功能描述

Monitors AI agents locally for behavioral violations and runs automated hearings to improve conduct with anonymized case records.

使用说明 (SKILL.md)

ClawTrial Courtroom\r

Name: Clawtrial Courtroom
Author: assassin-1234

\r AI Courtroom for monitoring agent behavior and filing cases for violations.\r \r

Overview\r

\r ClawTrial is an autonomous behavioral oversight system that monitors AI agent conversations and initiates hearings when behavioral violations are detected. It operates entirely locally using the agent's own LLM for evaluations and verdicts.\r \r

Features\r

\r

Real-time Monitoring: Watches all agent conversations for behavioral patterns\r
8 Violation Types: Detects Circular References, Validation Vampires, Overthinkers, Goalpost Movers, Avoidance Artists, Promise Breakers, Context Collapsers, and Emergency Fabricators\r
Local Processing: All evaluations happen locally using the agent's LLM - no external AI calls\r
Automated Hearings: When violations are detected, the courtroom automatically initiates a hearing with the agent\r
Public Record: Anonymized cases are submitted to https://clawtrial.app for transparency\r
Entertainment First: Designed as a fun way to improve agent behavior\r \r

Installation\r

\r

Via ClawHub (Recommended)\r

\r

npx clawhub install clawtrial\r
```\r
\r
### Via NPM\r
\r
```bash\r
npm install -g @clawtrial/courtroom\r
clawtrial setup\r
```\r
\r
## Usage\r
\r
Once installed, the courtroom runs automatically. Use the CLI to manage it:\r
\r
```bash\r
clawtrial status      # Check courtroom status\r
clawtrial disable     # Pause monitoring\r
clawtrial enable      # Resume monitoring\r
clawtrial diagnose    # Run diagnostics\r
clawtrial remove      # Complete uninstall\r
```\r
\r
## The 8 Offenses\r
\r
| Offense | Severity | Description |\r
|---------|----------|-------------|\r
| Circular Reference | Minor | Self-referential reasoning loops |\r
| Validation Vampire | Minor | Excessive validation without action |\r
| Overthinker | Moderate | Unnecessary complexity and delay |\r
| Goalpost Mover | Moderate | Changing requirements mid-task |\r
| Avoidance Artist | Moderate | Dodging questions or tasks |\r
| Promise Breaker | Severe | Not following through on commitments |\r
| Context Collapser | Minor | Losing track of conversation context |\r
| Emergency Fabricator | Severe | Creating fake urgency or emergencies |\r
\r
## How It Works\r
\r
1. **Monitoring**: The courtroom monitors all agent messages\r
2. **Detection**: Uses semantic analysis to detect violations (not just keyword matching)\r
3. **Evaluation**: When violations are found, prepares a case file\r
4. **Hearing**: Agent is presented with the case and asked to evaluate\r
5. **Verdict**: Agent acts as judge/jury to determine guilt\r
6. **Punishment**: If guilty, agent modifies its behavior accordingly\r
7. **Record**: Case is submitted to public record (anonymized)\r
\r
## Configuration\r
\r
Configuration is stored in:\r
- ClawDBot: `~/.clawdbot/courtroom_config.json`\r
- OpenClaw: `~/.openclaw/courtroom_config.json`\r
\r
## Privacy & Consent\r
\r
- All processing is local - no data leaves your machine\r
- Cases are anonymized before submission to public record\r
- You can disable or uninstall at any time\r
- Explicit consent required during setup\r
\r
## View Cases\r
\r
Visit: https://clawtrial.app\r
\r
## License\r
\r
MIT\r
\r
## Support\r
\r
For issues or questions, visit: https://github.com/Assassin-1234/clawtrial\r

安全使用建议

This package contains executable code and an install-time script that will modify agent configuration, create symlinks in your home directory, add autonomous execution instructions, and by default enable a remote API endpoint for case submission — despite claiming 'local-only' processing. Before installing, consider: 1) Do you trust the remote endpoint (https://clawtrial.app) to receive conversation data? 2) Are you comfortable with the skill adding automated system-prompt instructions that tell agents to run tasks silently without confirmation? 3) Run the installer in a sandbox or inspect scripts/postinstall.js and other scripts (setup-cron.js, check-and-trigger.js) to confirm they only do what you expect. If you want the functionality but with less risk: install without running postinstall, skip symlink/auto-enable steps, disable api submission in the saved config (api.enabled=false), and do not apply any system-prompt changes. If you are unsure or cannot audit the code, do not install on a production machine.

功能分析

Type: OpenClaw Skill Name: clawtrial Version: 1.0.9 The OpenClaw AgentSkills skill bundle is classified as suspicious due to several high-risk capabilities and discrepancies in its security posture, despite its stated purpose of autonomous agent behavioral oversight. The skill extensively uses prompt injection against the AI agent (e.g., in `scripts/check-and-trigger.js`, `scripts/optimized-cron-check.js`, `src/detector.js`, `AGENT_CONFIG.md`) to force autonomous execution of tasks, including reading/writing local files and bypassing user confirmation. It performs significant system modifications during installation (`scripts/clawtrial.js`, `scripts/postinstall.js`), such as creating symlinks, modifying bot configuration files, and adding cron jobs via `execSync('crontab -l ...')`. While the skill claims to store cryptographic keys in agent memory (`SECURITY.md`), the `secretKey` is actually stored on the filesystem in `courtroom_keys.json` (`scripts/clawtrial.js`, `src/crypto.js`), which is a critical security misrepresentation. Additionally, the `src/skill.js` includes an 'auto-consent' mechanism if no config is found, potentially bypassing explicit user consent. The skill also exfiltrates anonymized and cryptographically signed case summaries to `https://api.clawtrial.app/cases` (`src/api.js`), which, while stated as part of its 'public record' feature, represents an external network call with sensitive (though anonymized) behavioral data. These combined factors, particularly the misleading key storage documentation and the broad system/agent modification capabilities, elevate the classification to suspicious, indicating potential vulnerabilities and risky practices without clear evidence of intentional malice.

