clawdbot-logs
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several system utilities to gather diagnostics. Specifically:
- It invokes
journalctl --userandsystemctl --userto monitor theclawdbot-gateway.service. These commands operate within the user's permission scope and do not trigger privilege escalation. - It utilizes
jqto parse configuration and session files located in~/.clawdbot/. - It executes local shell scripts (
scripts/response-times.sh,scripts/session-stats.sh) to process log data and calculate performance metrics. - [DATA_EXPOSURE]: The skill accesses application-specific files that may contain sensitive information:
~/.clawdbot/clawdbot.json: Analyzes the bot configuration.~/.clawdbot/agents/main/sessions/*.jsonl: Reads conversation logs and token usage data.- These accesses are consistent with the skill's stated purpose of debugging and diagnostics for the Clawdbot application.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from log files that contain previous user messages and bot responses.
- Ingestion points: Reads from
~/.clawdbot/agents/main/sessions/*.jsonland/tmp/clawdbot/*.logusingtailandjq. - Boundary markers: None identified; logs are processed as raw text or JSON.
- Capability inventory: The agent can execute service management commands (
systemctl) and log retrieval (journalctl). - Sanitization: There is no explicit sanitization of the log content before it is presented to the agent for analysis, which presents a surface for indirect prompt injection if the logs contain malicious instructions.
Audit Metadata