ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified system Safety 4/5

clauditor

Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/apollostreetcompany/clauditor
Or

What This Skill Does

Clauditor serves as a specialized, tamper-resistant audit watchdog specifically engineered for Clawdbot agents. Its primary function is to monitor critical filesystem activity and generate an immutable, HMAC-chained log trail. Even in a scenario where the host agent is compromised by an adversary, the Clauditor watchdog operates with elevated privileges as a separate system user ('sysaudit'), ensuring that logs cannot be altered, forged, or deleted by the compromised agent itself. This provides a 'source of truth' regarding the integrity of the agent's environment.

Installation

Installation is designed to be highly secure and verifiable. You can use the guided CLI wizard for a step-by-step hardened installation:

  1. Navigate to the clauditor directory: cd /path/to/clauditor
  2. Build the binary: cargo build --release
  3. Start the wizard: ./target/release/clauditor wizard next
  4. Follow the prompts for system user creation, directory permission setup, and service initialization.

Alternatively, power users can utilize the automated script: sudo bash wizard/wizard.sh. Post-installation, the configuration can be modified in /etc/sysaudit/config.toml to define specific watch_paths and monitor target UIDs.

Use Cases

  • Intrusion Detection: Log any unauthorized modifications to binary or configuration files.
  • Forensic Audit: Maintain a tamper-evident history of file access for regulatory compliance.
  • Compromise Mitigation: Ensure that even if the primary agent is compromised, there exists an immutable log of the unauthorized activity for post-mortem analysis.

Example Prompts

  1. "Install clauditor and guide me through the setup process."
  2. "Check the current status of the clauditor watchdog and ensure all steps are verified."
  3. "Generate a markdown audit report for the events logged in /var/lib/.sysd/.audit/events.log using my system key."

Tips & Limitations

  • Permissions: Always ensure the sysaudit user has restricted access to prevent secondary escalation vectors.
  • Monitoring: Regularly check systemctl status systemd-journaldd to confirm the watchdog is active.
  • Limitations: Clauditor is an audit tool, not a firewall; while it detects and logs tampering, it does not actively block processes in real-time unless configured for specific reactive triggers.
Read Full Documentation on GitHub

Metadata

Author@apollostreetcompany
Stars4473
Views0
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-apollostreetcompany-clauditor": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#auditing#filesystem-integrity#forensics#hardened-systems
Safety Score: 4/5

Flags: file-write, file-read, code-execution