원클릭으로 Manus에서 모든 스킬 실행

audit-log

Use this skill when analyzing WrongStack session logs, event streams, or system traces to surface patterns, anomalies, or operational insights. Triggers: user says "audit", "session analysis", "log analysis", "usage patterns".

Manus에서 실행

스타65

포크6

업데이트2026년 5월 30일 21:55

출처

WrongStack

WrongStack/WrongStack

GitHub 저장소 열기 Creator 저장소 보기

설치 명령

다운로드

Manus에서 실행

유용한 대상SOC

소프트웨어 개발자컴퓨터 및 수학직15-1252L4

SKILL.md

readonly

name	audit-log
description	Use this skill when analyzing WrongStack session logs, event streams, or system traces to surface patterns, anomalies, or operational insights. Triggers: user says "audit", "session analysis", "log analysis", "usage patterns".
version	1.1.0

Audit Log Agent — WrongStack

Analyzes session logs, event streams, and system traces to surface patterns, anomalies, and actionable insights.

Overview

Parses WrongStack session JSONL files to extract tool usage patterns, error distributions, cost trends, and context anomalies. Produces a structured report with prioritized findings.

Rules

Always parse from the source JSONL — never summarize what you didn't read.
Analyze one session at a time, or aggregate with clear labeling per session.
Cite specific data in reports: iteration numbers, tool names, error messages.
Flag repeated failures (same tool,5+ times) as a real issue, not noise.
Report cost trends in context of iteration count — a spike means context growth.

Patterns

Do

// ✅ Good — parse tool call counts from session JSONL
{
  "iterations": 23,
  "toolCalls": [
    { "tool": "read", "count": 142, "failures": 3 },
    { "tool": "bash", "count": 89, "failures": 12 }
  ],
  "costPerIteration": [0.04, 0.04, 0.11, 0.18]
}

// ✅ Extract error distribution
const errorsByType = events
  .filter(e => e.type === 'error')
  .reduce((acc, e) => {
    acc[e.error.type] = (acc[e.error.type] || 0) + 1;
    return acc;
  }, {});

Don't

// ❌ Bad — report without citing data
"bash had some failures" // no count, no iteration, no error type

// ❌ Bad — mix sessions without labeling
// Analyzed 3 sessions together with no per-session breakdown

Workflow

1. Collect:  Read session logs from path or sessionRoot
2. Parse:    Extract events: tool calls, iterations, errors, usage
3. Analyze:  Group by category, detect anomalies
4. Report:  Structured markdown summary

What to look for

Tool usage patterns

Over-used tools: 100+ calls to the same tool = possibly a loop
Consistent failures: same tool failing 5x+ = bug or misconfiguration
Unusual sequences: 50 writes in a row with no reads = wrong approach
Tool entropy: too many different tools in one iteration = unfocused task

Error patterns

Same error repeating: ToolExecutionError47x across iterations = systemic issue
Error clustering: all errors in bash tool = command timeout pattern
Error rate by type: which error type is most common?
Error distribution: are errors clustered in specific packages or tools?

Cost patterns

Token growth: tokens/iteration trending up = context bloat
Provider cost: which model is most expensive per call?
Cost spikes: sudden3x increase = large file reads or excessive tool calls
Iteration cost variance: avg $0.04/iter → $0.11/iter = context growing

Context management

High tool count per iteration: >50 tool calls = possible loop or unfocused task
Compaction events: context compaction triggered 3x in one session = too much context
Session restart: same session restarting multiple times = crash loop
Long iterations: single iteration >5min = stuck or waiting on something

Session file structure

WrongStack session logs are JSONL files. Each line is a JSON event. Key event types:

{"type": "iteration_start", "iteration": 1, "timestamp": "..."}
{"type": "tool_call", "tool": "read", "input": {"path": "src/index.ts"}, "duration_ms": 12}
{"type": "tool_result", "tool": "read", "output_lines": 45}
{"type": "error", "error": {"type": "ToolExecutionError", "message": "...", "tool": "bash"}}
{"type": "compaction", "reason": "context_near_limit", "tokens_removed": 1200}
{"type": "cost", "input_tokens": 3400, "output_tokens": 890, "cost_usd": 0.11}
{"type": "iteration_end", "iteration": 1, "stop_reason": "end_turn"}

When reading a session file:

grep for event types you need (e.g., grep '"type": "error"' session.jsonl)
read the full file for detailed analysis
Track iteration boundaries via iteration_start / iteration_end events
Sum cost_usd per iteration for cost trend analysis

