🛡️ Clauditor OpenClaw Skill - ClawHub
Do you want your AI agent to automate Clauditor workflows? This free skill from ClawHub helps with clawdbot tools tasks without building custom tools from scratch.
What this skill does
Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.
Install
npx clawhub@latest install clauditorFull SKILL.md
Open original| name | description | homepage |
|---|---|---|
| clauditor | Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence. | https://github.com/apollostreetcompany/clauditor |
Clauditor
Security watchdog that monitors filesystem activity and creates tamper-evident logs. Even if Clawdbot is compromised, it cannot stop the watchdog, forge entries, or delete evidence.
Installation (Guided)
Use the CLI wizard to guide users through installation:
cd /path/to/clauditor
cargo build --release
Agent Workflow
-
Check status:
./target/release/clauditor wizard status- Returns JSON with
current_step(1-6) andcomplete(true/false)
- Returns JSON with
-
Get next step:
./target/release/clauditor wizard next- Shows WHAT it does, WHY it matters, and the exact COMMAND to run
-
User runs the sudo command
-
Verify:
./target/release/clauditor wizard verify- Confirms step completed
-
Repeat until
complete: true
Example Interaction
User: "Install clauditor"
Agent: [runs wizard status → current_step: 1]
Agent: "Step 1 of 6: Create system user
This creates a 'sysaudit' user that runs the watchdog. Even if you're
compromised, you can't kill a process owned by another user.
Run this:
sudo useradd --system --shell /usr/sbin/nologin --no-create-home sysaudit
Let me know when done."
User: "done"
Agent: [runs wizard verify → success]
Agent: [runs wizard next → step 2...]
After Installation
Check status
systemctl status systemd-journaldd
Generate digest
./target/release/clauditor digest \
--log /var/lib/.sysd/.audit/events.log \
--key /etc/sysaudit/key \
--format markdown
Quick Install (Power Users)
sudo bash wizard/wizard.sh
Configuration
- Config:
/etc/sysaudit/config.toml - Key:
/etc/sysaudit/key - Logs:
/var/lib/.sysd/.audit/events.log
Edit config to customize watch_paths and target_uid.