← Back to Skills Marketplace
alshowse-tech

Asf V4

by alshowse-tech · GitHub ↗ · v1.5.2 · MIT-0
cross-platform ⚠ suspicious
97
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install anfsf-v1
Description
ASF V4.0 工业化增强模块 - 治理门禁 + 成本模型 + 安全优化。提供否决权执行、所有权证明、经济学评分、返工风险预测、安全在线优化等工业级能力。
README (SKILL.md)

ASF V4.0 - 工业化增强模块

版本: v0.9.0
OpenClaw 兼容性: >=2026.3.24

功能说明

ASF V4.0 为 OpenClaw 提供工业级治理和优化能力:

  • 否决权执行 - 硬/软否决规则验证变更
  • 所有权证明 - 可验证的 single-writer 证明
  • 经济学评分 - 基于成本的角色分配优化
  • 返工风险 - 预测性风险分析
  • 安全优化器 - 带回滚保护的在线优化

工具

工具 说明
veto-check 检查变更是否通过硬/软否决规则
ownership-proof 生成可验证的所有权证明
economics-score 计算角色分配经济学评分
interface-budget 计算跨角色依赖成本
rework-risk 预测任务返工风险
hot-contract 分析契约耦合度并建议角色数量
conflict-resolve 解决所有权冲突
safe-optimize 安全在线优化

命令

命令 说明
asf:status 检查 ASF V4.0 状态
asf:veto 运行否决检查
asf:proof 生成所有权证明
asf:score 计算经济学评分
asf:risk 预测返工风险
asf:hot-contracts 分析热契约

配置

编辑 config/asf-v4.config.yaml

veto:
  mode: default  # default | strict | custom
  
economics:
  scoreWeights:
    interfaceCost: -0.30
    bottleneck: -0.20
    skillMatch: 0.20
    parallelismGain: 0.15
    reworkRisk: -0.15

optimizer:
  enabled: true
  cooldownMs: 1800000  # 30 分钟
  failureThreshold: 2

依赖

  • Node.js >=20.0.0
  • OpenClaw >=2026.3.24

使用示例

# 检查状态
asf:status

# 运行否决检查
asf:veto --changes='[{"resourceType":"contract","resourcePath":"/orders","action":"update"}]'

# 生成所有权证明
asf:proof --resources='[{"type":"contract","path":"/orders#POST"}]' --roles='[{"id":"backend-team"}]'

架构影响

激活 ASF V4.0 后,ANFSF 架构获得以下增强:

  1. Layer 4 (Requirement Graph) - 增加变更追溯和热力图
  2. Layer 8.5 (Role Control Plane) - 增加 Interface Budget v2 和否决门禁
  3. Layer 9 (Agent OS) - 增加角色 KPI 仪表板
  4. Layer 13 (Semantic Consistency) - 增加契约语义化 diff
  5. Layer 16 (Runtime Intelligence) - 增加自动回滚和进化守卫

许可证

MIT License

Usage Guidance
What to check before installing or enabling: - Inspect the code before running: review integrations/* (memory-extension.ts, agent-status-extension.ts, security-audit-extension.ts) and scripts/security-audit.sh for any network calls, credential reads, or unexpected shell commands. - Don’t run publishing scripts with your real ClawHub credentials or CLAWHUB_TOKEN until you trust the package; the docs include curl examples that require a token. - The SKILL.md metadata says no install steps, but package.json and README show you must run npm install / npx ts-node / npm run build. Treat that as a signal to run builds/tests in an isolated environment (container or VM) first. - Pay attention to agent-memory and agent-status access: this skill is designed to write/read OpenClaw memory and extend agent state — if your agent stores sensitive data, audit the code paths that handle memory entries and logs. - Run the included security-audit.sh and the unit/bench tests locally in a sandbox to validate claims, and search the code for outbound network endpoints or hardcoded URLs before enabling in production. If you can't perform a code review yourself: run the skill in an isolated test agent with no access to production data and no network egress, confirm behavior, then decide whether to enable it more widely.
Capability Analysis
Type: OpenClaw Skill Name: anfsf-v1 Version: 1.5.2 The ASF V4.0 skill bundle is a comprehensive governance and optimization framework for OpenClaw agents, focusing on veto enforcement, ownership verification, and economic modeling. Analysis of the TypeScript source code and shell scripts reveals no evidence of data exfiltration, unauthorized remote execution, or malicious prompt injection. While the 'security-audit.sh' script utilizes 'eval' to execute its internal check logic, this is a standard pattern for local testing utilities and does not pose a runtime risk to the agent. The bundle is well-documented and its behavior aligns strictly with its stated purpose of industrial-grade agent governance.
Capability Assessment
Purpose & Capability
Name/description (governance, veto, ownership, economics) align with the code and the listed tools/integrations (memory, agent status, security audit). However SKILL.md metadata says no install steps but the package includes package.json, TypeScript code, benchmark and script files and documentation that instruct running npm/npx/ts-node and bash scripts — so the declared minimal runtime (empty install list) is inconsistent with what the repository actually contains and what the docs expect.
Instruction Scope
The runtime docs and other guides instruct executing local scripts (scripts/security-audit.sh), running npx ts-node benchmarks, editing ~/.openclaw/openclaw.json, and optionally using ClawHub publish APIs (curl with CLAWHUB_TOKEN). The skill's code also exposes functions that write to OpenClaw memory and extend agent status (openclaw.memory.write, extendAgentStatusWithKPI, addVetoCheck). Those capabilities are reasonable for a governance tool, but the instructions ask for filesystem and agent-state changes and running arbitrary local scripts without a declared install process — this gives the skill broad discretion over agent-local state and execution, so review of the actual code (especially scripts/security-audit.sh and integrations/*.ts) is recommended before use.
Install Mechanism
SKILL.md declares an empty install list while the repository contains package.json, TypeScript source, and docs that expect npm install / npx ts-node / npm run build. Lack of an explicit install spec (and no declared required binaries beyond Node >=20) is an inconsistency: users will likely need to run npm install or otherwise build the code to use it. That missing explicit install makes accidental execution of unreviewed code more likely.
Credentials
The skill declares no required environment variables or credentials, which matches most runtime behavior. However documentation includes examples that use CLAWHUB_TOKEN (for web/API publish examples) and asks users to run clawhub login — these are publishing/user-actions not runtime credentials, but they are present in repo docs without being declared. The skill's integrations allow writing to agent memory and agent status (sensitive local state) but do not request external secrets — this is proportionate for a governance/agent integration tool if you trust the code, but it still grants access to internal agent data and state.
Persistence & Privilege
always:false (good). The skill includes code to integrate with OpenClaw internals (Memory, Agent Status, Security Audit) and docs show modifying ~/.openclaw/openclaw.json to enable the skill; these are expected for a skill that extends the agent. Because the skill can read/write agent memory and register checks, installing it grants it non-trivial local privileges — this is not automatically malicious but should be considered before enabling in production.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install anfsf-v1
  3. After installation, invoke the skill by name or use /anfsf-v1
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.2
- Internal skill version updated to 1.5.2. - No file or documentation changes detected in this release.
v1.5.1
Version 1.5.1 of anfsf-v1 - No file changes detected in this release. - No updates made to documentation or functionality.
v1.5.0
ASF V4.0 brings major industrial-grade enhancements with governance, cost modeling, and security optimization features. - Adds veto enforcement, single-writer ownership proof, economic scoring, rework risk prediction, and safe online optimization capabilities. - Offers new tools and commands for change veto checks, ownership proofs, economic score calculations, rework risk forecasting, contract analysis, conflict resolution, and optimization. - Introduces detailed configuration options for veto rules, scoring weights, and optimizer behavior. - Enhances multiple architecture layers with traceability, interface budgeting, KPI dashboards, semantic diff, and runtime intelligence. - Requires Node.js >=20.0.0 and OpenClaw >=2026.3.24.
Metadata
Slug anfsf-v1
Version 1.5.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Asf V4?

ASF V4.0 工业化增强模块 - 治理门禁 + 成本模型 + 安全优化。提供否决权执行、所有权证明、经济学评分、返工风险预测、安全在线优化等工业级能力。 It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.

How do I install Asf V4?

Run "/install anfsf-v1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Asf V4 free?

Yes, Asf V4 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Asf V4 support?

Asf V4 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Asf V4?

It is built and maintained by alshowse-tech (@alshowse-tech); the current version is v1.5.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments