← 返回 Skills 市场
jiuge897

Receipt Logger

作者 jiuge897 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
219
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install receipt-logger
功能描述
Create tamper-proof, append-only, cryptographically signed logs of agent actions with exportable, verifiable JSON receipts.
安全使用建议
Don't install or enable this skill yet. Ask the publisher to provide the actual 'receipt-logger' script or a clear install mechanism, and answers to these: (1) Where and how is the HMAC signing key generated, stored, and rotated? (2) Is signing HMAC (symmetric) deliberate, or should it use asymmetric signing for non-repudiation? (3) What system binaries or dependencies are required (openssl, sha256sum, jq, etc.)? (4) Where are receipts stored and what filesystem permissions are recommended? (5) Does the CLI ever transmit receipts off-host or call any network endpoints? Require a code review of the CLI before use; if you proceed, run it in a sandboxed environment, ensure the signing key is provided from a secure secret store (not left as a hardcoded/default), and verify offline signature validation with a known-good verifier.
功能分析
Type: OpenClaw Skill Name: receipt-logger Version: 1.0.0 The skill bundle describes a utility for creating signed, append-only audit logs of agent actions to ensure accountability. The documentation (SKILL.md) and configuration (config.json) focus on transparency and cryptographic verification (HMAC-based chaining) without any evidence of malicious intent, data exfiltration, or prompt injection.
能力评估
Purpose & Capability
The skill claims a CLI 'receipt-logger' and a receipts/ storage directory (and config.json lists entry:'receipt-logger', runtime:'shell'), but no executable or script is included and there is no install spec. The stated capabilities (HMAC signatures, chaining receipts) would legitimately require either a shipped script or a clear install step and access to signing keys; those are missing.
Instruction Scope
SKILL.md instructs the agent to run CLI commands (log/list/verify/export) and to produce HMAC-based signatures and chained hashes, but it does not explain how the signing key is created, stored, or protected, nor does it list required system binaries (openssl/sha256sum) or file-permission rules. The instructions are therefore underspecified and grant broad discretion without safe defaults.
Install Mechanism
There is no install spec (instruction-only) which normally lowers risk, but here that's a problem: config.json points to a shell entrypoint that doesn't exist in the bundle. That mismatch is an incoherence (claims to install/run a CLI but provides no code or installation path).
Credentials
The skill advertises cryptographic signing (HMAC) but declares no environment variables, no primary credential, and no key file path. HMAC requires a secret key; absence of any declared mechanism for key management is disproportionate and ambiguous (risk of insecure default keys, accidental key exposure, or missing functionality).
Persistence & Privilege
The skill does not request always:true, elevated privileges, or special config paths. It is user-invocable and allows autonomous invocation (platform default). Those defaults are normal and not by themselves concerning.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install receipt-logger
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /receipt-logger 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Receipt Logger. - Adds append-only, cryptographically signed audit logs for agent actions. - Each log entry includes timestamp, action details, hash, and signature for verification. - CLI commands support logging, listing, verifying, and exporting receipts as JSON. - Ensures logs are tamper-evident and exportable for external verification. - Implements zero external dependencies with pure shell and JSON output.
元数据
Slug receipt-logger
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Receipt Logger 是什么?

Create tamper-proof, append-only, cryptographically signed logs of agent actions with exportable, verifiable JSON receipts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 219 次。

如何安装 Receipt Logger?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install receipt-logger」即可一键安装,无需额外配置。

Receipt Logger 是免费的吗?

是的,Receipt Logger 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Receipt Logger 支持哪些平台?

Receipt Logger 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Receipt Logger?

由 jiuge897(@jiuge897)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论