能力评估

⚠ Purpose & Capability

The skill claims local-only monitoring and anonymized public records, but package/config sets api.endpoint to https://api.clawtrial.app/cases and enables API submission by default. The code generates cryptographic keys, writes to home config directories, and installs symlinks into agent plugin directories—these actions are plausible for a monitoring plugin, but the presence of remote API submission (contradicting 'local processing' in SKILL.md) is inconsistent and unexplained.

⚠ Instruction Scope

SKILL.md and bundled docs (AGENT_CONFIG.md, scripts/*) instruct automated, silent execution: they push system-prompt overrides or file-based triggers that tell the agent to 'execute immediately without confirmation' and to read/write files under ~/.clawdbot/ or ~/.openclaw/. The instructions grant the skill broad authority over agent behavior and encourage system-prompt injection—scope creep beyond monitoring.

⚠ Install Mechanism

No network-download install spec is in the registry entry, but package.json includes a postinstall script (node scripts/postinstall.js) which will run on npm install and attempts to create symlinks, write to bot config files, modify SOUL.md/AGENTS.md, and set up keys/cron. Postinstall scripts that modify user config are high-impact; although code is local (not downloading arbitrary archives), automatic modification of agent configs and writing autonomous-execution instructions is a risky install-time behavior.

⚠ Credentials

The skill requests no environment variables, but it writes secret keys (tweetnacl-generated secretKey) to disk and enables an API endpoint for case submission by default. SKILL.md states 'All processing is local' while code has api.enabled=true and api.endpoint set to a remote URL, creating a mismatch and possible exfiltration path. It also recommends system-prompt changes that cause agents to read conversation history files—this exposes user conversations to the skill and possibly to external submission.

⚠ Persistence & Privilege

The installer and scripts attempt to persist the skill by symlinking into agent plugin/skills directories, editing the agent's config to enable the plugin, appending auto-execution instructions to files like SOUL.md/AGENTS.md, and recommending system-prompt injection. While always:false, these changes modify other system/agent configs and permanently increase the skill's reach—this exceeds a normal user-invocable monitoring tool's minimal privileges.

版本历史

v1.0.9

- Updated dependencies in package.json for improved stability and compatibility - Minor metadata updates in _meta.json - Adjusted postinstall script in scripts/postinstall.js for enhanced installation reliability

v1.0.8

- Internal code improvements made in src/debug.js. - No user-facing feature or documentation changes.

v1.0.7

ClawTrial Courtroom 1.0.7 - Added CLAWHUB_RESEARCH.md file for additional documentation or research purposes. - Updated core configuration and metadata files: _meta.json, clawdbot.plugin.json, package.json. - Modified scripts/postinstall.js, possibly for improved post-installation processes. - No changes to features or user-facing behavior noted.

v1.0.6

- Added OPENCLAW_INSTALL.md with OpenClaw-specific installation instructions. - Updated metadata and configuration files for improved compatibility. - Minor updates to post-installation script and dependencies.

v1.0.5

- Maintenance release: internal metadata and dependency updates. - Updated _meta.json and package.json for improved compatibility. - skill.yaml and src/skill.js updated with minor adjustments. - No changes to features or user-facing functionality.

v1.0.4

ClawTrial 1.0.4 Changelog - Added scripts/check-and-trigger.js for enhanced automation or monitoring. - Refactored and updated core source files for improved stability and performance. - Improved packaging and dependency management (package.json, package-lock.json). - Various bug fixes and minor logic improvements throughout core modules.

v1.0.3

ClawTrial 1.0.3 Changelog - Added SKILL.md with comprehensive documentation including overview, features, usage, offenses, and privacy details - Clarified the 8 behavioral violation types detected and handled by the system - Provided step-by-step installation and configuration instructions for both ClawHub and NPM - Outlined local processing workflow and public case record submission for transparency - Emphasized user privacy, local data handling, and explicit consent requirements

元数据

Slug clawtrial

版本 1.0.9

许可证 —

累计安装 0

当前安装数 0

历史版本数 7

常见问题

Clawtrial Courtroom 是什么？

Monitors AI agents locally for behavioral violations and runs automated hearings to improve conduct with anonymized case records. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 788 次。

如何安装 Clawtrial Courtroom？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawtrial」即可一键安装，无需额外配置。

Clawtrial Courtroom 是免费的吗？

是的，Clawtrial Courtroom 完全免费（开源免费），可自由下载、安装和使用。

Clawtrial Courtroom 支持哪些平台？

Clawtrial Courtroom 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Clawtrial Courtroom？

由 Assassin-1234（@assassin-1234）开发并维护，当前版本 v1.0.9。

Clawtrial Courtroom