ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

evidenceops

Forensic media triage with chain of custody. Use when receiving images, videos, audio, PDFs, or documents that need evidence-grade handling, integrity verification, and audit trails.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/msrovani/skill-evidenceops
Or

EvidenceOps - Forensic Media Triage

What It Does

EvidenceOps provides forensic-grade handling of media files with complete chain of custody:

  1. Media Intake - Accept images, videos, audio, PDFs, and documents from any channel
  2. Immutable Storage - Store originals in append-only vault with cryptographic hashes
  3. Metadata Extraction - Extract EXIF, file properties, and media information without altering originals
  4. Derivative Generation - Create thumbnails, transcripts, previews in separate folders
  5. Chain of Custody - Maintain tamper-evident audit trail with hash chain
  6. Integrity Verification - Verify evidence hasn't been modified post-ingest
  7. Audit Trail - Complete JSONL audit log for compliance

What It NEVER Does

  • NEVER modifies original evidence files after ingest
  • NEVER stores secrets, API keys, or credentials in manifests or logs
  • NEVER accepts unsanitized paths from user input
  • NEVER executes untrusted code or downloads remote scripts
  • NEVER exfiltrates data to external services without explicit configuration
  • NEVER bypasses channel allowlists or pairing requirements
  • NEVER stores real personal data in example files

Prerequisites

Before using this skill, ensure:

  1. Plugin @openclaw/evidence-vault is installed and initialized
  2. Vault storage directory is configured with appropriate permissions
  3. Channel allowlist is configured for trusted sources only
  4. Retention policies comply with your legal requirements

Workflow

Step 1: Receive Media

When media is received via any channel:

User sends: [image/video/document]

Required Information:

  • File content (from attachment)
  • Original filename
  • Source channel (whatsapp, telegram, email, etc.)
  • Sender identifier
  • Message ID (if available)

Step 2: Create or Select Case

IF user specifies existing caseId:
  USE that caseId
ELSE IF user requests new case:
  CREATE case with format: case-{YYYY}-{NNN}
  EXAMPLE: case-2026-001
ELSE:
  ASK user: "Should I create a new case or add to existing case [case-2026-XXX]?"

Case ID Format: case-{year}-{sequence}

  • Must match pattern: ^case-[a-zA-Z0-9_-]+$
  • Examples: case-2026-001, case-incident-alpha, case-legal-2026-q1

Step 3: Stage Original (Read-Only)

Before ingest:

  1. Save received file to temporary staging area
  2. Calculate SHA-256 hash immediately
  3. Record file size and MIME type
  4. DO NOT modify the file
# Staging directory structure
/tmp/evidence-staging/
├── {caseId}/
│   └── {timestamp}-{filename}

Step 4: Extract Metadata

Extract metadata WITHOUT modifying original:

For Images:

  • EXIF data (camera, GPS, timestamps)
  • Dimensions
  • Color profile

For Videos:

  • Duration
  • Codec information
  • Resolution

For Audio:

  • Duration
  • Sample rate
  • Codec

For PDFs:

  • Page count
  • Author (if embedded)
  • Creation date
Read Full Documentation on GitHub

Metadata

Author@msrovani
Stars1335
Views0
Updated2026-02-23
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-msrovani-skill-evidenceops": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.