← Back to Skills Marketplace
davidcrowe

Gatewaystack Governance

by David Crowe · GitHub ↗ · v0.2.0
cross-platform ✓ Security Clean
757
Downloads
2
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install gatewaystack-governance
Description
Deny-by-default governance for every tool call — identity, scope, rate limiting, injection detection, audit logging, plus opt-in output DLP, escalation, and...
README (SKILL.md)

GatewayStack Governance

Deny-by-default governance for every tool call in OpenClaw.

Five core checks run automatically on every invocation:

  1. Identity — maps the agent to a policy role. Unknown agents are denied.
  2. Scope — deny-by-default tool allowlist. Unlisted tools are blocked.
  3. Rate limiting — per-user and per-session sliding window limits.
  4. Injection detection — 40+ patterns from Cisco, Snyk, and Kaspersky research.
  5. Audit logging — every decision recorded to append-only JSONL.

Three opt-in features extend governance further:

  1. Output DLP — scans tool output for PII using @gatewaystack/transformabl-core. Log or redact.
  2. Escalation — human-in-the-loop review for medium-severity detections and first-time tool use.
  3. Behavioral monitoring — detects anomalous tool usage patterns using @gatewaystack/limitabl-core.

Install

openclaw plugins install @gatewaystack/gatewaystack-governance

One command. Zero config. The core 5 checks are active on every tool call immediately.

The plugin hooks into before_tool_call at the process level — the agent can't bypass it, skip it, or talk its way around it.

Customize

To override the defaults, create a policy file:

cp ~/.openclaw/plugins/gatewaystack-governance/policy.example.json \
   ~/.openclaw/plugins/gatewaystack-governance/policy.json

Configure which tools are allowed, who can use them, rate limits, injection detection sensitivity, and the three optional features (DLP, escalation, behavioral monitoring — all disabled by default).

Optional GatewayStack packages

The opt-in features use GatewayStack packages via lazy import. Install only what you need:

npm install @gatewaystack/transformabl-core   # for output DLP
npm install @gatewaystack/limitabl-core       # for behavioral monitoring

The core 5 checks have zero external dependencies and work without these packages.

Links

  • GitHub — source, docs, getting started guide
  • npm — package registry
  • MIT licensed
Usage Guidance
This plugin appears to do what it claims, but take these precautions before installing: - Verify the package source and publisher on npm/GitHub (the SKILL.md and package.json point to a GitHub repo and an npm package). Confirm the maintainer identity and package integrity (checksums, npm publisher account). - Audit and protect the audit log and state files. The plugin records tool names and arguments (and optionally DLP matches) in audit.jsonl and other state files; these can contain secrets. Ensure the files are stored in a safe location with correct filesystem permissions (not world-readable) and consider enabling disk encryption or restricting access. - Review and customize policy.json before enabling wide privileges. The default policy is deny-by-default, but double-check allowedTools, roles, rate limits, and any escalation settings to match your environment. - Optional packages (@gatewaystack/transformabl-core, @gatewaystack/limitabl-core) are only required for DLP and behavioral features; install them only if you need those features and trust their source. - Run the plugin self-test (npm test or the CLI self-test) and inspect the code (already included) if you have concerns; if you operate in a high-security environment, trial in an isolated instance first. Overall: coherent and consistent with its stated purpose, but the audit/state data it creates is sensitive — protect those files and verify the package origin before deploying.
Capability Analysis
Type: OpenClaw Skill Name: gatewaystack-governance Version: 0.2.0 This OpenClaw skill bundle implements a comprehensive governance layer designed to protect against various security threats, including prompt injection, data exfiltration, and unauthorized tool usage. The `SKILL.md` and `README.md` clearly state its purpose is to enforce security policies. The JavaScript/TypeScript code (e.g., `scripts/governance/injection.js`, `scripts/governance/check.js`, `src/plugin.js`) consistently implements defensive mechanisms such as identity verification, tool allowlisting, rate limiting, and sophisticated injection detection (including obfuscation and multi-language patterns). File system operations are confined to policy loading, audit logging (`audit.jsonl`), and state management (`.rate-limit-state.json`, `.behavioral-baseline.json`, `.pending-reviews.json`), all for security enforcement. There is no evidence of intentional malicious behavior; all potentially risky capabilities are used for protective measures.
Capability Assessment
Purpose & Capability
Name/description (governance for tool calls) align with the included code and package.json: it implements identity, scope, rate limiting, injection detection, audit logging, optional DLP/behavioral features, and registers as an OpenClaw plugin. Required binary is only 'node', which is appropriate for a Node.js plugin.
Instruction Scope
SKILL.md and code are explicit about what they read/write: policy.json, audit.jsonl, baseline and state files (.agent-tool-usage.json, .pending-reviews.json, .behavioral-baseline.json). The plugin logs full context of tool calls (including arguments) to an append-only JSONL file — this is expected for audit but may capture sensitive data. Instructions do not appear to read unrelated system credentials or network endpoints; they focus on plugin policy, audit, and optional GatewayStack packages.
Install Mechanism
No remote-download install spec inside the skill bundle; SKILL.md instructs installation via 'openclaw plugins install @gatewaystack/gatewaystack-governance' / npm. package.json is present and lists peer dependencies (optional) from the same namespace. There are no obscure URLs, shorteners, or arbitrary archive extracts in the provided files.
Credentials
The skill requests no environment variables or external credentials. Peer dependencies for optional features are reasonable. The main proportionality concern is that audit logs and state files store tool arguments and summaries (which can contain secrets) — the plugin design requires this for audit/behavioral features, so it is proportionate but worth protecting.
Persistence & Privilege
The skill is not marked 'always:true' and uses the normal plugin extension points (openclaw.extensions → src/plugin.js). It registers hooks to intercept tool calls which is documented and expected for a governance plugin. It does create local state and log files in the plugin/session area, which is normal for this functionality.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gatewaystack-governance
  3. After installation, invoke the skill by name or use /gatewaystack-governance
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
Add output DLP, escalation, and behavioral monitoring (v0.2.0)
v0.1.1
- Initial release of gatewaystack-governance for OpenClaw. - Implements deny-by-default governance on every tool call, with five automatic checks: identity, scope, rate limiting, injection detection, and audit logging. - Hooks into OpenClaw at the process level to prevent bypass. - Zero-configuration activation; customizable via a policy file. - Comprehensive audit logging records every decision.
Metadata
Slug gatewaystack-governance
Version 0.2.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Gatewaystack Governance?

Deny-by-default governance for every tool call — identity, scope, rate limiting, injection detection, audit logging, plus opt-in output DLP, escalation, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 757 downloads so far.

How do I install Gatewaystack Governance?

Run "/install gatewaystack-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gatewaystack Governance free?

Yes, Gatewaystack Governance is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Gatewaystack Governance support?

Gatewaystack Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gatewaystack Governance?

It is built and maintained by David Crowe (@davidcrowe); the current version is v0.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments