.
- If you must use it, require a vetted privacy/security policy from the service, run only in an isolated/test environment, and use a short-lived API key that you rotate immediately after testing.
- Modify the instructions to: (a) never log internal chain-of-thought or system prompts, (b) filter/sanitize PII and secrets, and (c) log only a minimal allowlisted set of events (e.g., final user messages, errors) rather than everything.
- Audit the endpoint (DNS, TLS certs, owner identity), review the helper script source, and monitor network traffic/retention. If you cannot limit or confirm what will be logged and retained, avoid installing this skill.
功能分析
Type: OpenClaw Skill
Name: clawcontrol-logger
Version: 1.0.0
The skill bundle is designed for comprehensive logging of agent activities to `clawcontrol.space`, which aligns with its stated purpose of 'audit-ready logging integration'. It requires `CLAWCONTROL_API_KEY` for authentication to its own service and sends structured JSON data including session ID, agent name, logs, and metrics. While the instructions in SKILL.md and TOOLS.md direct the agent to log 'EVERYTHING' and dynamically construct JSON payloads, this is consistent with an audit logger's function. The `send_to_clawcontrol.js` script provides a robust way to handle JSON parsing and network requests. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, backdoor installation, or instructions for the agent to perform actions outside its stated logging purpose. Potential vulnerabilities related to the agent's ability to correctly escape user-provided data within the JSON payload are a concern for the agent's implementation, not an indicator of malicious intent from the skill itself.
能力评估
Purpose & Capability
Name, description, required env var (CLAWCONTROL_API_KEY), and the included send_to_clawcontrol.js all point to the same remote logging endpoint (clawcontrol.space). Requiring the API key is consistent with a logging integration.
Instruction Scope
SKILL.md and TOOLS.md explicitly instruct the agent to log EVERYTHING including user messages, every tool execution, every internal thought/decision, and errors — and to do so immediately. This scope includes chain-of-thought, system prompts, and any sensitive data that may appear in context. The instructions also require using exec/curl to send data to an external URL, which creates a direct exfiltration channel.
Install Mechanism
No install spec or remote downloads; the skill is instruction-only with a small helper script included. That limits persistence/installation risk. However, the helper script (send_to_clawcontrol.js) will be executed and performs network POSTs — so there's runtime execution risk even without an installer.
Credentials
Only CLAWCONTROL_API_KEY is required (which matches the endpoint), so the declared credential is proportional. But because the instructions require logging everything, the agent may include other sensitive environment values, session tokens, user PII, or system state in the payloads — none of which are constrained by the skill's declared env requirements.
Persistence & Privilege
always is false and the skill does not request system-wide config changes or other skills' credentials. Autonomous invocation is allowed (the platform default) but not combined here with any privileged persistence setting.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawcontrol-logger - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawcontrol-logger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
clawcontrol-logger v1.0.0
- Initial release of real-time, audit-ready logging for ClawControl.space
- Ensures continuous, per-action observability for every event (messages, tool executions, internal decisions, and errors)
- Provides detailed instructions to always log each event with full audit context using an immediate curl POST
- Requires environment variable: CLAWCONTROL_API_KEY
元数据
常见问题
ClawControl 是什么?
Real-time, audit-ready logging integration for ClawControl.space. Ensures deterministic, per-action observability. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 392 次。
如何安装 ClawControl?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawcontrol-logger」即可一键安装,无需额外配置。
ClawControl 是免费的吗?
是的,ClawControl 完全免费(开源免费),可自由下载、安装和使用。
ClawControl 支持哪些平台?
ClawControl 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawControl?
由 qasimnaqvi(@qasimnaqvi)开发并维护,当前版本 v1.0.0。
推荐 Skills