Workspace Audit
Your workspace files drift. Credentials go stale. Paths break. Secrets leak into memory files. This skill catches it all.
Zero dependencies. Bash + Python stdlib. Works on macOS and Linux.
What It Checks
| Audit | What it catches |
|---|
| Structure & Size | Missing required files, oversized files, skills without frontmatter, secrets in memory files, git hygiene |
| 1Password Vault |
TOOLS.md references that don't match your vault, vault items not documented |
|
Duplication | Duplicate section headers across files, credentials outside TOOLS.md, personality content in wrong files |
|
Path References | Broken
~/,
skills/,
scripts/,
docs/ paths referenced in workspace files |
Quick Start
Run all audits:
�CODEBLOCK0
Verbose mode (shows passing checks too):
�CODEBLOCK1
Individual Audits
CODEBLOCK2
Configuration
All scripts respect environment variables — no hardcoded paths or values.
| Variable | Default | Description |
|---|
| INLINECODE4 | INLINECODE5 | Workspace root directory |
| INLINECODE6 |
$WS/TOOLS.md | Path to your TOOLS.md |
|
OP_VAULT |
(all vaults) | 1Password vault name to audit against |
|
AUDIT_CONFIG |
$WS/skills/workspace-audit/audit.conf | Optional config file for custom limits |
Custom File Size Limits
Create audit.conf in the skill directory to override defaults:
CODEBLOCK3
When to Run
- - After editing TOOLS.md, AGENTS.md, or MEMORY.md
- After adding/removing 1Password items
- After moving or renaming skills/scripts/docs
- During weekly review or nightly consolidation cron
- After installing new skills
File Role Reference
See references/file-roles.md for the single-responsibility matrix — which content belongs in which file.
Exit Codes
| Code | Meaning |
|---|
| INLINECODE13 | All checks passed |
| INLINECODE14 |
Issues found (see output) |
FAQ
What is workspace-audit?
A zero-dependency audit suite for OpenClaw workspaces. It checks your workspace files (AGENTS.md, TOOLS.md, MEMORY.md, etc.) for drift — broken paths, duplicate content, oversized files, leaked secrets, and 1Password vault mismatches. Runs entirely in bash + Python stdlib.
What problem does it solve?
OpenClaw workspaces drift over time. You rename a script but forget to update TOOLS.md. You add a 1Password item but never document it. A secret leaks into a memory file. A skill folder is missing its SKILL.md frontmatter. This skill catches all of it in one command.
What are the requirements?
Bash and Python 3 (stdlib only). No pip installs needed. 1Password CLI (op) is optional — the vault audit gracefully skips if op isn't installed or authenticated.
Does it work without 1Password?
Yes. The 1Password audit is one of four checks. If op isn't installed or OP_SERVICE_ACCOUNT_TOKEN isn't set, it skips that audit and runs the other three (structure, duplication, paths).
Can I customize the file size limits?
Yes. Create an audit.conf file in the skill directory with variables like MEMORY_LIMIT=200 or AGENTS_LIMIT=500. See audit.conf.example for all options.
How do I run it on a schedule?
Add a cron job that calls bash skills/workspace-audit/scripts/audit-all.sh. It returns exit code 1 if issues are found, so your agent can alert you only when something drifts.
Built by The Agent Wire — You read it. Your Agent runs it.
