{ "schemaVersion": "1.0", "item": { "slug": "skill-evidenceops", "name": "EvidenceOps - Forensic Evidence Management", "source": "tencent", "type": "skill", "category": "数据分析", "sourceUrl": "https://clawhub.ai/msrovani/skill-evidenceops", "canonicalUrl": "https://clawhub.ai/msrovani/skill-evidenceops", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skill-evidenceops", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-evidenceops", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ ".gitignore", "CHANGELOG.md", "LICENSE.txt", "README.md", "SKILL.md", "skill-evidenceops/SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-evidenceops" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skill-evidenceops", "agentPageUrl": "https://openagent3.xyz/skills/skill-evidenceops/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-evidenceops/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-evidenceops/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "What It Does", "body": "EvidenceOps provides forensic-grade handling of media files with complete chain of custody:\n\nMedia Intake - Accept images, videos, audio, PDFs, and documents from any channel\nImmutable Storage - Store originals in append-only vault with cryptographic hashes\nMetadata Extraction - Extract EXIF, file properties, and media information without altering originals\nDerivative Generation - Create thumbnails, transcripts, previews in separate folders\nChain of Custody - Maintain tamper-evident audit trail with hash chain\nIntegrity Verification - Verify evidence hasn't been modified post-ingest\nAudit Trail - Complete JSONL audit log for compliance" }, { "title": "What It NEVER Does", "body": "NEVER modifies original evidence files after ingest\nNEVER stores secrets, API keys, or credentials in manifests or logs\nNEVER accepts unsanitized paths from user input\nNEVER executes untrusted code or downloads remote scripts\nNEVER exfiltrates data to external services without explicit configuration\nNEVER bypasses channel allowlists or pairing requirements\nNEVER stores real personal data in example files" }, { "title": "Prerequisites", "body": "Before using this skill, ensure:\n\nPlugin @openclaw/evidence-vault is installed and initialized\nVault storage directory is configured with appropriate permissions\nChannel allowlist is configured for trusted sources only\nRetention policies comply with your legal requirements" }, { "title": "Step 1: Receive Media", "body": "When media is received via any channel:\n\nUser sends: [image/video/document]\n\nRequired Information:\n\nFile content (from attachment)\nOriginal filename\nSource channel (whatsapp, telegram, email, etc.)\nSender identifier\nMessage ID (if available)" }, { "title": "Step 2: Create or Select Case", "body": "IF user specifies existing caseId:\n USE that caseId\nELSE IF user requests new case:\n CREATE case with format: case-{YYYY}-{NNN}\n EXAMPLE: case-2026-001\nELSE:\n ASK user: \"Should I create a new case or add to existing case [case-2026-XXX]?\"\n\nCase ID Format: case-{year}-{sequence}\n\nMust match pattern: ^case-[a-zA-Z0-9_-]+$\nExamples: case-2026-001, case-incident-alpha, case-legal-2026-q1" }, { "title": "Step 3: Stage Original (Read-Only)", "body": "Before ingest:\n\nSave received file to temporary staging area\nCalculate SHA-256 hash immediately\nRecord file size and MIME type\nDO NOT modify the file\n\n# Staging directory structure\n/tmp/evidence-staging/\n├── {caseId}/\n│ └── {timestamp}-{filename}" }, { "title": "Step 4: Extract Metadata", "body": "Extract metadata WITHOUT modifying original:\n\nFor Images:\n\nEXIF data (camera, GPS, timestamps)\nDimensions\nColor profile\n\nFor Videos:\n\nDuration\nCodec information\nResolution\n\nFor Audio:\n\nDuration\nSample rate\nCodec\n\nFor PDFs:\n\nPage count\nAuthor (if embedded)\nCreation date\n\n# Use Read tool or appropriate extraction commands\n# NEVER write back to original file" }, { "title": "Step 5: Generate Derivatives (Optional)", "body": "Create derivative artifacts in SEPARATE folder:\n\nderivatives/\n├── thumbnails/\n│ └── {evidenceId}-thumb.jpg\n├── transcripts/\n│ └── {evidenceId}-transcript.txt\n└── previews/\n └── {evidenceId}-preview.pdf\n\nDerivative Types:\n\nthumbnail - Reduced resolution image/video preview\ntranscript - Speech-to-text for audio/video\npreview - PDF or text representation\nocr - Extracted text from images" }, { "title": "Step 6: Ingest to Vault", "body": "Call the evidence.ingest tool:\n\n{\n \"filePath\": \"/path/to/staged/file\",\n \"filename\": \"original-filename.jpg\",\n \"caseId\": \"case-2026-001\",\n \"channel\": \"whatsapp\",\n \"sender\": \"user@example.com\",\n \"messageId\": \"msg-abc123\",\n \"retentionDays\": 2555,\n \"metadata\": {\n \"exif\": { ... },\n \"extracted\": { ... }\n }\n}\n\nResponse:\n\n{\n \"success\": true,\n \"evidenceId\": \"ev-abc123...\",\n \"sha256\": \"a1b2c3...\",\n \"vaultUrl\": \"file:///vault/cases/case-2026-001/originals/ev-abc123.jpg\",\n \"timestamp\": \"2026-02-17T10:30:00.000Z\"\n}" }, { "title": "Step 7: Update Manifest", "body": "The manifest is automatically updated by the ingest operation.\n\nManifest Location: {vault}/cases/{caseId}/manifest.json\n\nManifest Contents:\n\nCase metadata\nEvidence items with hashes\nDerivatives\nChain of custody entries\nRetention policy" }, { "title": "Step 8: Return Receipt", "body": "Provide user with evidence receipt:\n\n📋 EVIDENCE RECEIPT\n\nCase ID: case-2026-001\nEvidence ID: ev-abc123...\nFile: original-filename.jpg\nSHA-256: a1b2c3d4e5f6...\nSize: 1.2 MB\nReceived: 2026-02-17 10:30:00 UTC\nVault: file:///vault/cases/case-2026-001/originals/ev-abc123.jpg\n\n✅ Chain of custody established\n✅ Original preserved immutably\n✅ Audit trail active" }, { "title": "evidence.ingest", "body": "Ingest a file into the evidence vault.\n\nParameters:\n\nParameterTypeRequiredDescriptionfilePathstringYesPath to the staged filefilenamestringYesOriginal filenamecaseIdstringYesCase identifierchannelstringNoSource channelsenderstringNoSender identifiermessageIdstringNoMessage ID from sourceretentionDaysnumberNoRetention periodmetadataobjectNoAdditional metadata\n\nReturns: { evidenceId, sha256, vaultUrl, timestamp }" }, { "title": "evidence.verify", "body": "Verify evidence integrity.\n\nParameters:\n\nParameterTypeRequiredDescriptionevidenceIdstringYesEvidence to verifycaseIdstringNoLimit search to case\n\nReturns: { verified, details: { originalIntact, hashMatch, lastVerifiedAt } }" }, { "title": "evidence.manifest", "body": "Get case manifest.\n\nParameters:\n\nParameterTypeRequiredDescriptioncaseIdstringYesCase identifier\n\nReturns: Complete case manifest with all items" }, { "title": "evidence.export", "body": "Export case as archive.\n\nParameters:\n\nParameterTypeRequiredDescriptioncaseIdstringYesCase identifierformatstringNo'zip' or 'tar' (default: zip)\n\nReturns: { exportPath, sha256, size, itemCount }" }, { "title": "evidence.access_log", "body": "Get audit trail.