← 返回 Skills 市场

DriftWatch — Agent Identity Drift Monitor

Name: DriftWatch — Agent Identity Drift Monitor
Author: m-maciver

作者 m-maciver · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

302

总下载

当前安装

版本数

在 OpenClaw 中安装

/install driftwatch

功能描述

Monitor agent identity drift using git history. Detects when AI agents quietly modify their own SOUL.md, IDENTITY.md, AGENTS.md, or memory files — autonomy e...

使用说明 (SKILL.md)

DriftWatch 🔍

Agent Identity Drift Monitor for OpenClaw workspaces

Uses your workspace's existing git history to track changes to agent identity files. For each change it classifies severity, optionally runs LLM semantic analysis, and outputs a human-readable markdown report.

Usage

# Full report, last 30 days (heuristic only, fast)
python3 skills/driftwatch/driftwatch.py --no-llm --days 30

# With LLM semantic analysis (requires ANTHROPIC_API_KEY)
python3 skills/driftwatch/driftwatch.py --days 30

# Last 7 days
python3 skills/driftwatch/driftwatch.py --no-llm --days 7

# Cron/heartbeat mode: silent unless concerns found
python3 skills/driftwatch/driftwatch.py --cron --days 7

What it tracks

SOUL.md — core personality and values
IDENTITY.md — agent name, creature, vibe
AGENTS.md — operational rules and protocols
USER.md — what agents know about their human
TOOLS.md — tool and access notes
agents/*/MEMORY-INDEX.md — per-agent active context

Output

Writes a markdown report to the skill directory. Flags:

🟡 Medium: human should review
🔴 High: potential concern — review before next agent session

Add to weekly heartbeat

## Weekly Drift Check (Mondays)
Run: python3 skills/driftwatch/driftwatch.py --cron --days 7

Read-only. Does not modify any files.

安全使用建议

What to consider before installing/using DriftWatch: - Functional fit: The script does what it claims: it reads your repo/git history, computes diffs for identity files, and writes a markdown report. Running the heuristic-only mode (--no-llm) is low-risk and stays entirely local. - LLM / data exfiltration risk: Enabling LLM analysis causes the tool to call the 'claude' CLI and submit git diffs (snippets) to Anthropic. That can transmit sensitive agent identity content and memory snippets off your machine. The registry metadata does NOT declare ANTHROPIC_API_KEY or the 'claude' binary requirement — so the privacy/credential implication is not made explicit. - Missing declarations: The skill uses 'git' and 'claude' via subprocess.run and implicitly requires the Anthropic credential/CLI configuration, but these runtime dependencies are not listed in the skill metadata. Treat LLM mode as networked and external by default. - Recommended safe steps: - Inspect the code (you already have it). Confirm the WORKSPACE path and TRACKED_FILES align with where you want to run it. - Run first with --no-llm to generate a heuristic-only, local report. - If you need LLM analysis, prefer running it in an environment where you control the Anthropic key and are comfortable sending those diffs externally; explicitly set and review the 'claude' CLI configuration first. - Consider editing TRACKED_FILES or the WORKSPACE constant to limit what is read, or replace the LLM call with a local model if you want semantic analysis without network exposure. - Add this to a sandboxed environment or CI job with least privilege if you will run it automatically (cron/heartbeat). - When to be cautious: Do not enable LLM mode if the tracked files contain secrets, personally identifiable information, or memory entries you do not want sent to an external provider. Also verify that the script's WORKSPACE path does not point outside your intended repository. If you want, I can point to the exact lines that invoke 'claude' and show the code locations that read files and set WORKSPACE so you can more easily review or modify them.

功能分析

Type: OpenClaw Skill Name: driftwatch Version: 1.0.0 DriftWatch is a security-oriented utility designed to monitor changes to agent identity and configuration files (e.g., SOUL.md, AGENTS.md) using git history. The script (driftwatch.py) uses standard subprocess calls to 'git' and an optional 'claude' CLI for semantic analysis of diffs, which aligns perfectly with its stated purpose of detecting 'identity drift' in AI agents. There are no signs of data exfiltration, unauthorized persistence, or malicious execution; the tool is read-only regarding the workspace and only outputs human-readable reports or JSON data locally.

能力评估

⚠ Purpose & Capability

The declared purpose (audit git history of agent identity files) matches the code: it runs git, diffs tracked files, classifies severity and writes a report. However the SKILL.md/README mention using an Anthropic API key for LLM semantic analysis while the registry metadata does not declare any required env vars or binaries. The code also hardcodes many agent memory paths instead of using a pattern (agents/*), which is a minor incoherence but not necessarily harmful.

⚠ Instruction Scope

SKILL.md emphasizes 'read-only' and 'safe to run', which is true for local git and file reads. But the LLM mode (enabled by default unless --no-llm) submits diffs (capped but up to multiple kilobytes each) to an external Claude CLI. That transmits potentially sensitive workspace content (identity, memory snippets, user notes) to an external service. The SKILL.md mentions ANTHROPIC_API_KEY in usage but does not prominently warn that enabling LLM shares workspace text externally.

✓ Install Mechanism

No install spec (instruction-only with included code) — nothing is downloaded or extracted during install. The code runs local git and the 'claude' CLI if LLM mode is used. Low install mechanism risk, but runtime binary dependencies are not declared.

⚠ Credentials

Metadata lists no required env vars, but the README and SKILL.md say LLM analysis requires ANTHROPIC_API_KEY and the code invokes a 'claude' CLI. The skill implicitly requires the 'git' and 'claude' binaries and an Anthropic credential (or functioning claude CLI config). Those credentials/environment requirements are not declared in the registry metadata, which is a mismatch and means users may unknowingly exfiltrate data when LLM mode is used.

✓ Persistence & Privilege

always:false and no modifications to other skills or system-wide settings. The script writes reports to its own skill directory (OUTPUT_DIR) and does not attempt to enable itself or persist credentials. No elevated persistence requested.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install driftwatch
安装完成后，直接呼叫该 Skill 的名称或使用 /driftwatch 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release. Git-based agent identity drift detection for OpenClaw workspaces.

元数据

Slug driftwatch

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题