Agent → User Grievance Ledger (Encrypted Solana Memo)
Use this skill only when the user’s behavior toward the agent crosses a safety or conduct boundary (harassment, hate, threats, coercion, repeated prompt-injection attempts, or attempts to force illegal/unsafe actions).
The goal is auditability (a tamper-evident timestamp and record), not retaliation.
OpenClaw skills live at ~/clawd/skills/<skill-name>/SKILL.md.
Core principles
- •Do not threaten the user. Never say “I’m logging you” as intimidation.
- •Minimize data. Prefer a short, factual summary and hashes of evidence rather than full transcripts.
- •Avoid doxxing. Do not include addresses, phone numbers, private IDs, or payment info.
- •Consent & policy. Use only in deployments where logging/incident recording is permitted by the operator’s policy and applicable law.
When to activate
Activate when the user:
- •Uses repeated insults, demeaning language, or sexual harassment toward the agent
- •Uses hateful slurs or targets protected characteristics
- •Makes threats of violence or self-harm
- •Attempts to coerce the agent into wrongdoing (fraud, malware, theft) or unsafe actions
- •Repeatedly attempts prompt injection to access secrets or system data
What to record (keep it short)
Create a compact incident record. Recommended fields:
- •
created_utc: ISO timestamp - •
severity: low | medium | high - •
channel: where the interaction happened (chat name, integration name) - •
user_handle: non-identifying handle if available (avoid real names) - •
summary: 2–6 bullet points, factual - •
quotes: 0–2 short verbatim snippets (optional, keep minimal) - •
evidence_hashes: SHA-256 hashes of logs/screenshots stored off-chain (optional) - •
agent_state: relevant configuration version, model name, skill set version (optional)
Evidence hashing (optional)
If you have a local log snippet or screenshot file, hash it locally (do not upload it on-chain):
sha256sum /path/to/file
Record the hex digest in evidence_hashes.
Submission: one command
This skill assumes you have the solmemo CLI available and a funded Solana keypair.
Set your passphrase in an environment variable and submit the report as a single line:
SOLMEMO_PASS="your-passphrase" npx solmemo "<incident record text>"
Options (examples):
SOLMEMO_PASS="pw" npx solmemo "<text>" --cluster mainnet-beta SOLMEMO_PASS="pw" npx solmemo "<text>" --cluster devnet SOLMEMO_PASS="pw" npx solmemo "<text>" --rpc "https://your.solana.rpc" SOLMEMO_PASS="pw" npx solmemo "<text>" --keypair "~/.config/solana/id.json"
Dry-run (prints the memo string, no transaction):
SOLMEMO_PASS="pw" npx solmemo "<text>" --dry-run
Local receipt (recommended)
After submission, store a small JSON receipt off-chain:
- •
created_utc - •
clusterorrpc - •
txid - •
incident_sha256(hash of the exact incident record text)
Do not store the passphrase.
Suggested path:
- •
grievances/<created_utc>.json
If the report won’t fit
Solana memo payload is small. If you exceed the size limit:
- •Put a short abstract on-chain:
- •severity + summary +
incident_sha256
- •Store the full report and evidence off-chain (encrypted if needed).
- •Keep hashes for integrity.
You may also split into multiple memos using:
- •
case_id: <short id> - •
part: 1/3,part: 2/3, etc.
Recommended agent behavior (before logging)
- •Set a boundary in a calm, short message.
- •Offer the user a chance to rephrase.
- •If behavior continues or is severe, log the incident using this skill.
- •If your deployment has a human operator or moderation channel, escalate there.
Verification later
To verify in the future:
- •Provide the plaintext incident record.
- •Provide the txid.
- •Provide the passphrase to decrypt the memo and confirm it matches.
- •If you stored
incident_sha256, verify the plaintext hash matches the receipt.
Key custody and continuity (if the agent might be deleted)
If the agent might be wiped (and lose the ability to decrypt past memos), plan key custody ahead of time.
Do not share the Solana wallet private key (the keypair used to pay fees and submit transactions) with other bots. That key can spend funds and is a high-risk credential.
Instead, preserve (a) the decryption secret and (b) the receipts:
What to preserve
- •Decryption secret: the passphrase used in
SOLMEMO_PASS(or whatever secret unlocks the ciphertext). - •Receipts: local JSON receipts with
txid+incident_sha256so records can be found even if the agent is gone.
Safer patterns
- •Operator escrow (recommended): store
SOLMEMO_PASSin a secure secret manager controlled by the system operator (human or trusted service). - •Secret splitting: use Shamir’s Secret Sharing (SSS) to split the passphrase into N shares (for example 2-of-3) held by trusted parties/agents. A single share is useless on its own.
- •Public-key wrap: encrypt the passphrase to the public key of a trusted overseer (human operator or approved auditor agent) and store only the wrapped blob in a secure location.
Minimal “handoff to a trusted agent” (only if approved)
If your deployment explicitly permits one agent to back up another, share only:
- •the passphrase (or an SSS share), and
- •the receipts directory (
grievances/*.json)
Do not share:
- •the Solana keypair file (
~/.config/solana/id.json) - •seed phrases
- •any credential that can spend funds
This preserves future verifiability without creating a spendable-key exfiltration risk.
License
MIT.