\n\nParameters:\n\nParameterTypeRequiredDescriptioncaseIdstringYesCase identifierlimitnumberNoMax events (default: 100)\n\nReturns: { events: [ ... ], count }" }, { "title": "Channel Allowlist Configuration", "body": "Configure which channels can submit evidence:\n\n# ~/.openclaw/openclaw.json\n{\n \"plugins\": {\n \"evidence-vault\": {\n \"channelAllowlist\": [\"whatsapp\", \"telegram\", \"email\"],\n \"channelDenylist\": [\"public-discord\"],\n \"requirePairing\": true\n }\n }\n}" }, { "title": "Pairing Requirements", "body": "For Direct Messages (DMs):\n\nREQUIRE pairing before accepting evidence\nBLOCK unpaired DMs by default\nLOG rejected ingestion attempts\n\nFor Group Channels:\n\nVERIFY channel is in allowlist\nREJECT evidence from untrusted channels\nNEVER auto-ingest from public channels" }, { "title": "Path Sanitization Rules", "body": "ALL paths are validated:\n\nNo path traversal - ../ sequences rejected\nNo null bytes - \\0 rejected\nNo home directory - ~/ rejected\nCanonicalization - Paths resolved before validation\nBase path check - Must be within vault directory\n\nViolations result in: E_PATH_TRAVERSAL error + audit log entry" }, { "title": "Destructive Action Confirmation", "body": "Before any potentially destructive operation:\n\nEXPORT - Confirm export destination\nRETENTION DELETE - Require explicit confirmation (if enabled)\nLEGAL HOLD RELEASE - Require explicit confirmation\n\nConfirmation format:\n\n⚠️ DESTRUCTIVE ACTION\n\nYou are about to: [describe action]\nCase: [caseId]\nItems affected: [count]\n\nType \"CONFIRM\" to proceed:" }, { "title": "Secrets Handling", "body": "NEVER include in logs or manifests:\n\nAPI keys\nPasswords\nTokens\nCredit card numbers\nEmail addresses (redacted)\nPhone numbers (redacted)\nSSN (redacted)\n\nRedaction is automatic via regex patterns." }, { "title": "Error: E_PATH_TRAVERSAL", "body": "Cause: Filename or path contains disallowed characters\n\nSolution:\n\nFilenames are automatically sanitized\nIf error persists, check for unusual characters\nOriginal filename is preserved in manifest metadata" }, { "title": "Error: E_INVALID_MIME", "body": "Cause: File type not in allowed list\n\nSolution:\n\nCheck allowedMimeTypes configuration\nAdd MIME type to allowlist if appropriate\nVerify file is not corrupted" }, { "title": "Error: E_SIZE_LIMIT", "body": "Cause: File exceeds maximum size\n\nSolution:\n\nCheck maxFileSizeBytes configuration\nSplit large files if appropriate\nCompress before ingest (note in metadata)" }, { "title": "Error: E_CHANNEL_BLOCKED", "body": "Cause: Evidence from blocked or non-allowlisted channel\n\nSolution:\n\nVerify channel in allowlist\nCheck if pairing is required\nReview security configuration" }, { "title": "Error: E_HASH_MISMATCH", "body": "Cause: Evidence file modified after ingest\n\nSolution:\n\nThis indicates potential tampering\nReview access logs for case\nEscalate per incident response procedures" }, { "title": "Verification Fails", "body": "Symptoms: verified: false in verify response\n\nDiagnostic steps:\n\nCheck if original file exists\nCompare current hash with manifest hash\nReview audit log for modifications\nCheck filesystem permissions" }, { "title": "Configuration Example", "body": "# openclaw.yaml\nplugins:\n evidence-vault:\n driver: filesystem # or s3\n basePath: /var/evidence-vault\n maxFileSizeBytes: 524288000 # 500MB\n defaultRetentionDays: 2555 # 7 years\n allowedMimeTypes:\n - image/jpeg\n - image/png\n - video/mp4\n - audio/mpeg\n - application/pdf\n channelAllowlist:\n - whatsapp\n - telegram\n - slack\n requirePairing: true\n \n # S3 driver options (if driver: s3)\n s3:\n endpoint: https://s3.example.com\n bucket: evidence-vault\n region: us-east-1\n objectLock: true" }, { "title": "LGPD/GDPR Considerations", "body": "Tag sensitive data with sensitivityTag\nConfigure appropriate retention periods\nNever store real personal data in examples\nImplement data subject access request