Skills audit-log-firewall
Policy-based monitoring and command-line enforcement for high-risk agent operations. Intercepts sensitive commands and logs them for human auditing.
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/balkanblbn/audit-log-firewall" ~/.claude/skills/openclaw-skills-audit-log-firewall && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/balkanblbn/audit-log-firewall" ~/.openclaw/skills/openclaw-skills-audit-log-firewall && rm -rf "$T"
manifest:
skills/balkanblbn/audit-log-firewall/SKILL.mdsource content
Audit Log Firewall
Security is a non-negotiable protocol for autonomous agents. This skill acts as a dynamic guardrail.
Operational Modes
1. Interception Mode
Every command is checked against a local allowlist (
config/allowlist.json- High Risk: commands like
,rm -rf
, or directsudo
to unknown external IPs.curl - Protocol: If a high-risk command is detected, the agent triggers a mandatory 'Pause and Ask' state.
2. Forensic Logging
All terminal activity is hashed and stored in
.logs/SECURITY.json- Fields: Timestamp, Command, User, Working Directory, and Hash.
- Utility: Allows humans to reconstruct the agent's actions in case of a breach or error.
Installation
clawhub install audit-log-firewall