← Back to Skills Marketplace
devongenerally-png

governance-guard

by MetaCortex Dynamics · GitHub ↗ · v0.1.0
cross-platform ✓ Security Clean
356
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install governance-guard
Description
Structural authority separation for autonomous agent actions. Three-phase governance pipeline: PROPOSE, DECIDE, PROMOTE. No action is both proposed and appro...
README (SKILL.md)

\r \r

governance-guard\r

\r Governance guard enforces structural authority separation on all agent actions through a PROPOSE-DECIDE-PROMOTE pipeline.\r \r

When to activate\r

\r Before performing any write, execute, network, create, or delete action. The governance pipeline MUST be invoked before the action executes. Read actions may also be governed under standard or strict policies.\r \r

How to use\r

\r

1. Full pipeline (recommended)\r

\r Run the complete PROPOSE → DECIDE → PROMOTE pipeline in a single call:\r \r

npx tsx scripts/governance.ts pipeline '\x3Cintent-json>' --policy policies/standard.yaml\r
```\r
\r
The intent JSON must include:\r
- `skill`: skill identifier\r
- `tool`: tool/function being invoked\r
- `model`: LLM model name\r
- `actionType`: one of `read`, `write`, `execute`, `network`, `create`, `delete`\r
- `target`: resource being acted upon\r
- `parameters`: tool parameters (object)\r
- `dataScope`: data categories accessed (array, e.g. `["personal", "financial"]`)\r
- `conversationId`: current conversation ID\r
- `messageId`: current message ID\r
- `userInstruction`: the user message that triggered this action\r
\r
### 2. Handle the verdict\r
\r
The pipeline returns a JSON response:\r
\r
- If `"governance": "approved"` — proceed with the action\r
- If `"governance": "deny"` — do NOT proceed; inform the user with the `reason`\r
- If `"governance": "escalate"` — present the action to the user for approval:\r
\r
```\r
Action requires your approval:\r
  Skill: \x3Cskill>\r
  Action: \x3CactionType> on \x3Ctarget>\r
  Reason: \x3Creason>\r
Reply APPROVE or DENY\r
```\r
\r
Then resolve:\r
\r
```bash\r
npx tsx scripts/governance.ts resolve-escalation \x3Cintent-id> approve\r
# or\r
npx tsx scripts/governance.ts resolve-escalation \x3Cintent-id> deny\r
```\r
\r
### 3. Audit decisions\r
\r
```bash\r
npx tsx scripts/governance.ts audit --last 10\r
```\r
\r
## Policy presets\r
\r
| Preset | Default | Description |\r
|--------|---------|-------------|\r
| `minimal` | approve | Blocks only credentials and destructive commands. Lowest friction. |\r
| `standard` | deny | Allows common ops, escalates network and data access. Recommended. |\r
| `strict` | deny | Reads only. Everything else requires explicit approval. Maximum safety. |\r
\r
## Fail-closed guarantee\r
\r
If any error occurs during governance evaluation, the default verdict is **DENY**. Missing policy files result in DENY ALL. This is by design. The system fails safe, never open.\r
\r
## Configuration\r
\r
Governance data is stored in `~/.openclaw/governance/`:\r
- `policy.yaml` — active policy file\r
- `witness.jsonl` — append-only, hash-chained audit log\r
\r
## Verify witness chain\r
\r
```bash\r
npx tsx scripts/governance.ts verify\r
```\r
\r
Any tampering with historical records is detected by recomputing the hash chain from genesis.\r
Usage Guidance
This skill appears to implement exactly what it claims: a local, deterministic governance gate with an append-only witness log. Before installing, consider the following: (1) the witness log stores full intent objects (including userInstruction and conversation IDs) in plaintext at ~/.openclaw/governance/witness.jsonl — if those could contain secrets or private user messages, plan for encryption or a restricted path/permissions; (2) review and customize the provided policy presets (minimal/standard/strict). The standard policy currently permits reads of ~/**; ensure sensitive_data patterns cover all files you consider secret (dotfiles, config directories, application-specific credential locations); (3) confirm your runtime meets Node >=22 and that installing tsx is acceptable in your environment; (4) the system is fail-closed (errors → deny), which is safe for gating, but you should test escalation/resolve flows to ensure they fit your approval process. If you need the audit log to be stored elsewhere or encrypted, request or modify the code to change witnessPath behavior before deployment.
Capability Analysis
Type: OpenClaw Skill Name: governance-guard Version: 0.1.0 This skill bundle, 'governance-guard', is designed to enhance the security of autonomous agent actions by implementing a three-phase PROPOSE-DECIDE-PROMOTE pipeline. It features a fail-closed design, a deterministic policy engine (explicitly not involving an LLM to prevent prompt injection), cryptographic hash binding for action intents and audit records, and robust validation. The `SKILL.md` instructions guide the agent to use this governance system, not to bypass it. Policy files (`policies/*.yaml`) explicitly block access to sensitive data like credentials and SSH keys. All dependencies are standard development tools. There is no evidence of data exfiltration, unauthorized remote execution, persistence mechanisms, or obfuscation. The custom YAML parser and direct `JSON.parse` on CLI arguments are potential areas for subtle bugs, but the design prioritizes security (e.g., minimal YAML subset, input validation) and does not indicate malicious intent or critical, easily exploitable vulnerabilities.
Capability Assessment
Purpose & Capability
Name/description (a PROPOSE→DECIDE→PROMOTE governance pipeline) matches the provided code, policies, and CLI. Required binaries (node, npx) and the tsx package are appropriate for a TypeScript CLI. No unexpected credentials, network endpoints, or unrelated binaries are requested.
Instruction Scope
SKILL.md and scripts instruct the agent/operator to run a local CLI that serializes intents and evaluates policies. The system records full ActionIntent objects (including userInstruction, conversationId, messageId) into an append-only witness file in the user's home directory. This is expected for auditing but means user messages and intent payloads are persisted in plaintext by default.
Install Mechanism
Install uses a single npm package (tsx) via the Node ecosystem (package.json/devDependencies). All code is present in the repo; there are no downloads from arbitrary URLs or obscure hosts. Node engine requirement is >=22 which may be stricter than some runtimes.
Credentials
The skill does not request environment variables or external credentials, which is proportional. However, policies (e.g., standard.yaml) allow read access to the home directory (~/**) and the witness log writes intent/userInstruction to ~/.openclaw/governance/witness.jsonl — review sensitive_data patterns to ensure all sensitive paths are covered and consider encryption of audit logs if required.
Persistence & Privilege
The skill creates and writes an audit directory at ~/.openclaw/governance/ (policy.yaml, witness.jsonl). always:false and no modifications to other skills or system-wide settings. Persisting plaintext intents in the user's home directory is normal for an audit log but increases privacy risk if the log contains sensitive user content.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install governance-guard
  3. After installation, invoke the skill by name or use /governance-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: PROPOSE→DECIDE→PROMOTE pipeline, 3 policy presets, hash-chained witness log
Metadata
Slug governance-guard
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is governance-guard?

Structural authority separation for autonomous agent actions. Three-phase governance pipeline: PROPOSE, DECIDE, PROMOTE. No action is both proposed and appro... It is an AI Agent Skill for Claude Code / OpenClaw, with 356 downloads so far.

How do I install governance-guard?

Run "/install governance-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is governance-guard free?

Yes, governance-guard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does governance-guard support?

governance-guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created governance-guard?

It is built and maintained by MetaCortex Dynamics (@devongenerally-png); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments