← Back to Skills Marketplace
Navil Policy
by
ivanpantheon
· GitHub ↗
· v1.0.2
· MIT-0
121
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install navil-policy
Description
Reduce MCP token costs by up to 94% and enforce least-privilege tool access. Creates YAML policies that control which MCP tools each agent can see and call....
Usage Guidance
This skill is internally consistent with its purpose — it tells you to install and run a policy proxy that filters MCP tool lists. Before installing: (1) review the navil GitHub repo and confirm package names/versions match what the SKILL.md references; (2) test navil and navil-shield in a non-production environment because the proxy will be on-path and can observe tool lists and usage; (3) inspect any auto-generated policy.yaml before accepting rules and keep manual rules in a backed-up file; (4) prefer installing in a sandbox/container or virtualenv rather than globally (the SKILL.md suggests pip which can modify system packages); and (5) verify community templates and the package checksum/signature if you need strong assurance. If you are uncomfortable with an on-path proxy inspecting agent traffic, do not deploy this in production without an architecture review.
Capability Analysis
Type: OpenClaw Skill
Name: navil-policy
Version: 1.0.2
The navil-policy skill is a legitimate tool designed to optimize Model Context Protocol (MCP) token usage by filtering tool schemas. It installs the 'navil' Python package and provides instructions for the agent to manage YAML-based access policies in ~/.navil/. The code and instructions in SKILL.md and skill.json are consistent with the stated purpose of cost reduction and least-privilege security, with no evidence of data exfiltration, obfuscation, or malicious intent.
Capability Assessment
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md explains installing and using the 'navil' policy engine to filter MCP tool lists and reduce token cost. The only required binary is pip, which is needed to install the navil package the docs reference — this is proportionate to the described functionality.
Instruction Scope
Instructions stay on-topic: they tell the agent to install 'navil', generate or write policy YAML under ~/.navil, run policy checks, view logs, and enable navil-shield (a proxy shim). However, the auto-generate feature and the proxy operate on agent↔MCP traffic (observing calls/tool usage), which means the installed proxy will be on-path and able to inspect tool lists and usage. This is expected for the stated purpose but is a privacy/privilege consideration the user should accept explicitly.
Install Mechanism
There are no bundled binaries or remote downloads in the skill itself; the SKILL.md recommends using pip to install 'navil'. Using pip is reasonable and expected. Note: pip installs arbitrary Python packages (the SKILL.md even suggests a fallback that may alter system packages), so users should verify the package source/version before running installs.
Credentials
The skill declares no required environment variables or credentials and the instructions do not ask for unrelated secrets. The configuration is limited to policy files under the user's home (~/.navil).
Persistence & Privilege
always:false and agent autonomy settings are normal. The operational model requires deploying a proxy (navil-shield) that sits in the request path and caches/filters responses; that gives the installed software network-level visibility into MCP traffic. This is coherent with the goal but increases operational privilege and attack surface, so apply standard deployment precautions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install navil-policy - After installation, invoke the skill by name or use
/navil-policy - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Fix: version sync
v1.0.1
Fix: license is Apache-2.0 (not MIT)
v1.0.0
Initial release — token cost optimization via tool scoping
Metadata
Frequently Asked Questions
What is Navil Policy?
Reduce MCP token costs by up to 94% and enforce least-privilege tool access. Creates YAML policies that control which MCP tools each agent can see and call.... It is an AI Agent Skill for Claude Code / OpenClaw, with 121 downloads so far.
How do I install Navil Policy?
Run "/install navil-policy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Navil Policy free?
Yes, Navil Policy is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Navil Policy support?
Navil Policy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Navil Policy?
It is built and maintained by ivanpantheon (@ivanpantheon); the current version is v1.0.2.
More Skills