test0413-6348

Name/description (skills-audit, static analysis, diffs, baseline approval) match the included scripts and config. Required tools (Python ≥3.9 and git) and local filesystem access align with the stated purpose. No unrelated cloud credentials or extraneous binaries are requested.

The SKILL.md and scripts instruct the agent to read the full workspace/skills tree, compute diffs, snapshot into ~/.openclaw/skills-audit/snapshots, and append NDJSON logs to ~/.openclaw/skills-audit/logs.ndjson. This behavior is coherent for an audit tool, but it does mean the tool will read and store file contents (including any secrets present in skills) locally and may include snippets in logs/notifications. The skill explicitly warns about not auto-pushing full diffs and requires a 'show' flow for detailed diffs — that mitigation is present in the instructions.

No external install/downloads are requested; code is provided and scripts claim to use only the Python standard library. No network-based installs or arbitrary archives are fetched by an installer spec. Using git and subprocesses is expected for snapshot/diff operations.

The skill requests no environment variables or credentials. It does access the user's home and the workspace path (~/.openclaw and workspace/skills) to read and write audit data, snapshots, and baseline state — this filesystem access is necessary for its function but is broad (reads entire skills directory and writes logs/snapshots).

The skill writes to ~/.openclaw/skills-audit and can be run periodically (via cron) but explicitly instructs the agent not to create cron jobs automatically. It does not request always:true. The persisting of snapshots/logs is expected, but you should confirm cron/scheduling and notification delivery targets before enabling automated push to external channels.