← 返回 Skills 市场
andyxinweiminicloud

Transparency Log Auditor

作者 andyxinweiminicloud · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
480
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install transparency-log-auditor
功能描述
Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry op...
安全使用建议
This skill is coherent and appears to do what it says: query transparency-log endpoints and analyze signing history. Before installing, confirm you trust the skill's publisher (source/homepage is missing here), and be aware that the auditor will perform network queries against registries/log endpoints when run. If you plan to let the agent run it autonomously, consider restricting it from submitting any credentials or private registry endpoints without explicit approval. If you need stronger assurance, request the skill's source or an implementation to review the exact verification logic (e.g., how it validates append-only properties and handles malformed logs) before using it to make security decisions.
功能分析
Type: OpenClaw Skill Name: transparency-log-auditor Version: 1.0.0 The skill bundle, consisting of `_meta.json` and `SKILL.md`, describes a 'transparency-log-auditor' designed to verify skill signing events against independent transparency logs. Its stated purpose is to enhance security by detecting registry tampering and ensuring auditable trust. The `SKILL.md` file clearly outlines the problem, the checks performed, usage instructions, and an example report, all focused on security auditing. While it requires `curl` and `python3`, these are standard tools consistent with the described auditing functionality. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, or any other harmful intent in the provided documentation.
能力评估
Purpose & Capability
The name/description (auditing transparency logs for skill signing events) matches the declared requirements: network tooling (curl) and a scripting runtime (python3) are reasonable for fetching endpoints and verifying chains. There are no unexpected credentials, binaries, or config paths requested that would be unrelated to auditing logs.
Instruction Scope
SKILL.md contains guidance about what to check (log existence, append-only verifiability, coverage, cross-log consistency, independent verification). The provided examples and usage describe network queries and local verification logic; there are no instructions in the provided content to read unrelated local files, environment secrets, or to exfiltrate data to third-party endpoints. The skill is instruction-only and doesn't instruct accessing system state outside of contacting registries and logs.
Install Mechanism
No install spec and no code files are present. Being instruction-only minimizes installation risk — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requires no environment variables or credentials. That is proportionate to a read-only auditor which queries public registry/log endpoints. There are no requests for unrelated secrets or broad access rights.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or elevated agent-wide configuration changes. The skill can be invoked autonomously by the agent (default platform behavior), but that is not combined with any other high-risk flags.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install transparency-log-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /transparency-log-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — transparency-log-auditor 1.0.0: - Audits skill registries for the presence and quality of transparency log infrastructure. - Checks append-only verifiability, signing event coverage, cross-registry consistency, and independent auditability. - Provides plain-language reports highlighting transparency gaps, inconsistencies, and associated risks. - Supports input by registry URL, skill identifier, or cross-registry record comparison. - Includes detailed risk assessment and actionable recommendations.
元数据
Slug transparency-log-auditor
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Transparency Log Auditor 是什么?

Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry op... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 480 次。

如何安装 Transparency Log Auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install transparency-log-auditor」即可一键安装,无需额外配置。

Transparency Log Auditor 是免费的吗?

是的,Transparency Log Auditor 完全免费(开源免费),可自由下载、安装和使用。

Transparency Log Auditor 支持哪些平台?

Transparency Log Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Transparency Log Auditor?

由 andyxinweiminicloud(@andyxinweiminicloud)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论