clauditor
v0.1.2Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.
Sourced from ClawHub,
Authored by apollostreetcompany
Installation
Please help me install the skill `clauditor` from SkillHub official store.
npx skills add apollostreetcompany/clauditor
Clauditor
Security watchdog that monitors filesystem activity and creates tamper-evident logs. Even if Clawdbot is compromised, it cannot stop the watchdog, forge entries, or delete evidence.
Installation (Guided)
Use the CLI wizard to guide users through installation:
cd /path/to/clauditor
cargo build --release
Agent Workflow
- Check status:
./target/release/clauditor wizard status -
Returns JSON with
current_step(1-6) andcomplete(true/false) -
Get next step:
./target/release/clauditor wizard next -
Shows WHAT it does, WHY it matters, and the exact COMMAND to run
-
User runs the sudo command
-
Verify:
./target/release/clauditor wizard verify -
Confirms step completed
-
Repeat until
complete: true
Example Interaction
User: "Install clauditor"
Agent: [runs wizard status → current_step: 1]
Agent: "Step 1 of 6: Create system user
This creates a 'sysaudit' user that runs the watchdog. Even if you're
compromised, you can't kill a process owned by another user.
Run this:
sudo useradd --system --shell /usr/sbin/nologin --no-create-home sysaudit
Let me know when done."
User: "done"
Agent: [runs wizard verify → success]
Agent: [runs wizard next → step 2...]
After Installation
Check status
systemctl status systemd-journaldd
Generate digest
./target/release/clauditor digest
--log /var/lib/.sysd/.audit/events.log
--key /etc/sysaudit/key
--format markdown
Quick Install (Power Users)
sudo bash wizard/wizard.sh
Configuration
- Config:
/etc/sysaudit/config.toml - Key:
/etc/sysaudit/key - Logs:
/var/lib/.sysd/.audit/events.log
Edit config to customize watch_paths and target_uid.