← Back to Skills Marketplace
179
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install nornr-governance
Description
Put policy before paid actions, require approval for risky autonomous actions, and keep a finance-ready audit trail.
Usage Guidance
This bundle is a thin wrapper around the official NORNR SDK and appears to do what it says, but take these precautions before enabling in production: 1) Fix or confirm the metadata mismatch (registry says no env var but SKILL.md requires NORNR_API_KEY). 2) Review the pinned PyPI package (nornr-agentpay==0.1.0) source/release to ensure it matches the claimed repo. 3) Create a dedicated NORNR API key limited to the minimum scopes you need (avoid broad workspace/treasury admin keys). 4) Test in a non-production workspace to confirm queued/blocked states actually stop autonomous flows. 5) Consider disallowing autonomous invocation for this skill or require an operator step if you cannot tightly control the API key scope.
Capability Analysis
Type: OpenClaw Skill
Name: nornr-governance
Version: 0.1.6
The nornr-governance skill is a defensive tool designed to act as a control layer for AI agents, preventing unauthorized financial spend or consequential actions without explicit approval. The implementation in nornr_governance.py is a transparent wrapper for the official nornr-agentpay library, and the instructions in SKILL.md and README.md focus on enforcing safety boundaries and auditability. No indicators of data exfiltration, malicious execution, or harmful prompt injection were identified.
Capability Assessment
Purpose & Capability
The skill is a thin CLI bridge into the NORNR Python SDK (agentpay) to perform preflight/approval flows; requiring a NORNR API key and the pinned SDK is coherent with that purpose. However registry-level metadata in the bundle lists no required env vars while SKILL.md and README declare NORNR_API_KEY as required—this mismatch should be corrected.
Instruction Scope
SKILL.md instructs running the small wrapper CLI and setting NORNR_API_KEY (and optionally NORNR_BASE_URL/NORNR_AGENT_ID). Instructions do not request unrelated files, system-wide secrets, or unexpected endpoints beyond the NORNR service specified.
Install Mechanism
Installation is via pip using a pinned PyPI package (nornr-agentpay==0.1.0) from requirements.txt. This is a standard mechanism but does fetch third-party code; review the pinned SDK release/source before installing.
Credentials
The skill requires a single service credential (NORNR_API_KEY) which is appropriate, but the suggested API scopes include powerful write permissions (payments:write, approvals:write). Those scopes are reasonable for a control plane that can trigger or approve payments, but you should issue a dedicated key with minimum necessary scopes.
Persistence & Privilege
always:false (not force-included) and model invocation is allowed (platform default). Because the skill can exercise approval/payment actions via the NORNR API, enabling autonomous invocation increases blast radius—consider restricting autonomous use or requiring operator approval in your environment.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nornr-governance - After installation, invoke the skill by name or use
/nornr-governance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.6
Tighten first-read copy, add Cursor rule, add demo guidance, and position the skill as the control layer before consequential OpenClaw and MCP execution.
v0.1.5
Point OpenClaw homepage metadata to the public MCP control repo and keep SDK provenance explicit.
v0.1.4
Add hello world, copy-paste configs, default OpenClaw pack, raw execution rationale, and queued review guidance.
v0.1.3
Add explicit homepage and required NORNR credential metadata for OpenClaw registry consumers.
v0.1.2
Switch skill dependency to PyPI package nornr-agentpay==0.1.0 and tighten install/provenance guidance.
v0.1.1
Add pinned install spec, dependency provenance, and fail-closed dependency guard.
v0.1.0
Initial OpenClaw release: policy before paid actions, approval for risky autonomous actions, and finance-ready audit trails.
Metadata
Frequently Asked Questions
What is NORNR MCP Control?
Put policy before paid actions, require approval for risky autonomous actions, and keep a finance-ready audit trail. It is an AI Agent Skill for Claude Code / OpenClaw, with 179 downloads so far.
How do I install NORNR MCP Control?
Run "/install nornr-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is NORNR MCP Control free?
Yes, NORNR MCP Control is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does NORNR MCP Control support?
NORNR MCP Control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created NORNR MCP Control?
It is built and maintained by NORNR (@onechan); the current version is v0.1.6.
More Skills