← 返回 Skills 市场
schchit

JEP-Guard Audit

作者 JEP (Judgment Event Protocol) · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
59
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jep-guard-audit
功能描述
JEP-Guard Audit Skill — Strict JEP-04/JAC-01 Compliant Audit Chain with Friendly API Layer
使用说明 (SKILL.md)

JEP-Guard Audit Skill

Strict JEP-04 / JAC-01 Compliant Audit Chain

Architecture

Three-layer design:

  1. GuardSkill — Friendly API (issuer, assertion, target)
  2. JEPAdapter — Maps friendly fields to strict JEP-04
  3. JEPCodec — Strict protocol implementation (jep, verb, who, when, what, nonce, aud, ref, sig)

Protocol Alignment

JEP-04 Field API Field Notes
jep (auto) Fixed to "1"
verb primitive J/D/T/V
who issuer Actor DID
when timestamp ISO → Unix seconds
what assertion SHA-256 multihash
nonce (auto) UUIDv4
aud target Recipient
ref prev_event_id / verify_of Chain link
sig signature JWS
task_based_on parent_task_hash JAC-01 causality

Compliance Standards

  • EU AI Act — Article 12 record-keeping, 6-year retention
  • California SB 1047 — 72-hour critical incident reporting
  • Colorado SB 205 — Algorithmic impact assessment + appeal logs
  • Generic JEP-01 — Baseline accountability tracing

Cognitive Emergence Lab
[email protected]

安全使用建议
This package appears to implement the advertised audit chain API and protocols, but before installing or deploying it consider the following: (1) Cryptography: the code currently treats signatures as a presence check rather than performing real JWS signature verification — do not rely on it for legal/regulatory evidence until proper signature checks are implemented and audited. (2) Incomplete review: the provided core.py excerpt was truncated in the review package — obtain and inspect the complete source to ensure there are no hidden network calls, telemetry, or storage behaviors. (3) Deployment: the skill exposes an HTTP API (uvicorn/FastAPI); if you run it, protect the endpoint (authentication, TLS, network controls) and validate retention/storage meets regulatory needs (EU AI Act retention rules). (4) Supply chain: pip-install the declared dependencies from trusted registries and run the included unit tests in an isolated environment to confirm behavior. (5) If you need this for compliance evidence, require a cryptographic verification audit (implement/verify JWS verification and secure key management) before accepting chain outputs as authoritative.
功能分析
Type: OpenClaw Skill Name: jep-guard-audit Version: 1.0.0 The jep-guard-audit skill bundle is a well-structured implementation of an audit logging and verification system based on the JEP-04 and JAC-01 protocols. The code is organized into a three-layer architecture (API, Adapter, and Codec) that handles event ingestion, hash-chain integrity verification, and compliance report generation for regulations like the EU AI Act. Analysis of the core logic in skill/core.py and skill/codec.py reveals no evidence of data exfiltration, malicious execution, or prompt injection; the system operates primarily in-memory and uses standard libraries for hashing and web serving.
能力标签
crypto
能力评估
Purpose & Capability
The name, description, API (ingest / chain / export), and code files align: the adapter, codec, and engine implement mapping, canonicalization, hashing, and rule checks consistent with a JEP-04/JAC-01 audit chain. Minor mismatch: some docstrings claim nonce generation may use event_id as seed but the code always generates a fresh UUIDv4. More importantly, the code claims strict JWS signature handling but only performs presence checks rather than real cryptographic verification (see codec.verify_jac_core and core.signature_valid usage). For a compliance/audit skill, cryptographic signature verification is material.
Instruction Scope
SKILL.md and the FastAPI entrypoint describe only the audit API and schema; runtime instructions do not request unrelated files, env vars, or external endpoints. However the implementation uses a placeholder approach for signature verification (treating any non-empty sig as valid in some checks), which is scope creep in the sense that the skill advertises strict protocol compliance but omits the critical crypto verification step. Also, the provided core.py content in the review is truncated, preventing confirmation that export and other logic do not contact external endpoints or perform additional I/O.
Install Mechanism
No install spec is provided (instruction-only at registry-level). The manifest lists reasonable Python dependencies (fastapi, uvicorn, pydantic) appropriate for a web API. There are no download URLs, no obscure installers, and no package manager scripts embedded in the skill package. Users will need to pip-install the listed dependencies to run the API.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code also does not read env vars in the reviewed portions. This is proportionate to a local audit service that does not integrate with external cloud providers or secret stores.
Persistence & Privilege
Skill flags are default (not always:true). It runs as a user-invocable FastAPI service and does not request persistent system privileges or modify other skills. Deploying it will expose an HTTP API — users should treat that as an operational concern (authentication, network exposure), but the skill itself does not assert elevated platform privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install jep-guard-audit
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /jep-guard-audit 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of JEP-Guard Audit Skill - Implements a strict JEP-04/JAC-01 compliant audit chain with a developer-friendly API. - Provides endpoints for event ingestion, audit chain retrieval with integrity verification, and regulatory compliance reporting. - Supports exportable reports for EU AI Act, California SB1047, Colorado SB205, and generic standards. - Aligns API fields to strict protocol mappings for interoperability and accountability. - Designed with a three-layer architecture: GuardSkill API, JEPAdapter, and JEPCodec.
元数据
Slug jep-guard-audit
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

JEP-Guard Audit 是什么?

JEP-Guard Audit Skill — Strict JEP-04/JAC-01 Compliant Audit Chain with Friendly API Layer. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 59 次。

如何安装 JEP-Guard Audit?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install jep-guard-audit」即可一键安装,无需额外配置。

JEP-Guard Audit 是免费的吗?

是的,JEP-Guard Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

JEP-Guard Audit 支持哪些平台?

JEP-Guard Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 JEP-Guard Audit?

由 JEP (Judgment Event Protocol)(@schchit)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论