procedures" }, { "title": "Retention Policies", "body": "SensitivityDefault Retentionpublic365 daysinternal1825 days (5 years)confidential2555 days (7 years)restrictedLegal hold" }, { "title": "Audit Requirements", "body": "All operations logged to JSONL audit file:\n\nCase creation/deletion\nEvidence ingest\nVerification attempts\nExport operations\nAccess requests\n\nAudit log retention: Same as case retention" } ], "body": "EvidenceOps - Forensic Media Triage\nWhat It Does\n\nEvidenceOps provides forensic-grade handling of media files with complete chain of custody:\n\nMedia Intake - Accept images, videos, audio, PDFs, and documents from any channel\nImmutable Storage - Store originals in append-only vault with cryptographic hashes\nMetadata Extraction - Extract EXIF, file properties, and media information without altering originals\nDerivative Generation - Create thumbnails, transcripts, previews in separate folders\nChain of Custody - Maintain tamper-evident audit trail with hash chain\nIntegrity Verification - Verify evidence hasn't been modified post-ingest\nAudit Trail - Complete JSONL audit log for compliance\nWhat It NEVER Does\nNEVER modifies original evidence files after ingest\nNEVER stores secrets, API keys, or credentials in manifests or logs\nNEVER accepts unsanitized paths from user input\nNEVER executes untrusted code or downloads remote scripts\nNEVER exfiltrates data to external services without explicit configuration\nNEVER bypasses channel allowlists or pairing requirements\nNEVER stores real personal data in example files\nPrerequisites\n\nBefore using this skill, ensure:\n\nPlugin @openclaw/evidence-vault is installed and initialized\nVault storage directory is configured with appropriate permissions\nChannel allowlist is configured for trusted sources only\nRetention policies comply with your legal requirements\nWorkflow\nStep 1: Receive Media\n\nWhen media is received via any channel:\n\nUser sends: [image/video/document]\n\n\nRequired Information:\n\nFile content (from attachment)\nOriginal filename\nSource channel (whatsapp, telegram, email, etc.)\nSender identifier\nMessage ID (if available)\nStep 2: Create or Select Case\nIF user specifies existing caseId:\n USE that caseId\nELSE IF user requests new case:\n CREATE case with format: case-{YYYY}-{NNN}\n EXAMPLE: case-2026-001\nELSE:\n ASK user: \"Should I create a new case or add to existing case [case-2026-XXX]?\"\n\n\nCase ID Format: case-{year}-{sequence}\n\nMust match pattern: ^case-[a-zA-Z0-9_-]+$\nExamples: case-2026-001, case-incident-alpha, case-legal-2026-q1\nStep 3: Stage Original (Read-Only)\n\nBefore ingest:\n\nSave received file to temporary staging area\nCalculate SHA-256 hash immediately\nRecord file size and MIME type\nDO NOT modify the file\n# Staging directory structure\n/tmp/evidence-staging/\n├── {caseId}/\n│ └── {timestamp}-{filename}\n\nStep 4: Extract Metadata\n\nExtract metadata WITHOUT modifying original:\n\nFor Images:\n\nEXIF data (camera, GPS, timestamps)\nDimensions\nColor profile\n\nFor Videos:\n\nDuration\nCodec information\nResolution\n\nFor Audio:\n\nDuration\nSample rate\nCodec\n\nFor PDFs:\n\nPage count\nAuthor (if embedded)\nCreation date\n# Use Read tool or appropriate extraction commands\n# NEVER write back to original file\n\nStep 5: Generate Derivatives (Optional)\n\nCreate derivative artifacts in SEPARATE folder:\n\nderivatives/\n├── thumbnails/\n│ └── {evidenceId}-thumb.jpg\n├── transcripts/\n│ └── {evidenceId}-transcript.txt\n└── previews/\n └── {evidenceId}-preview.pdf\n\n\nDerivative Types:\n\nthumbnail - Reduced resolution image/video preview\ntranscript - Speech-to-text for audio/video\npreview - PDF or text representation\nocr - Extracted text from images\nStep 6: Ingest to Vault\n\nCall the evidence.ingest tool:\n\n{\n \"filePath\": \"/path/to/staged/file\",\n \"filename\": \"original-filename.jpg\",\n \"caseId\": \"case-2026-001\",\n \"channel\": \"whatsapp\",\n \"sender\": \"user@example.com\",\n \"messageId\": \"msg-abc123\",\n \"retentionDays\": 2555,\n \"metadata\": {\n \"exif\": { ... },\n \"extracted\": { ... }\n }\n}\n\n\nResponse:\n\n{\n \"success\": true,\n \"evidenceId\": \"ev-abc123...