← 返回 Skills 市场
TrustLog Guard
作者
AnouarTrust
· GitHub ↗
· v1.1.0
482
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install trustlog-guard
功能描述
Financial governance for OpenClaw agents. Tracks API spend, enforces budget limits, detects runaway loops, delivers cost briefings. Reads session .jsonl logs...
安全使用建议
This skill appears to do what it claims (read session logs, report spend, write a budget file), but the package metadata did not declare the local files it reads/writes. Before installing, consider: 1) Inspect a sample of your ~/.openclaw/agents/*/sessions/*.jsonl files to confirm they don't contain secrets you don't want scanned or stored. 2) Ask the publisher for the skill source or a detailed manifest showing which exact paths it will read/write and an explicit privacy guarantee — the SKILL.md's '100% private' claim is not verifiable as-is. 3) If you proceed, run it in a restricted environment or backup your data; verify the budgets file location (~/.openclaw/workspace/trustlog-guard/budgets.json) and ensure you’re comfortable with the agent creating/writing that file. 4) Prefer skills that declare required config paths and provide source code or provenance. If you need lower risk, request the same functionality implemented as a small local utility you can inspect and run separately rather than an autonomously-invokable skill.
功能分析
Type: OpenClaw Skill
Name: trustlog-guard
Version: 1.1.0
The skill bundle is classified as benign. Its stated purpose is financial governance, tracking API spend, and enforcing budgets, which aligns with its instructions. The `SKILL.md` explicitly states "100% local," "No external servers," and "No data transmission," and the instructions for the AI agent consistently adhere to this, focusing solely on reading local OpenClaw session logs (`.jsonl`) and its own budget configuration (`budgets.json`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent for harmful purposes.
能力评估
Purpose & Capability
The name/description (financial governance, cost tracking) aligns with the SKILL.md: it reads session .jsonl logs, computes spend, enforces budgets, and writes a budgets.json file. However, the registry metadata declared no required config paths or credentials while the instructions explicitly read from and write to specific home-directory paths (~/.openclaw/agents/{agent}/sessions/*.jsonl and ~/.openclaw/workspace/trustlog-guard/budgets.json). That mismatch is an incoherence: the skill effectively requires file access that wasn't declared.
Instruction Scope
The SKILL.md instructs the agent to read potentially many local session JSONL files and to create/update a budgets.json file. It also mandates passive anomaly checks on every command invocation. These are within a plausible scope for a cost-tracking tool, but they grant broad local-file read access to conversation logs (which may contain sensitive data). The instructions are prescriptive (exact output formats and rules) and reference an {agent} placeholder but do not specify how to choose/limit which agents' session directories to scan, raising risk of over-broad scanning.
Install Mechanism
No install spec or code is present (instruction-only), so nothing is downloaded or written by an installer. This reduces supply-chain risk.
Credentials
No environment variables or external credentials are requested (good). However, the skill requires reading conversation session logs under ~/.openclaw and writing a budgets file under ~/.openclaw/workspace — accesses that were not declared in metadata. Reading whole session logs can expose user data and secrets; writing files to the user's home directory should be declared and justified in metadata. The skill claims '100% private' but provides no mechanism or guarantee for that.
Persistence & Privilege
always:false (good). The skill instructs passive anomaly detection during other commands, which means it may run file scans frequently when invoked — this is not an elevated platform privilege but increases monitoring frequency and privacy exposure. The skill writes its own budgets file in the user's home; that behavior is expected for its purpose but should have been declared.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trustlog-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/trustlog-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Financial governance for OpenClaw
元数据
常见问题
TrustLog Guard 是什么?
Financial governance for OpenClaw agents. Tracks API spend, enforces budget limits, detects runaway loops, delivers cost briefings. Reads session .jsonl logs... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 482 次。
如何安装 TrustLog Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trustlog-guard」即可一键安装,无需额外配置。
TrustLog Guard 是免费的吗?
是的,TrustLog Guard 完全免费(开源免费),可自由下载、安装和使用。
TrustLog Guard 支持哪些平台?
TrustLog Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TrustLog Guard?
由 AnouarTrust(@anouartrust)开发并维护,当前版本 v1.1.0。
推荐 Skills