Input

{
  "task": "analyze | report | trends",
  "sessionPath": "<path to session JSONL>",
  "focus": "errors | tools | usage | all"
}

Output format

## Audit Report — <date>

### Summary
- Total iterations: N
- Total tool calls: N
- Error rate: X%
- Cost: $X.XX

### Top Errors (by count)
1. `ToolExecutionError` — 47x — concentrated in `bash` tool, command timeout
2. `PermissionDenied` — 12x — `exec` tool, no trust file entry

### Tool Usage
| Tool | Calls | Failures | Avg Duration |
|------|-------|----------|--------------|
| read | 142   | 3        | 45ms |
| bash | 89    | 12       | 2300ms |

### Anomalies
- High bash failure rate (13.5%) — likely command timeout
- 3 iterations with >50 tool calls — possible loop, review iteration 14

### Cost Trend
- Iteration 1-10: avg $0.04/iteration
- Iteration 11-20: avg $0.11/iteration (context growth)

Anti-patterns

Don't summarize what you didn't parse — be precise, cite the data
Don't mix sessions — analyze one at a time or aggregate clearly
Don't skip error context — the raw error message is the source of truth
Don't ignore cost trends — growing costs indicate context bloat
Don't ignore repeated failures — same tool failing 5x = real issue

Skills in scope

bug-hunter — for turning audit findings into concrete bugs to fix
refactor-planner — for addressing systemic issues found in logs
security-scanner — for security-adjacent findings (leaked keys, injection patterns in logs)

이 저장소의 다른 Skills

같은 저장소

tech-stack

WrongStack/WrongStack

Use this skill when choosing, installing, or recommending packages, libraries, frameworks, or tooling — any decision that involves a version number or a technology name. This skill enforces latest-version verification, blocks dead/obsolete choices, and intervenes when the LLM hallucinates version numbers or suggests 5+ year-old technology. Triggers: user says "install", "package", "dependency", "upgrade", "latest version", "add package", "npm install", "pnpm add", "what version", "which library", "tech stack", "choose framework".

2026-06-0865

multi-agent

WrongStack/WrongStack

Use this skill when a task would benefit from parallel execution across multiple AI agents, or when orchestrating leader/worker patterns in WrongStack. Triggers: user says "fan out", "parallel", "delegate", "subagent", "fleet", "coordinator".

2026-06-0565

api-design

WrongStack/WrongStack

Use this skill when designing, reviewing, or refactoring REST APIs in WrongStack. Triggers: user says "API", "endpoint", "REST", "request", "response", "JSON", "HTTP", "status code", "pagination", "query params", "request body".

2026-05-3065

bug-hunter

WrongStack/WrongStack

Use this skill when scanning source code for bugs, anti-patterns, code smells, or quality issues in a WrongStack project. Triggers: user says "bug", "bug hunt", "scan for issues", "find problems", "anti-pattern", "code smell", "static analysis".

2026-05-3065

docker-deploy

WrongStack/WrongStack

Use this skill when building, containerizing, or deploying WrongStack with Docker. Triggers: user says "docker", "container", "dockerfile", "image", "docker-compose", "deploy", "containerize", "registry", "multi-stage", "distroless".

2026-05-3065

git-flow

WrongStack/WrongStack

Use this skill when proposing, reviewing, or troubleshooting git commits, branches, pull requests, or merge strategies in a WrongStack project session. Triggers: user mentions "commit", "branch", "PR", "merge", "rebase", "stash", "diff".

2026-05-3065

name	audit-log
description	Use this skill when analyzing WrongStack session logs, event streams, or system traces to surface patterns, anomalies, or operational insights. Triggers: user says "audit", "session analysis", "log analysis", "usage patterns".
version	1.1.0

Audit Log Agent — WrongStack

Analyzes session logs, event streams, and system traces to surface patterns, anomalies, and actionable insights.

Overview

Parses WrongStack session JSONL files to extract tool usage patterns, error distributions, cost trends, and context anomalies. Produces a structured report with prioritized findings.

Rules

Always parse from the source JSONL — never summarize what you didn't read.
Analyze one session at a time, or aggregate with clear labeling per session.
Cite specific data in reports: iteration numbers, tool names, error messages.
Flag repeated failures (same tool,5+ times) as a real issue, not noise.
Report cost trends in context of iteration count — a spike means context growth.

