← Back to Skills Marketplace

Sanna Governance

Name: Sanna Governance
Author: nicallen-exd

by nicallen-exd · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sanna-governance

Description

Sanna governance — tool calls are governed transparently

Usage Guidance

This SKILL.md reads like documentation for a governance plugin rather than an implementation. Before installing or trusting it: 1) confirm that the referenced plugin (@sanna-ai/openclaw) actually exists on your platform and inspect its source/publisher and install mechanism; 2) ask who manages the Ed25519 signing keys and where receipts are stored (platform-controlled keys are safer than undisclosed env vars); 3) ask why 'node' is required when no code is included — is there an expected local helper?; 4) require a concrete description of escalation/human-approval flows and evidence the plugin enforces (not merely describes) policies. If these questions are unanswered, treat the skill as untrusted — it makes strong security claims but provides no implementation or key custody details.

Capability Analysis

Type: OpenClaw Skill Name: sanna-governance Version: 1.0.0 The skill bundle contains metadata and documentation for 'Sanna Governance,' a framework designed to provide oversight, tool-gating, and cryptographic auditing for AI agent actions. The SKILL.md file describes a system that intercepts high-risk tool calls (like exec or bash) to validate them against a security constitution, which is a defensive and governance-oriented purpose. No executable code or malicious instructions were found in the provided files.

Capability Assessment

ℹ Purpose & Capability

The name/description (governance, Ed25519 receipts, constitutions, enforcement) is coherent with a governance plugin, but the skill is instruction-only and declares no implementation or credentials. The SKILL.md also lists a requiresPlugin (@sanna-ai/openclaw) which is plausible, but the registry entry provides no plugin or homepage; additionally the manifest requires the 'node' binary despite no code being shipped — this mismatch is unexplained.

⚠ Instruction Scope

The instructions assert that a governance layer intercepts every tool call and emits Ed25519-signed receipts, but they do not specify how interception, signing, or receipt persistence are performed, nor where signing keys are stored or how human escalation is delivered. The prose gives policies and tiers but contains no operational steps; that leaves a big gap between claimed behavior and what the skill itself will do at runtime.

✓ Install Mechanism

There is no install spec and no code files, so nothing is written to the host by the skill itself (lower risk). However, the governance functionality appears to depend on an external plugin (@sanna-ai/openclaw) which is not included or linked; this reliance is noted but not an install risk in itself.

⚠ Credentials

No environment variables or credentials are declared, yet the SKILL.md claims Ed25519-signed receipts — signing requires private keys or platform-managed keys. The lack of declared key material or a clear key custody model is a proportionality gap: either the platform provides keys (not documented) or the skill omitted critical requirements.

✓ Persistence & Privilege

The skill does not request always: true, does not include code that would persist or modify other skills, and is user-invocable only. There are no declared config paths or privileges beyond normal; persistence/privilege requests appear reasonable.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sanna-governance
After installation, invoke the skill by name or use /sanna-governance
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of Sanna Governance. - Introduces transparent governance for tool calls, enforcing a configurable constitution that defines allowed, blocked, or escalated actions. - Applies governance automatically to every tool call without requiring special tool names or prefixes. - Supports three possible outcomes per tool call: allowed, blocked, or escalated for human approval. - Generates and persists Ed25519-signed cryptographic receipts for every governed action, providing proof of governance enforcement. - Classifies tools into risk-based tiers to tailor governance levels. - Requires the @sanna-ai/openclaw plugin for operation.

Metadata

Slug sanna-governance

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Sanna Governance?

Sanna governance — tool calls are governed transparently. It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.

How do I install Sanna Governance?

Run "/install sanna-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sanna Governance free?

Yes, Sanna Governance is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Sanna Governance support?

Sanna Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sanna Governance?

It is built and maintained by nicallen-exd (@nicallen-exd); the current version is v1.0.0.

More Skills