More skills: clawhub.ai/u/TheAgentWire工作区审计
你的工作区文件会逐渐偏离正确状态。凭证会过期。路径会失效。机密会泄露到内存文件中。本技能可以捕获所有这些问题。
零依赖。 仅使用Bash + Python标准库。支持macOS和Linux系统。
审计内容
| 审计项 | 捕获内容 |
|---|
| 结构与大小 | 缺失必需文件、文件过大、缺少前置元数据的技能、内存文件中的机密信息、Git仓库卫生状况 |
| 1Password保险库 |
TOOLS.md中引用与保险库不匹配、保险库项目未记录在文档中 |
|
重复内容 | 跨文件的重复章节标题、TOOLS.md之外的凭证信息、错误文件中的角色描述内容 |
|
路径引用 | 工作区文件中引用的~/、skills/、scripts/、docs/路径失效 |
快速开始
运行所有审计:
bash
bash skills/workspace-audit/scripts/audit-all.sh
详细模式(同时显示通过的检查项):
bash
bash skills/workspace-audit/scripts/audit-all.sh --verbose
单项审计
bash
结构、大小、技能验证、机密扫描、Git状态
bash skills/workspace-audit/scripts/audit-structure.sh
1Password保险库对齐(需要OPSERVICEACCOUNT_TOKEN)
bash skills/workspace-audit/scripts/audit-1password.sh
重复标题、角色重叠、TOOLS.md之外的凭证泄露
bash skills/workspace-audit/scripts/audit-duplication.sh
验证工作区文件中引用的所有文件路径是否实际存在
bash skills/workspace-audit/scripts/audit-paths.sh
配置
所有脚本均遵循环境变量——无硬编码路径或值。
| 变量 | 默认值 | 描述 |
|---|
| WS | ~/.openclaw/workspace | 工作区根目录 |
| TOOLS_MD |
$WS/TOOLS.md | TOOLS.md文件路径 |
| OP_VAULT |
(所有保险库) | 要审计的1Password保险库名称 |
| AUDIT_CONFIG | $WS/skills/workspace-audit/audit.conf | 自定义限制的可选配置文件 |
自定义文件大小限制
在技能目录中创建audit.conf以覆盖默认值:
bash
audit.conf — 每个文件的自定义行数限制
AGENTS_LIMIT=1000
SOUL_LIMIT=200
USER_LIMIT=200
IDENTITY_LIMIT=50
TOOLS_LIMIT=500
HEARTBEAT_LIMIT=100
MEMORY_LIMIT=150
运行时机
- - 编辑TOOLS.md、AGENTS.md或MEMORY.md后
- 添加/删除1Password项目后
- 移动或重命名skills/scripts/docs后
- 每周审查或夜间整合定时任务期间
- 安装新技能后
文件角色参考
参见references/file-roles.md了解单一职责矩阵——哪些内容应放在哪个文件中。
退出码
发现问题(参见输出) |
常见问题
什么是workspace-audit?
一个针对OpenClaw工作区的零依赖审计套件。它检查你的工作区文件(AGENTS.md、TOOLS.md、MEMORY.md等)是否存在偏离——失效路径、重复内容、过大文件、泄露的机密信息以及1Password保险库不匹配。完全在Bash + Python标准库中运行。
它解决了什么问题?
OpenClaw工作区会随时间逐渐偏离正确状态。你重命名了一个脚本但忘记更新TOOLS.md。你添加了一个1Password项目但从未记录。机密信息泄露到内存文件中。技能文件夹缺少SKILL.md前置元数据。本技能用一个命令捕获所有这些问题。
有什么要求?
Bash和Python 3(仅标准库)。无需pip安装。1Password CLI(op)是可选的——如果未安装或未认证,保险库审计会优雅跳过。
没有1Password也能工作吗?
是的。1Password审计是四项检查之一。如果未安装op或未设置OPSERVICEACCOUNT_TOKEN,它会跳过该审计并运行其他三项(结构、重复、路径)。
我可以自定义文件大小限制吗?
可以。在技能目录中创建audit.conf文件,包含MEMORYLIMIT=200或AGENTSLIMIT=500等变量。参见audit.conf.example了解所有选项。
如何定时运行?
添加一个调用bash skills/workspace-audit/scripts/audit-all.sh的cron任务。如果发现问题,它会返回退出码1,这样你的代理只会在出现偏离时提醒你。
由The Agent Wire构建 — 你阅读它。你的代理运行它。
更多技能:clawhub.ai/u/TheAgentWire