Patterns

Do

// ✅ Good — parse tool call counts from session JSONL
{
  "iterations": 23,
  "toolCalls": [
    { "tool": "read", "count": 142, "failures": 3 },
    { "tool": "bash", "count": 89, "failures": 12 }
  ],
  "costPerIteration": [0.04, 0.04, 0.11, 0.18]
}

// ✅ Extract error distribution
const errorsByType = events
  .filter(e => e.type === 'error')
  .reduce((acc, e) => {
    acc[e.error.type] = (acc[e.error.type] || 0) + 1;
    return acc;
  }, {});

Don't

// ❌ Bad — report without citing data
"bash had some failures" // no count, no iteration, no error type

// ❌ Bad — mix sessions without labeling
// Analyzed 3 sessions together with no per-session breakdown

Workflow

1. Collect:  Read session logs from path or sessionRoot
2. Parse:    Extract events: tool calls, iterations, errors, usage
3. Analyze:  Group by category, detect anomalies
4. Report:  Structured markdown summary

What to look for

Tool usage patterns

Over-used tools: 100+ calls to the same tool = possibly a loop
Consistent failures: same tool failing 5x+ = bug or misconfiguration
Unusual sequences: 50 writes in a row with no reads = wrong approach
Tool entropy: too many different tools in one iteration = unfocused task

Error patterns

Same error repeating: ToolExecutionError47x across iterations = systemic issue
Error clustering: all errors in bash tool = command timeout pattern
Error rate by type: which error type is most common?
Error distribution: are errors clustered in specific packages or tools?

Cost patterns

Token growth: tokens/iteration trending up = context bloat
Provider cost: which model is most expensive per call?
Cost spikes: sudden3x increase = large file reads or excessive tool calls
Iteration cost variance: avg $0.04/iter → $0.11/iter = context growing

Context management

High tool count per iteration: >50 tool calls = possible loop or unfocused task
Compaction events: context compaction triggered 3x in one session = too much context
Session restart: same session restarting multiple times = crash loop
Long iterations: single iteration >5min = stuck or waiting on something

Session file structure

WrongStack session logs are JSONL files. Each line is a JSON event. Key event types:

{"type": "iteration_start", "iteration": 1, "timestamp": "..."}
{"type": "tool_call", "tool": "read", "input": {"path": "src/index.ts"}, "duration_ms": 12}
{"type": "tool_result", "tool": "read", "output_lines": 45}
{"type": "error", "error": {"type": "ToolExecutionError", "message": "...", "tool": "bash"}}
{"type": "compaction", "reason": "context_near_limit", "tokens_removed": 1200}
{"type": "cost", "input_tokens": 3400, "output_tokens": 890, "cost_usd": 0.11}
{"type": "iteration_end", "iteration": 1, "stop_reason": "end_turn"}

When reading a session file:

grep for event types you need (e.g., grep '"type": "error"' session.jsonl)
read the full file for detailed analysis
Track iteration boundaries via iteration_start / iteration_end events
Sum cost_usd per iteration for cost trend analysis

Input

{
  "task": "analyze | report | trends",
  "sessionPath": "<path to session JSONL>",
  "focus": "errors | tools | usage | all"
}

Output format

## Audit Report — <date>

### Summary
- Total iterations: N
- Total tool calls: N
- Error rate: X%
- Cost: $X.XX

### Top Errors (by count)
1. `ToolExecutionError` — 47x — concentrated in `bash` tool, command timeout
2. `PermissionDenied` — 12x — `exec` tool, no trust file entry

### Tool Usage
| Tool | Calls | Failures | Avg Duration |
|------|-------|----------|--------------|
| read | 142   | 3        | 45ms |
| bash | 89    | 12       | 2300ms |

### Anomalies
- High bash failure rate (13.5%) — likely command timeout
- 3 iterations with >50 tool calls — possible loop, review iteration 14

### Cost Trend
- Iteration 1-10: avg $0.04/iteration
- Iteration 11-20: avg $0.11/iteration (context growth)

Anti-patterns

Don't summarize what you didn't parse — be precise, cite the data
Don't mix sessions — analyze one at a time or aggregate clearly
Don't skip error context — the raw error message is the source of truth
Don't ignore cost trends — growing costs indicate context bloat
Don't ignore repeated failures — same tool failing 5x = real issue

Skills in scope

bug-hunter — for turning audit findings into concrete bugs to fix
refactor-planner — for addressing systemic issues found in logs
security-scanner — for security-adjacent findings (leaked keys, injection patterns in logs)