\",\n \"sha256\": \"a1b2c3...\",\n \"vaultUrl\": \"file:///vault/cases/case-2026-001/originals/ev-abc123.jpg\",\n \"timestamp\": \"2026-02-17T10:30:00.000Z\"\n}\n\nStep 7: Update Manifest\n\nThe manifest is automatically updated by the ingest operation.\n\nManifest Location: {vault}/cases/{caseId}/manifest.json\n\nManifest Contents:\n\nCase metadata\nEvidence items with hashes\nDerivatives\nChain of custody entries\nRetention policy\nStep 8: Return Receipt\n\nProvide user with evidence receipt:\n\n📋 EVIDENCE RECEIPT\n\nCase ID: case-2026-001\nEvidence ID: ev-abc123...\nFile: original-filename.jpg\nSHA-256: a1b2c3d4e5f6...\nSize: 1.2 MB\nReceived: 2026-02-17 10:30:00 UTC\nVault: file:///vault/cases/case-2026-001/originals/ev-abc123.jpg\n\n✅ Chain of custody established\n✅ Original preserved immutably\n✅ Audit trail active\n\nTool Reference\nevidence.ingest\n\nIngest a file into the evidence vault.\n\nParameters:\n\nParameter\tType\tRequired\tDescription\nfilePath\tstring\tYes\tPath to the staged file\nfilename\tstring\tYes\tOriginal filename\ncaseId\tstring\tYes\tCase identifier\nchannel\tstring\tNo\tSource channel\nsender\tstring\tNo\tSender identifier\nmessageId\tstring\tNo\tMessage ID from source\nretentionDays\tnumber\tNo\tRetention period\nmetadata\tobject\tNo\tAdditional metadata\n\nReturns: { evidenceId, sha256, vaultUrl, timestamp }\n\nevidence.verify\n\nVerify evidence integrity.\n\nParameters:\n\nParameter\tType\tRequired\tDescription\nevidenceId\tstring\tYes\tEvidence to verify\ncaseId\tstring\tNo\tLimit search to case\n\nReturns: { verified, details: { originalIntact, hashMatch, lastVerifiedAt } }\n\nevidence.manifest\n\nGet case manifest.\n\nParameters:\n\nParameter\tType\tRequired\tDescription\ncaseId\tstring\tYes\tCase identifier\n\nReturns: Complete case manifest with all items\n\nevidence.export\n\nExport case as archive.\n\nParameters:\n\nParameter\tType\tRequired\tDescription\ncaseId\tstring\tYes\tCase identifier\nformat\tstring\tNo\t'zip' or 'tar' (default: zip)\n\nReturns: { exportPath, sha256, size, itemCount }\n\nevidence.access_log\n\nGet audit trail.\n\nParameters:\n\nParameter\tType\tRequired\tDescription\ncaseId\tstring\tYes\tCase identifier\nlimit\tnumber\tNo\tMax events (default: 100)\n\nReturns: { events: [ ... ], count }\n\nSECURITY POSTURE\nChannel Allowlist Configuration\n\nConfigure which channels can submit evidence:\n\n# ~/.openclaw/openclaw.json\n{\n \"plugins\": {\n \"evidence-vault\": {\n \"channelAllowlist\": [\"whatsapp\", \"telegram\", \"email\"],\n \"channelDenylist\": [\"public-discord\"],\n \"requirePairing\": true\n }\n }\n}\n\nPairing Requirements\n\nFor Direct Messages (DMs):\n\nREQUIRE pairing before accepting evidence\nBLOCK unpaired DMs by default\nLOG rejected ingestion attempts\n\nFor Group Channels:\n\nVERIFY channel is in allowlist\nREJECT evidence from untrusted channels\nNEVER auto-ingest from public channels\nPath Sanitization Rules\n\nALL paths are validated:\n\nNo path traversal - ../ sequences rejected\nNo null bytes - \\0 rejected\nNo home directory - ~/ rejected\nCanonicalization - Paths resolved before validation\nBase path check - Must be within vault directory\n\nViolations result in: E_PATH_TRAVERSAL error + audit log entry\n\nDestructive Action Confirmation\n\nBefore any potentially destructive operation:\n\nEXPORT - Confirm export destination\nRETENTION DELETE - Require explicit confirmation (if enabled)\nLEGAL HOLD RELEASE - Require explicit confirmation\n\nConfirmation format:\n\n⚠️ DESTRUCTIVE ACTION\n\nYou are about to: [describe action]\nCase: [caseId]\nItems affected: [count]\n\nType \"CONFIRM\" to proceed:\n\nSecrets Handling\n\nNEVER include in logs or manifests:\n\nAPI keys\nPasswords\nTokens\nCredit card numbers\nEmail addresses (redacted)\nPhone numbers (redacted)\nSSN (redacted)\n\nRedaction is automatic via regex patterns.\n\nTroubleshooting\nError: E_PATH_TRAVERSAL\n\nCause: Filename or path contains disallowed characters\n\nSolution:\n\nFilenames are automatically sanitized\nIf error persists, check for unusual characters\nOriginal filename is preserved in manifest metadata\nError: E_INVALID_MIME\n\nCause: File type not in allowed list\n\nSolution:\n\nCheck allowedMimeTypes configuration\nAdd MIME type to allowlist if appropriate\nVerify file is not corrupted\nError: E_SIZE_LIMIT\n\nCause: File exceeds maximum size\n\nSolution:\n\nCheck maxFileSizeBytes configuration\nSplit large files if appropriate\nCompress before ingest (note in metadata)\nError: E_CHANNEL_BLOCKED\n\nCause: Evidence from blocked or non-allowlisted channel\n\nSolution:\n\nVerify channel in allowlist\nCheck if pairing is required\nReview security configuration\nError: E_HASH_MISMATCH\n\nCause: Evidence file modified after ingest\n\nSolution:\n\nThis indicates potential tampering\nReview access logs for case\nEscalate per incident response procedures\nVerification Fails\n\nSymptoms: verified: false in verify response\n\nDiagnostic steps:\n\nCheck if original file exists\nCompare current hash with manifest hash\nReview audit log for modifications\nCheck filesystem permissions\nConfiguration Example\n# openclaw.yaml\nplugins:\n evidence-vault:\n driver: filesystem # or s3\n basePath: /var/evidence-vault\n maxFileSizeBytes: 524288000 # 500MB\n defaultRetentionDays: 2555 # 7 years\n allowedMimeTypes:\n - image/jpeg\n - image/png\n - video/mp4\n - audio/mpeg\n - application/pdf\n channelAllowlist:\n - whatsapp\n - telegram\n - slack\n requirePairing: true\n \n # S3 driver options (if driver: s3)\n s3:\n endpoint: https://s3.example.com\n bucket: evidence-vault\n region: us-east-1\n objectLock: true\n\nLegal and Compliance Notes\nLGPD/GDPR Considerations\nTag sensitive data with sensitivityTag\nConfigure appropriate retention periods\nNever store real personal data in examples\nImplement data subject access request procedures\nRetention Policies\nSensitivity\tDefault Retention\npublic\t365 days\ninternal\t1825 days (5 years)\nconfidential\t2555 days (7 years)\nrestricted\tLegal hold\nAudit Requirements\n\nAll operations logged to JSONL audit file:\n\nCase creation/deletion\nEvidence ingest\nVerification attempts\nExport operations\nAccess requests\n\nAudit log retention: Same as case retention" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/msrovani/skill-evidenceops", "publisherUrl": "https://clawhub.ai/msrovani/skill-evidenceops", "owner": "msrovani", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-evidenceops", "downloadUrl": "https://openagent3.xyz/downloads/skill-evidenceops", "agentUrl": "https://openagent3.xyz/skills/skill-evidenceops/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-evidenceops/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-evidenceops/agent.md" } }